openapi: 3.0.1
info:
title: Identity Security Cloud V3 API
description: 'Use these APIs to interact with the Identity Security Cloud platform to achieve repeatable, automated processes with greater scalability. We encourage you to join the SailPoint Developer Community forum at https://developer.sailpoint.com/discuss to connect with other developers using our APIs.'
termsOfService: 'https://developer.sailpoint.com/discuss/tos'
contact:
name: Developer Relations
url: 'https://developer.sailpoint.com/discuss/api-help'
license:
name: MIT
url: 'https://opensource.org/licenses/MIT'
version: 3.0.0
servers:
- url: 'https://{tenant}.api.identitynow.com/v3'
description: This is the production API server.
variables:
tenant:
default: sailpoint
description: 'This is the name of your tenant, typically your company''s name.'
- url: 'https://{apiUrl}/v3'
description: This is the V3 API server.
variables:
apiUrl:
default: sailpoint.api.identitynow.com
description: This is the api url of your tenant
tags:
- name: Access Profiles
description: |
Use this API to implement and customize access profile functionality.
With this functionality in place, administrators can create access profiles and configure them for use throughout Identity Security Cloud, enabling users to get the access they need quickly and securely.
Access profiles group entitlements, which represent access rights on sources.
For example, an Active Directory source in Identity Security Cloud can have multiple entitlements: the first, 'Employees,' may represent the access all employees have at the organization, and a second, 'Developers,' may represent the access all developers have at the organization.
An administrator can then create a broader set of access in the form of an access profile, 'AD Developers' grouping the 'Employees' entitlement with the 'Developers' entitlement.
When users only need Active Directory employee access, they can request access to the 'Employees' entitlement.
When users need both Active Directory employee and developer access, they can request access to the 'AD Developers' access profile.
Access profiles are the most important units of access in Identity Security Cloud. Identity Security Cloud uses access profiles in many features, including the following:
- Provisioning: When you use the Provisioning Service, lifecycle states and roles both grant access to users in the form of access profiles.
- Certifications: You can approve or revoke access profiles in certification campaigns, just like entitlements.
- Access Requests: You can assign access profiles to applications, and when a user requests access to the app associated with an access profile and someone approves the request, access is granted to both the application and its associated access profile.
- Roles: You can group one or more access profiles into a role to quickly assign access items based on an identity's role.
In Identity Security Cloud, administrators can use the Access drop-down menu and select Access Profiles to view, configure, and delete existing access profiles, as well as create new ones.
Administrators can enable and disable an access profile, and they can also make the following configurations:
- Manage Entitlements: Manage the profile's access by adding and removing entitlements.
- Access Requests: Configure access profiles to be requestable and establish an approval process for any requests that the access profile be granted or revoked.
Do not configure an access profile to be requestable without first establishing a secure access request approval process for the access profile.
- Multiple Account Options: Define the logic Identity Security Cloud uses to provision access to an identity with multiple accounts on the source.
Refer to [Managing Access Profiles](https://documentation.sailpoint.com/saas/help/access/access-profiles.html) for more information about access profiles.
- name: Access Requests
description: |
Use this API to implement and customize access request functionality.
With this functionality in place, users can request access to applications, entitlements, or roles, and managers can request that team members' access be revoked.
This allows users to get access to the tools they need quickly and securely, and it allows managers to take away access to those tools.
Identity Security Cloud's Access Request service allows end users to request access that requires approval before it can be granted to users and enables qualified users to review those requests and approve or deny them.
In the Request Center in Identity Security Cloud, users can view available applications, roles, and entitlements and request access to them.
If the requested tools requires approval, the requests appear as 'Pending' under the My Requests tab until the required approver approves, rejects, or cancels them.
Users can use My Requests to track and/or cancel the requests.
In My Team on the Identity Security Cloud Home, managers can submit requests to revoke their team members' access.
They can use the My Requests tab under Request Center to track and/or cancel the requests.
Refer to [Requesting Access](https://documentation.sailpoint.com/saas/user-help/requests/requesting_access.html) for more information about access requests.
- name: Access Request Approvals
description: |
Use this API to implement and customize access request approval functionality.
With this functionality in place, administrators can delegate qualified users to review users' requests for access or managers' requests to revoke team members' access to applications, entitlements, or roles.
This enables more qualified users to review access requests and the others to spend their time on other tasks.
In Identity Security Cloud, users can request access to applications, entitlements, and roles, and managers can request that team members' access be revoked.
For applications and entitlements, administrators can set access profiles to require approval from the access profile owner, the application owner, the source owner, the requesting user's manager, or a governance group for access to be granted or revoked.
For roles, administrators can also set roles to allow access requests and require approval from the role owner, the requesting user's manager, or a governance group for access to be granted or revoked.
If the administrator designates a governance group as the required approver, any governance group member can approve the requests.
When a user submits an access request, Identity Security Cloud sends the first required approver in the queue an email notification, based on the access request configuration's approval and reminder escalation configuration.
In Approvals in Identity Security Cloud, required approvers can view pending access requests under the Requested tab and approve or deny them, or the approvers can reassign the requests to different reviewers for approval.
If the required approver approves the request and is the only reviewer required, Identity Security Cloud grants or revokes access, based on the request.
If multiple reviewers are required, Identity Security Cloud sends the request to the next reviewer in the queue, based on the access request configuration's approval reminder and escalation configuration.
The required approver can then view any completed access requests under the Reviewed tab.
Refer to [Access Requests](https://documentation.sailpoint.com/saas/help/requests/index.html) for more information about access request approvals.
- name: Accounts
description: |
Use this API to implement and customize account functionality.
With this functionality in place, administrators can manage users' access across sources in Identity Security Cloud.
In Identity Security Cloud, an account refers to a user's account on a supported source.
This typically includes a unique identifier for the user, a unique password, a set of permissions associated with the source and a set of attributes. Identity Security Cloud loads accounts through the creation of sources in Identity Security Cloud.
Administrators can correlate users' identities with the users' accounts on the different sources they use.
This allows Identity Security Cloud to govern the access of identities and all their correlated accounts securely and cohesively.
To view the accounts on a source and their correlated identities, administrators can use the Connections drop-down menu, select Sources, select the relevant source, and select its Account tab.
To view and edit source account statuses for an identity in Identity Security Cloud, administrators can use the Identities drop-down menu, select Identity List, select the relevant identity, and select its Accounts tab.
Administrators can toggle an account's Actions to aggregate the account, enable/disable it, unlock it, or remove it from the identity.
Accounts can have the following statuses:
- Enabled: The account is enabled. The user can access it.
- Disabled: The account is disabled, and the user cannot access it, but the identity is not disabled in Identity Security Cloud. This can occur when an administrator disables the account or when the user's lifecycle state changes.
- Locked: The account is locked. This may occur when someone has entered an incorrect password for the account too many times.
- Pending: The account is currently updating. This status typically lasts seconds.
Administrators can select the source account to view its attributes, entitlements, and the last time the account's password was changed.
Refer to [Managing User Accounts](https://documentation.sailpoint.com/saas/help/common/users/user_access.html#managing-user-accounts) for more information about accounts.
- name: Account Activities
description: |
Use this API to implement account activity tracking functionality.
With this functionality in place, users can track source account activity in Identity Security Cloud, which greatly improves traceability in the system.
An account activity refers to a log of each action performed on a source account. This is useful for auditing the changes performed on an account throughout its life.
In Identity Security Cloud's Search, users can search for account activities and select the activity's row to get an overview of the activity's account action and view its progress, its involved sources, and its most basic metadata, such as the identity requesting the option and the recipient.
Account activity includes most actions Identity Security Cloud completes on source accounts. Users can search in Identity Security Cloud for the following account action types:
- Access Request: These include any access requests the source account is involved in.
- Account Attribute Updates: These include updates to a single attribute on an account on a source.
- Account State Update: These include locking or unlocking actions on an account on a source.
- Certification: These include actions removing an entitlement from an account on a source as a result of the entitlement's revocation during a certification.
- Cloud Automated `Lifecyclestate`: These include automated lifecycle state changes that result in a source account's correlated identity being assigned to a different lifecycle state.
Identity Security Cloud replaces the `Lifecyclestate` variable with the name of the lifecycle state it has moved the account's identity to.
- Identity Attribute Update: These include updates to a source account's correlated identity attributes as the result of a provisioning action.
When you update an identity attribute that also updates an identity's lifecycle state, the cloud automated `Lifecyclestate` event also displays.
Account Activity does not include attribute updates that occur as a result of aggregation.
- Identity Refresh: These include correlated identity refreshes that occur for an account on a source whenever the account's correlated identity profile gets a new role or updates.
These also include refreshes that occur whenever Identity Security Cloud assigns an application to the account's correlated identity based on the application's being assigned to All Users From Source or Specific Users From Source.
- Lifecycle State Refresh: These include the actions that took place when a lifecycle state changed. This event only occurs after a cloud automated `Lifecyclestate` change or a lifecycle state change.
- Lifecycle State Change: These include the account activities that result from an identity's manual assignment to a null lifecycle state.
- Password Change: These include password changes on sources.
Refer to [Account Activity](https://documentation.sailpoint.com/saas/help/search/index.html#account-activity) for more information about account activities.
- name: Account Usages
description: |
Use this API to implement account usage insight functionality.
With this functionality in place, administrators can gather information and insights about how their tenants' source accounts are being used.
This allows organizations to get the information they need to start optimizing and securing source account usage.
- name: Auth Users
description: |
Use this API to implement user authentication system functionality.
With this functionality in place, users can get a user's authentication system details, including their capabilities, and modify those capabilities.
The user's capabilities refer to their access to different systems, or authorization, within the tenant, like access to certifications (CERT_ADMIN) or reports (REPORT_ADMIN).
These capabilities also determine a user's access to the different APIs.
This API provides users with a way to determine a user's access and make quick and easy changes to that access.
- name: Branding
description: |
Use this API to implement and customize branding functionality.
With this functionality in place, administrators can get and manage existing branding items, and they can also create new branding items and configure them for use throughout Identity Security Cloud.
The Branding APIs provide administrators with a way to customize branding items.
This customization includes details like their colors, logos, and other information.
- name: Certifications
description: |
Use this API to implement certification functionality.
With this functionality in place, administrators and designated certification reviewers can review users' access certifications and decide whether to approve access, revoke it, or reassign the review to another reviewer.
Implementing certifications improves organizations' data security by reducing inappropriate access through a distributed review process and helping them satisfy audit and regulatory requirements.
A certification refers to Identity Security Cloud's mechanism for reviewing a user's access to entitlements (sets of permissions) and approving or removing that access.
These serve as a way of showing that a user's access has been reviewed and approved.
Multiple certifications by different reviewers are often required to approve a user's access.
A set of multiple certifications is called a certification campaign.
For example, an organization may use a Manager Certification as a way of showing that a user's access has been reviewed and approved by their manager, or if the certification is part of a campaign, that the user's access has been reviewed and approved by multiple managers.
Once this certification has been completed, Identity Security Cloud would provision all the access the user needs, nothing more.
Organization administrators or certification administrators can designate other Identity Security Cloud users as certification reviewers.
Those reviewers can select the 'Certifications' tab to view any of the certifications they either need to review or have already reviewed under the 'Active' and 'Completed' tabs, respectively.
When a certification campaign is in progress, certification reviewers will see certifications listed under 'Active,' where they can review the involved identities.
Under the 'Decision' column on the right, next to each access item, reviewers can select the checkmark to approve access, select the 'X' to revoke access, or they can toggle the 'More Options' menu to reassign the certification to another reviewer and provide a reason for reassignment in the form of a comment.
Once a reviewer has made decisions on all the certification's involved access items, he or she must select 'Sign Off' to complete the review process.
Doing so converts the certification into read-only status, preventing any further changes to the review decisions and deleting the work item (task) from the reviewer's list of work items.
Once all the reviewers have signed off, the certification campaign either completes or, if any reviewers decided to revoke access for any of the involved identities, it moves into a remediation phase. In the remediation phase, identities' entitlements are altered to remove any entitlements marked for revocation.
In this situation, the certification campaign completes once all the remediation requests are completed.
Refer to [Certifications](https://documentation.sailpoint.com/saas/user-help/certifications.html) for more information about certifications.
- name: Certification Campaigns
description: |
Use this API to implement certification campaign functionality.
With this functionality in place, administrators can create, customize, and manage certification campaigns for their organizations' use.
Certification campaigns provide Identity Security Cloud users with an interactive review process they can use to identify and verify access to systems.
Campaigns help organizations reduce risk of inappropriate access and satisfy audit requirements.
A certification refers to Identity Security Cloud's mechanism for reviewing a user's access to entitlements (sets of permissions) and approving or removing that access.
These certifications serve as a way of showing that a user's access has been reviewed and approved.
Multiple certifications by different reviewers are often required to approve a user's access.
A set of multiple certifications is called a certification campaign.
For example, an organization may use a Manager Certification campaign as a way of showing that a user's access has been reviewed and approved by multiple managers.
Once this campaign has been completed, Identity Security Cloud would provision all the access the user needs, nothing more.
Identity Security Cloud provides two simple campaign types users can create without using search queries, Manager and Source Owner campaigns:
You can create these types of campaigns without using any search queries in Identity Security Cloud:
- ManagerCampaign: Identity Security Cloud provides this campaign type as a way to ensure that an identity's access is certified by their managers.
You only need to provide a name and description to create one.
- Source Owner Campaign: Identity Security Cloud provides this campaign type as a way to ensure that an identity's access to a source is certified by its source owners.
You only need to provide a name and description to create one.
You can specify the sources whose owners you want involved or just run it across all sources.
For more information about these campaign types, refer to [Starting a Manager or Source Owner Campaign](https://documentation.sailpoint.com/saas/help/certs/starting_campaign.html).
One useful way to create certification campaigns in Identity Security Cloud is to use a specific search and then run a campaign on the results returned by that search.
This allows you to be much more specific about whom you are certifying in your campaigns and what access you are certifying in your campaigns.
For example, you can search for all identities who are managed by "Amanda.Ross" and also have the access to the "Accounting" role and then run a certification campaign based on that search to ensure that the returned identities are appropriately certified.
You can use Identity Security Cloud search queries to create these types of campaigns:
- Identities: Use this campaign type to review and revoke access items for specific identities.
You can either build a search query and create a campaign certifying all identities returned by that query, or you can search for individual identities and add those identities to the certification campaign.
- Access Items: Use this campaign type to review and revoke a set of roles, access profiles, or entitlements from the identities that have them.
You can either build a search query and create a campaign certifying all access items returned by that query, or you can search for individual access items and add those items to the certification campaign.
- Role Composition: Use this campaign type to review a role's composition, including its title, description, and membership criteria.
You can either build a search query and create a campaign certifying all roles returned by that query, or you can search for individual roles and add those roles to the certification campaign.
- Uncorrelated Accounts: Use this campaign type to certify source accounts that aren't linked to an authoritative identity in Identity Security Cloud.
You can use this campaign type to view all the uncorrelated accounts for a source and certify them.
For more information about search-based campaigns, refer to [Starting a Campaign from Search](https://documentation.sailpoint.com/saas/help/certs/starting_search_campaign.html).
Once you have generated your campaign, it becomes available for preview.
An administrator can review the campaign and make changes, or if it's ready and accurate, activate it.
Once the campaign is active, organization administrators or certification administrators can designate other Identity Security Cloud users as certification reviewers.
Those reviewers can view any of the certifications they either need to review (active) or have already reviewed (completed).
When a certification campaign is in progress, certification reviewers see the listed active certifications whose involved identities they can review.
Reviewers can then make decisions to grant or revoke access, as well as reassign the ceritifcation to another reviewer. If the reviewer chooses this option, they must provide a reason for reassignment in the form of a comment.
Once a reviewer has made decisions on all the certification's involved access items, he or she must "Sign Off" to complete the review process.
Doing so converts the certification into read-only status, preventing any further changes to the review decisions and deleting the work item (task) from the reviewer's list of work items.
Once all the reviewers have signed off, the certification campaign either completes or, if any reviewers decided to revoke access for any of the involved identities, it moves into a remediation phase.
In the remediation phase, identities' entitlements are altered to remove any entitlements marked for revocation.
In this situation, the certification campaign completes once all the remediation requests are completed.
The end of a certification campaign is determined by its deadline, its completion status, or by an administrator's decision.
For more information about certifications and certification campaigns, refer to [Certifications](https://documentation.sailpoint.com/saas/user-help/certifications.html).
- name: Certification Campaign Filters
description: |
Use this API to implement the certification campaign filter functionality. These filters can be used to create a certification campaign that includes a subset of your entitlements or users to certify.
For example, if for a certification campaign an organization wants to certify only specific users or entitlements, then those can be included/excluded on the basis of campaign filters.
For more information about creating a campaign filter, refer to [Creating a Campaign Filter](https://documentation.sailpoint.com/saas/help/certs/campaign_filters.html#creating-a-campaign-filter)
You can create campaign filters using any of the following criteria types:
- Access Profile : This criteria type includes or excludes access profiles from a campaign.
- Account Attribute : This criteria type includes or excludes certification items that match a specified value in an account attribute.
- Entitlement : This criteria type includes or excludes entitlements from a campaign.
- Identity : This criteria type includes or excludes specific identities from your campaign.
- Identity Attribute : This criteria type includes or excludes identities based on whether they have an identity attribute that matches criteria you've chosen.
- Role : This criteria type includes or excludes roles, as opposed to identities.
- Source : This criteria type includes or excludes entitlements from a source you select.
For more information about these criteria types, refer to [Types of Campaign Filters](https://documentation.sailpoint.com/saas/help/certs/campaign_filters.html#types-of-campaign-filters)
Once the campaign filter is created, it can be linked while creating the campaign. The generated campaign will have the items to review as per the campaign filter.
For example, An inclusion campaign filter is created with a source of Source 1, an operation of Equals, and an entitlement of Entitlement 1. When this filter is selected, only users who have Entitlement 1 are included in the campaign, and only Entitlement 1 is shown in the certification.
- name: Certification Summaries
description: |
Use this API to implement certification summary functionality.
With this functionality in place, administrators and designated certification reviewers can review summaries of identity certification campaigns and draw conclusions about the campaigns' scope, security, and effectiveness.
Implementing certification summary functionality improves organizations' ability to review their [certifications](https://documentation.sailpoint.com/saas/user-help/certifications.html) and helps them satisfy audit and regulatory requirements by enabling them to trace access changes and the decisions made in their review processes.
A certification refers to Identity Security Cloud's mechanism for reviewing a user's access to entitlements (sets of permissions) and approving or removing that access.
These certifications serve as a way of showing that a user's access has been reviewed and approved.
Multiple certifications by different reviewers are often required to approve a user's access.
A set of multiple certifications is called a certification campaign.
For example, an organization may use a Manager Certification as a way of showing that a user's access has been reviewed and approved by their manager, or if the certification is part of a campaign, that the user's access has been reviewed and approved by multiple managers.
Once this certification has been completed, Identity Security Cloud would provision all the access the user needs, nothing more.
Certification summaries provide information about identity certification campaigns such as the identities involved, the number of decisions made, and the access changed.
For example, an administrator or designated certification reviewer can examine the Manager Certification campaign to get an overview of how many entitlement decisions are made in that campaign as opposed to role decisions, which identities would be affected by changes to the campaign, and how those identities' access would be affected.
- name: Configuration Hub
description: |
Upload configurations and manage object mappings between tenants.
- name: Connectors
description: |
Use this API to implement connector functionality.
With this functionality in place, administrators can view available connectors.
Connectors are the bridges Identity Security Cloud uses to communicate with and aggregate data from sources.
For example, if it is necessary to set up a connection between Identity Security Cloud and the Active Directory source, a connector can bridge the two and enable Identity Security Cloud to synchronize data between the systems.
This ensures account entitlements and states are correct throughout the organization.
In Identity Security Cloud, administrators can use the Connections drop-down menu and select Sources to view the available source connectors.
Refer to [Identity Security Cloud Connectors](https://documentation.sailpoint.com/connectors/identitynow/landingpages/help/landingpages/identitynow_connectivity_landing.html) for more information about the connectors available in Identity Security Cloud.
Refer to [SaaS Connectivity](https://developer.sailpoint.com/docs/connectivity/saas-connectivity/) for more information about the SaaS custom connectors that do not need VAs (virtual appliances) to communicate with their sources.
Refer to [Managing Sources](https://documentation.sailpoint.com/saas/help/sources/managing_sources.html) for more information about using connectors in Identity Security Cloud.
- name: Global Tenant Security Settings
description: |
Use this API to implement and customize global tenant security settings.
With this functionality in place, administrators can manage the global security settings that a tenant/org has.
This API can be used to configure the networks and Geographies allowed to access Identity Security Cloud URLs.
- name: Identity Profiles
description: |
Use this API to implement identity profile functionality.
With this functionality in place, administrators can view identity profiles and their configurations.
Identity profiles represent the configurations that can be applied to identities as a way of granting them a set of security and access, as well as defining the mappings between their identity attributes and their source attributes.
In Identity Security Cloud, administrators can use the Identities drop-down menu and select Identity Profiles to view the list of identity profiles.
This list shows some details about each identity profile, along with its status.
They can select an identity profile to view its settings, its mappings between identity attributes and correlating source account attributes, and its provisioning settings.
Refer to [Creating Identity Profiles](https://documentation.sailpoint.com/saas/help/setup/identity_profiles.html) for more information about identity profiles.
- name: Lifecycle States
description: |
Use this API to implement and customize lifecycle state functionality.
With this functionality in place, administrators can create and configure custom lifecycle states for use across their organizations, which is key to controlling which users have access, when they have access, and the access they have.
A lifecycle state describes a user's status in a company. For example, two lifecycle states come by default with Identity Security Cloud: 'Active' and 'Inactive.'
When an active employee takes an extended leave of absence from a company, his or her lifecycle state may change to 'Inactive,' for security purposes.
The inactive employee would lose access to all the applications, sources, and sensitive data during the leave of absence, but when the employee returns and becomes active again, all that access would be restored.
This saves administrators the time that would otherwise be spent provisioning the employee's access to each individual tool, reviewing the employee's certification history, etc.
Administrators can create a variety of custom lifecycle states. Refer to [Planning New Lifecycle States](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html#planning-new-lifecycle-states) for some custom lifecycle state ideas.
Administrators must define the criteria for being in each lifecycle state, and they must define how Identity Security Cloud manages users' access to apps and sources for each lifecycle state.
In Identity Security Cloud, administrators can manage lifecycle states by going to Admin > Identities > Identity Profile, selecting the identity profile whose lifecycle states they want to manage, selecting the 'Provisioning' tab, and using the left panel to either select the lifecycle state they want to modify or create a new lifecycle state.
In the 'Provisioning' tab, administrators can make the following access changes to an identity profile's lifecycle state:
- Enable/disable the lifecycle state for the identity profile.
- Enable/disable source accounts for the identity profile's lifecycle state.
- Add existing access profiles to grant to the identity profiles in that lifecycle state.
- Create a new access profile to grant to the identity profile in that lifecycle state.
Access profiles granted in a previous lifecycle state are automatically revoked when the identity moves to a new lifecycle state.
To maintain access across multiple lifecycle states, administrators must grant the access profiles in each lifecycle state.
For example, if an administrator wants users with the 'HR Employee' identity profile to maintain their building access in both the 'Active' and 'Leave of Absence' lifecycle states, the administrator must grant the access profile for that building access to both lifecycle states.
During scheduled refreshes, Identity Security Cloud evaluates lifecycle states to determine whether their assigned identities have the access defined in the lifecycle states' access profiles.
If the identities are missing access, Identity Security Cloud provisions that access.
Administrators can also use the 'Provisioning' tab to configure email notifications for Identity Security Cloud to send whenever an identity with that identity profile has a lifecycle state change.
Refer to [Configuring Lifecycle State Notifications](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html#configuring-lifecycle-state-notifications) for more information on how to do so.
An identity's lifecycle state can have four different statuses: the lifecycle state's status can be 'Active,' it can be 'Not Set,' it can be 'Not Valid,' or it 'Does Not Match Technical Name Case.'
Refer to [Moving Identities into Lifecycle States](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html#moving-identities-into-lifecycle-states) for more information about these different lifecycle state statuses.
Refer to [Setting Up Lifecycle States](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html) for more information about lifecycle states.
- name: Managed Clients
description: Read and create operations for client data and statuses
- name: Managed Clusters
description: 'Read and create pperations for client Clusters, including Log Configuration'
- name: Non-Employee Lifecycle Management
description: |
Use this API to implement non-employee lifecycle management functionality.
With this functionality in place, administrators can create non-employee records and configure them for use in their organizations.
This allows organizations to provide secure access to non-employees and control that access.
The 'non-employee' term refers to any consultant, contractor, intern, or other user in an organization who is not a full-time permanent employee.
Organizations can track non-employees' access and activity in Identity Security Cloud by creating and maintaining non-employee sources.
Organizations can have a maximum of 50 non-employee sources.
By using SailPoint's Non-Employee Lifecycle Management functionality, you agree to the following:
- SailPoint is not responsible for storing sensitive data.
You may only add account attributes to non-employee identities that are necessary for business operations and are consistent with your contractual limitations on data that may be sent or stored in Identity Security Cloud.
- You are responsible for regularly downloading your list of non-employee accounts for all the sources you create and storing this list of accounts in a managed location to maintain an authoritative system of record and backup data for these accounts.
To manage non-employees in Identity Security Cloud, administrators must create a non-employee source and add accounts to the source.
To create a non-employee source in Identity Security Cloud, administrators must use the Admin panel to go to Connections > Sources.
They must then specify 'Non-Employee' in the 'Source Type' field.
Refer to [Creating a Non-Employee Source](https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html#creating-a-non-employee-source) for more details about how to create non-employee sources.
To add accounts to a non-employee source in Identity Security Cloud, administrators can select the non-employee source and add the accounts.
They can also use the 'Manage Non-Employees' widget on their user dashboards to reach the list of sources and then select the non-employee source they want to add the accounts to.
Administrators can either add accounts individually or in bulk. Each non-employee source can have a maximum of 20,000 accounts.
To add accounts in bulk, they must select the 'Bulk Upload' option and upload a CSV file.
Refer to [Adding Accounts](https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html#adding-accounts) for more details about how to add accounts to non-employee sources.
Once administrators have created the non-employee source and added accounts to it, they can create identity profiles to generate identities for the non-employee accounts and manage the non-employee identities the same way they would any other identities.
Refer to [Managing Non-Employee Sources and Accounts](https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html) for more information about non-employee lifecycle management.
- name: OAuth Clients
description: |
Use this API to implement OAuth client functionality.
With this functionality in place, users with the appropriate security scopes can create and configure OAuth clients to use as a way to obtain authorization to use the Identity Security Cloud REST API.
Refer to [Authentication](https://developer.sailpoint.com/docs/api/authentication/) for more information about OAuth and how it works with the Identity Security Cloud REST API.
- name: Password Configuration
description: |
Use this API to implement organization password configuration functionality.
With this functionality in place, organization administrators can create organization-specific password configurations.
These configurations include details like custom password instructions, as well as digit token length and duration.
Refer to [Configuring User Authentication for Password Resets](https://documentation.sailpoint.com/saas/help/pwd/pwd_reset.html) for more information about organization password configuration functionality.
- name: Password Dictionary
description: |
Use this API to implement password dictionary functionality.
With this functionality in place, administrators can create password dictionaries to prevent users from using certain words or characters in their passwords.
A password dictionary is a list of words or characters that users are prevented from including in their passwords.
This can help protect users from themselves and force them to create passwords that are not easy to break.
A password dictionary must meet the following requirements to for the API to handle them correctly:
- It must be in .txt format.
- All characters must be UTF-8 characters.
- Each line must contain a single word or character with no spaces or whitespace characters.
- It must contain at least one line other than the locale string.
- Each line must not exceed 128 characters.
- The file must not exceed 2500 lines.
Administrators should also consider the following when they create their dictionaries:
- Lines starting with a # represent comments.
- All words in the password dictionary are case-insensitive.
For example, adding the word "password" to the dictionary also disallows the following: PASSWORD, Password, and PassWord.
- The dictionary uses substring matching.
For example, adding the word "spring" to the dictionary also disallows the following: Spring124, 345SprinG, and 8spring.
Users can then select 'Change Password' to update their passwords.
Administrators must do the following to create a password dictionary:
- Create the text file that will contain the prohibited password values.
- If the dictionary is not in English, they must add a locale string to the top line: locale:`languageCode`_`countryCode`
The languageCode value refers to the language's 2-letter ISO 639-1 code.
The countryCode value refers to the country's 2-letter ISO 3166-1 code.
Refer to this list https://docs.oracle.com/cd/E13214_01/wli/docs92/xref/xqisocodes.html to see all the available ISO 639-1 language codes and ISO 3166-1 country codes.
- Upload the .txt file to Identity Security Cloud with [Update Password Dictionary](https://developer.sailpoint.com/docs/api/v3/put-password-dictionary). Uploading a new file always overwrites the previous dictionary file.
Administrators can then specify which password policies check new passwords against the password dictionary by doing the following: In the Admin panel, they can use the Password Mgmt dropdown menu to select Policies, select the policy, and select the 'Prevent use of words in this site's password dictionary' checkbox beside it.
Refer to [Configuring Advanced Password Management Options](https://documentation.sailpoint.com/saas/help/pwd/adv_config.html) for more information about password dictionaries.
- name: Password Management
description: |
Use this API to implement password management functionality.
With this functionality in place, users can manage their identity passwords for all their applications.
In Identity Security Cloud, users can select their names in the upper right corner of the page and use the drop-down menu to select Password Manager.
Password Manager lists the user's identity's applications, possibly grouped to share passwords.
Users can then select 'Change Password' to update their passwords.
Grouping passwords allows users to update their passwords more broadly, rather than requiring them to update each password individually.
Password Manager may list the applications and sources in the following groups:
- Password Group: This refers to a group of applications that share a password.
For example, a user can use the same password for Google Drive, Google Mail, and YouTube.
Updating the password for the password group updates the password for all its included applications.
- Multi-Application Source: This refers to a source with multiple applications that share a password.
For example, a user can have a source, G Suite, that includes the Google Calendar, Google Drive, and Google Mail applications.
Updating the password for the multi-application source updates the password for all its included applications.
- Applications: These are applications that do not share passwords with other applications.
An organization may require some authentication for users to update their passwords.
Users may be required to answer security questions or use a third-party authenticator before they can confirm their updates.
Refer to [Managing Passwords](https://documentation.sailpoint.com/saas/user-help/accounts/passwords.html) for more information about password management.
- name: Password Sync Groups
description: |
Use this API to implement password sync group functionality.
With this functionality in place, administrators can group sources into password sync groups so that all their applications share the same password.
This allows users to update the password for all the applications in a sync group if they want, rather than updating each password individually.
A password sync group is a group of applications that shares a password.
Administrators create these groups by grouping the applications' sources.
For example, an administrator can group the ActiveDirectory, GitHub, and G Suite sources together so that all those sources' applications can also be grouped to share a password.
A user can then update his or her password for ActiveDirectory, GitHub, Gmail, Google Drive, and Google Calendar all at once, rather then updating each one individually.
The following are required for administrators to create a password sync group in Identity Security Cloud:
- At least two direct connect sources connected to Identity Security Cloud and configured for Password Management.
- Each authentication source in a sync group must have at least one application. Refer to [Adding and Resetting Application Passwords](https://documentation.sailpoint.com/saas/help/pwd/adv_config.html#adding-and-resetting-application-passwords) for more information about adding applications to sources.
- At least one password policy. Refer to [Managing Password Policies](https://documentation.sailpoint.com/saas/help/pwd/policies.html) for more information about password policies.
In the Admin panel in Identity Security Cloud, administrators can use the Password Mgmt dropdown menu to select Sync Groups.
To create a sync group, administrators must provide a name, choose a password policy to be enforced across the sources in the sync group, and select the sources to include in the sync group.
Administrators can also delete sync groups in Identity Security Cloud, but they should know the following before they do:
- Passwords related to the associated sources will become independent, so changing one will not change the others anymore.
- Passwords for the sources' connected applications will also become independent.
- Password policies assigned to the sync group are then assigned directly to the associated sources.
To change the password policy for a source, administrators must edit it directly.
Once the password sync group has been created, users can update the password for the group in Password Manager.
Refer to [Managing Password Sync Groups](https://documentation.sailpoint.com/saas/help/pwd/sync_grps.html) for more information about password sync groups.
- name: Personal Access Tokens
description: |
Use this API to implement personal access token (PAT) functionality.
With this functionality in place, users can use PATs as an alternative to passwords for authentication in Identity Security Cloud.
PATs embed user information into the client ID and secret.
This replaces the API clients' need to store and provide a username and password to establish a connection, improving Identity Security Cloud organizations' integration security.
In Identity Security Cloud, users can do the following to create and manage their PATs: Select the dropdown menu under their names, select Preferences, and then select Personal Access Tokens.
They must then provide a description about the token's purpose.
They can then select 'Create Token' at the bottom of the page to generate and view the Secret and Client ID.
Refer to [Managing Personal Access Tokens](https://documentation.sailpoint.com/saas/help/common/generate_tokens.html) for more information about PATs.
- name: Public Identities
description: |
Use this API in conjunction with [Public Identites Config](https://developer.sailpoint.com/docs/api/v3/public-identities-config/) to enable non-administrators to view identities' publicly visible attributes.
With this functionality in place, non-administrators can view identity attributes other than the default attributes (email, lifecycle state, and manager), depending on which identity attributes their organization administrators have made public.
This can be helpful for access approvers, certification reviewers, managers viewing their direct reports' access, and source owners viewing their tasks.
- name: Public Identities Config
description: |
Use this API to implement public identity configuration functionality.
With this functionality in place, administrators can make up to 5 identity attributes publicly visible so other non-administrator users can see the relevant information they need to make decisions.
This can be helpful for approvers making approvals, certification reviewers, managers viewing their direct reports' access, and source owners viewing their tasks.
By default, non-administrators can select an identity and view the following attributes: email, lifecycle state, and manager.
However, it may be helpful for a non-administrator reviewer to see other identity attributes like department, region, title, etc.
Administrators can use this API to make those necessary identity attributes public to non-administrators.
For example, a non-administrator deciding whether to approve another identity's request for access to the Workday application, whose access may be restricted to members of the HR department, would want to know whether the identity is a member of the HR department.
If an administrator has used [Update Public Identity Config](https://developer.sailpoint.com/docs/api/v3/update-public-identity-config/) to make the "department" attribute public, the approver can see the department and make a decision without requesting any more information.
- name: Reports Data Extraction
description: |
Use this API to implement reports lifecycle managing and monitoring.
With this functionality in place, users can run reports, view their results, and cancel reports in progress.
This can be potentially helpful for auditing purposes.
- name: Requestable Objects
description: |
Use this API to implement requestable object functionality.
With this functionality in place, administrators can determine which access items can be requested with the [Access Request APIs](https://developer.sailpoint.com/docs/api/v3/access-requests/), along with their statuses.
This can be helpful for administrators who are implementing and customizing access request functionality as a way of checking which items are requestable as they are created, assigned, and made available.
- name: Roles
description: |
Use this API to implement and customize role functionality.
With this functionality in place, administrators can create roles and configure them for use throughout Identity Security Cloud.
Identity Security Cloud can use established criteria to automatically assign the roles to qualified users. This enables users to get all the access they need quickly and securely and administrators to spend their time on other tasks.
Entitlements represent the most granular level of access in Identity Security Cloud.
Access profiles represent the next level and often group entitlements.
Roles represent the broadest level of access and often group access profiles.
For example, an Active Directory source in Identity Security Cloud can have multiple entitlements: the first, 'Employees,' may represent the access all employees have at the organization, and a second, 'Developers,' may represent the access all developers have at the organization.
An administrator can then create a broader set of access in the form of an access profile, 'AD Developers' grouping the 'Employees' entitlement with the 'Developers' entitlement.
An administrator can then create an even broader set of access in the form of a role grouping the 'AD Developers' access profile with another profile, 'GitHub Developers,' grouping entitlements for the GitHub source.
When users only need Active Directory employee access, they can request access to the 'Employees' entitlement.
When users need both Active Directory employee and developer access, they can request access to the 'AD Developers' access profile.
When users need both the 'AD Developers' access profile and the 'GitHub Developers' access profile, they can request access to the role grouping both.
Roles often represent positions within organizations.
For example, an organization's accountant can access all the tools the organization's accountants need with the 'Accountant' role.
If the accountant switches to engineering, a qualified member of the organization can quickly revoke the accountant's 'Accountant' access and grant access to the 'Engineer' role instead, granting access to all the tools the organization's engineers need.
In Identity Security Cloud, adminstrators can use the Access drop-down menu and select Roles to view, configure, and delete existing roles, as well as create new ones.
Administrators can enable and disable the role, and they can also make the following configurations:
- Manage Access: Manage the role's access by adding or removing access profiles.
- Define Assignment: Define the criteria Identity Security Cloud uses to assign the role to identities.
Use the first option, 'Standard Criteria,' to provide specific criteria for assignment like specific account attributes, entitlements, or identity attributes.
Use the second, 'Identity List,' to specify the identities for assignment.
- Access Requests: Configure roles to be requestable and establish an approval process for any requests that the role be granted or revoked.
Do not configure a role to be requestable without establishing a secure access request approval process for that role first.
Refer to [Working with Roles](https://documentation.sailpoint.com/saas/help/access/roles.html) for more information about roles.
- name: Saved Search
description: |
Use this API to implement saved search functionality.
With saved search functionality in place, users can save search queries and then view those saved searches, as well as rerun them.
Search queries in Identity Security Cloud can grow very long and specific, which can make reconstructing them difficult or tedious, so it can be especially helpful to save search queries.
It also opens the possibility to configure Identity Security Cloud to run the saved queries on a schedule, which is essential to detecting user information and access changes throughout an organization's tenant and across all its sources.
Refer to [Scheduled Search](https://developer.sailpoint.com/docs/api/v3/scheduled-search/) for more information about running saved searches on a schedule.
In Identity Security Cloud, users can save searches under a name, and then they can access that saved search and run it again when they want.
Refer to [Managing Saved Searches](https://documentation.sailpoint.com/saas/help/search/saved-searches.html) for more information about saving searches and using them.
- name: Scheduled Search
description: |
Use this API to implement scheduled search functionality.
With scheduled search functionality in place, users can run saved search queries on their tenants on a schedule, and Identity Security Cloud emails them the search results.
Users can also share these search results with other users by email by adding those users as subscribers, or those users can subscribe themselves.
One of the greatest benefits of saving searches is the ability to run those searches on a schedule.
This is essential for organizations to constantly detect any changes to user information or access throughout their tenants and across all their sources.
For example, the manager Amanda Ross can schedule a saved search "manager.name:amanda.ross AND attributes.location:austin" on a schedule to regularly stay aware of changes with the Austin employees reporting to her.
Identity Security Cloud emails her the search results when the search runs, so she can work on other tasks instead of actively running this search.
In Identity Security Cloud, scheduling a search involves a subscription.
Users can create a subscription for a saved search and schedule it to run daily, weekly, or monthly (you can only use one schedule option at a time).
The user can add other identities as subscribers so when the scheduled search runs, the subscribers and the user all receive emails.
By default, subscriptions exclude detailed results from the emails, for security purposes.
Including detailed results about user access in an email may expose sensitive information.
However, the subscription creator can choose to include the information in the emails.
By default, Identity Security Cloud sends emails to the subscribers even when the searches do not return new results.
However, the subscription creator can choose to suppress these empty emails.
Users can also subscribe to saved searches that already have existing subscriptions so they receive emails when the searches run.
A saved search can have up to 10 subscriptions configured at a time.
The subscription creator can enable, disable, or delete the subscription.
Refer to [Subscribing to Saved Searches](https://documentation.sailpoint.com/saas/help/search/saved-searches.html#subscribing-to-saved-searches) for more information about scheduling searches and subscribing to them.
- name: Search
description: |
Use this API to implement search functionality.
With search functionality in place, users can search their tenants for nearly any information from throughout their organizations.
Identity Security Cloud enables organizations to store user data from across all their connected sources and manage the users' access, so the ability to query and filter that data is essential.
Its search goes through all those sources and finds the results quickly and specifically.
The search query is flexible - it can be very broad or very narrow.
The search only returns results for searchable objects it is filtering for.
The following objects are searchable: identities, roles, access profiles, entitlements, events, and account activities.
By default, no filter is applied, so a search for "Ad" returns both the identity "Adam.Archer" as well as the role "Administrator."
Users can further narrow their results by using Identity Security Cloud's specific syntax and punctuation to structure their queries.
For example, the query "attributes.location:austin AND NOT manager.name:amanda.ross" returns all results associated with the Austin location, but it excludes those associated with the manager Amanda Ross.
Refer to [Building a Search Query](https://documentation.sailpoint.com/saas/help/search/building-query.html) for more information about how to construct specific search queries.
Refer to [Using Search](https://documentation.sailpoint.com/saas/help/search/index.html) for more information about Identity Security Cloud's search and its different possibilities.
The search feature uses Elasticsearch as a datastore and query engine.
The power of Elasticsearch makes this feature suitable for ad-hoc reporting.
However, data from the operational databases (ex. identities, roles, events, etc) has to be ingested into Elasticsearch.
This ingestion process introduces a latency from when the operational data is created to when it is available in search.
Depending on the system load, this can take a few seconds to a few minutes.
Please keep this latency in mind when you use search.
- name: Segments
description: |
Use this API to implement and customize access request segment functionality.
With this functionality in place, administrators can create and manage access request segments.
Segments provide organizations with a way to make the access their users have even more granular - this can simply the access request process for the organization's users and improves security by reducing the risk of overprovisoning access.
Segments represent sets of identities, all grouped by specified identity attributes, who are only able to see and access the access items associated with their segments.
For example, administrators could group all their organization's London office employees into one segment, "London Office Employees," by their shared location.
The administrators could then define the access items the London employees would need, and the identities in the "London Office Employees" would then only be able to see and access those items.
In Identity Security Cloud, administrators can use the 'Access' drop-down menu and select 'Segments' to reach the 'Access Requests Segments' page.
This page lists all the existing access request segments, along with their statuses, enabled or disabled.
Administrators can use this page to create, edit, enable, disable, and delete segments.
To create a segment, an administrator must provide a name, define the identities grouped in the segment, and define the items the identities in the segment can access.
These items can be access profiles, roles, or entitlements.
When administrators use the API to create and manage segments, they use a JSON expression in the `visibilityCriteria` object to define the segment's identities and access items.
Refer to [Managing Access Request Segments](https://documentation.sailpoint.com/saas/help/requests/segments.html) for more information about segments in Identity Security Cloud.
- name: Service Desk Integration
description: |
Use this API to build an integration between Identity Security Cloud and a service desk ITSM (IT service management) solution.
Once an administrator builds this integration between Identity Security Cloud and a service desk, users can use Identity Security Cloud to raise and track tickets that are synchronized between Identity Security Cloud and the service desk.
In Identity Security Cloud, administrators can create a service desk integration (sometimes also called an SDIM, or Service Desk Integration Module) by going to Admin > Connections > Service Desk and selecting 'Create.'
To create a Generic Service Desk integration, for example, administrators must provide the required information on the General Settings page, the Connectivity and Authentication information, Ticket Creation information, Status Mapping information, and Requester Source information on the Configure page.
Refer to [Integrating SailPoint with Generic Service Desk](https://documentation.sailpoint.com/connectors/generic_sd/help/integrating_generic_service_desk/intro.html) for more information about the process of setting up a Generic Service Desk in Identity Security Cloud.
Administrators can create various service desk integrations, all with their own nuances.
The following service desk integrations are available:
- [Atlassian Cloud Jira Service Management](https://documentation.sailpoint.com/connectors/atlassian/jira_cloud/help/integrating_jira_cloud_sd/introduction.html)
- [Atlassian Server Jira Service Management](https://documentation.sailpoint.com/connectors/atlassian/jira_server/help/integrating_jira_server_sd/introduction.html)
- [BMC Helix ITSM Service Desk](https://documentation.sailpoint.com/connectors/bmc/helix_ITSM_sd/help/integrating_bmc_helix_itsm_sd/intro.html)
- [BMC Helix Remedyforce Service Desk](https://documentation.sailpoint.com/connectors/bmc/helix_remedyforce_sd/help/integrating_bmc_helix_remedyforce_sd/intro.html)
- [Generic Service Desk](https://documentation.sailpoint.com/connectors/generic_sd/help/integrating_generic_service_desk/intro.html)
- [ServiceNow Service Desk](https://documentation.sailpoint.com/connectors/servicenow/sdim/help/integrating_servicenow_sdim/intro.html)
- [Zendesk Service Desk](https://documentation.sailpoint.com/connectors/zendesk/help/integrating_zendesk_sd/introduction.html)
- name: SOD Policies
description: |
Use this API to implement and manage "separation of duties" (SOD) policies.
With SOD policy functionality in place, administrators can organize the access in their tenants to prevent individuals from gaining conflicting or excessive access.
"Separation of duties" refers to the concept that people shouldn't have conflicting sets of access - all their access should be configured in a way that protects your organization's assets and data.
For example, people who record monetary transactions shouldn't be able to issue payment for those transactions.
Any changes to major system configurations should be approved by someone other than the person requesting the change.
Organizations can use "separation of duties" (SOD) policies to enforce and track their internal security rules throughout their tenants.
These SOD policies limit each user's involvement in important processes and protects the organization from individuals gaining excessive access.
To create SOD policies in Identity Security Cloud, administrators use 'Search' and then access 'Policies'.
To create a policy, they must configure two lists of access items. Each access item can only be added to one of the two lists.
They can search for the entitlements they want to add to these access lists.
>Note: You can have a maximum of 500 policies of any type (including general policies) in your organization. In each access-based SOD policy, you can have a maximum of 50 entitlements in each access list.
Once a SOD policy is in place, if an identity has access items on both lists, a SOD violation will trigger.
These violations are included in SOD violation reports that other users will see in emails at regular intervals if they're subscribed to the SOD policy.
The other users can then better help to enforce these SOD policies.
To create a subscription to a SOD policy in Identity Security Cloud, administrators use 'Search' and then access 'Layers'.
They can create a subscription to the policy and schedule it to run at a regular interval.
Refer to [Managing Policies](https://documentation.sailpoint.com/saas/help/sod/manage-policies.html) for more information about SOD policies.
Refer to [Subscribe to a SOD Policy](https://documentation.sailpoint.com/saas/help/sod/policy-violations.html#subscribe-to-an-sod-policy) for more information about SOD policy subscriptions.
- name: SOD Violations
description: |
Use this API to check for current "separation of duties" (SOD) policy violations as well as potential future SOD policy violations.
With SOD violation functionality in place, administrators can get information about current SOD policy violations and predict whether an access change will trigger new violations, which helps to prevent them from occurring at all.
"Separation of duties" refers to the concept that people shouldn't have conflicting sets of access - all their access should be configured in a way that protects your organization's assets and data.
For example, people who record monetary transactions shouldn't be able to issue payment for those transactions.
Any changes to major system configurations should be approved by someone other than the person requesting the change.
Organizations can use "separation of duties" (SOD) policies to enforce and track their internal security rules throughout their tenants.
These SOD policies limit each user's involvement in important processes and protects the organization from individuals gaining excessive access.
Once a SOD policy is in place, if an identity has conflicting access items, a SOD violation will trigger.
These violations are included in SOD violation reports that other users will see in emails at regular intervals if they're subscribed to the SOD policy.
The other users can then better help to enforce these SOD policies.
Administrators can use the SOD violations APIs to check a set of identities for any current SOD violations, and they can use them to check whether adding an access item would potentially trigger a SOD violation.
This second option is a good way to prevent SOD violations from triggering at all.
Refer to [Handling Policy Violations](https://documentation.sailpoint.com/saas/help/sod/policy-violations.html) for more information about SOD policy violations.
- name: Sources
description: |
Use this API to implement and customize source functionality.
With source functionality in place, organizations can use Identity Security Cloud to connect their various sources and user data sets and manage access across all those different sources in a secure, scalable way.
[Sources](https://documentation.sailpoint.com/saas/help/sources/managing_sources.html) refer to the Identity Security Cloud representations for external applications, databases, and directory management systems that maintain their own sets of users, like Dropbox, GitHub, and Workday, for example.
Organizations may use hundreds, if not thousands, of different source systems, and any one employee within an organization likely has a different user record on each source, often with different permissions on many of those records.
Connecting these sources to Identity Security Cloud makes it possible to manage user access across them all.
Then, if a new hire starts at an organization, Identity Security Cloud can grant the new hire access to all the sources they need.
If an employee moves to a new department and needs access to new sources but no longer needs access to others, Identity Security Cloud can grant the necessary access and revoke the unnecessary access for all the employee's various sources.
If an employee leaves the company, Identity Security Cloud can revoke access to all the employee's various source accounts immediately.
These are just a few examples of the many ways that source functionality makes identity governance easier, more efficient, and more secure.
In Identity Security Cloud, administrators can create configure, manage, and edit sources, and they can designate other users as source admins to be able to do so.
They can also designate users as source sub-admins, who can perform the same source actions but only on sources associated with their governance groups.
Admins go to Connections > Sources to see a list of the existing source representations in their organizations.
They can create new sources or select existing ones.
To create a new source, the following must be specified: Source Name, Description, Source Owner, and Connection Type.
Refer to [Configuring a Source](https://documentation.sailpoint.com/saas/help/accounts/loading_data.html#configuring-a-source) for more information about the source configuration process.
Identity Security Cloud connects with its sources either by a direct communication with the source server (connection information specific to the source must be provided) or a flat file feed, a CSV file containing all the relevant information about the accounts to be loaded in.
Different sources use different connectors to share data with Identity Security Cloud, and each connector's setup process is specific to that connector.
SailPoint has built a number of connectors to come out of the box and connect to the most common sources, and SailPoint actively maintains these connectors.
Refer to [Identity Security Cloud Connectors](https://documentation.sailpoint.com/connectors/identitynow/landingpages/help/landingpages/identitynow_connectivity_landing.html) for more information about these SailPoint supported connectors.
Refer to the following links for more information about two useful connectors:
- [JDBC Connector](https://documentation.sailpoint.com/connectors/jdbc/help/integrating_jdbc/introduction.html): This customizable connector an directly connect to databases that support JDBC (Java Database Connectivity).
- [Web Services Connector](https://documentation.sailpoint.com/connectors/webservices/help/integrating_webservices/introduction.html): This connector can directly connect to databases that support Web Services.
Refer to [SaaS Connectivity](https://developer.sailpoint.com/docs/connectivity/saas-connectivity/) for more information about SailPoint's new connectivity framework that makes it easy to build and manage custom connectors to SaaS sources.
When admins select existing sources, they can view the following information about the source:
- Associated connections (any associated identity profiles, apps, or references to the source in a transform).
- Associated user accounts. These accounts are linked to their identities - this provides a more complete picture of each user's access across sources.
- Associated entitlements (sets of access rights on sources).
- Associated access profiles (groupings of entitlements).
The user account data and the entitlements update with each data aggregation from the source.
Organizations generally run scheduled, automated data aggregations to ensure that their data is always in sync between their sources and their Identity Security Cloud tenants so an access change on a source is detected quickly in Identity Security Cloud.
Admins can view a history of these aggregations, and they can also run manual imports.
Refer to [Loading Account Data](https://documentation.sailpoint.com/saas/help/accounts/loading_data.html) for more information about manual and scheduled aggregations.
Admins can also make changes to determine which user account data Identity Security Cloud collects from the source and how it correlates that account data with identity data.
To define which account attributes the source shares with Identity Security Cloud, admins can edit the account schema on the source.
Refer to [Managing Source Account Schemas](https://documentation.sailpoint.com/saas/help/accounts/schema.html) for more information about source account schemas and how to edit them.
To define the mapping between the source account attributes and their correlating identity attributes, admins can edit the correlation configuration on the source.
Refer to [Assigning Source Accounts to Identities](https://documentation.sailpoint.com/saas/help/accounts/correlation.html) for more information about this correlation process between source accounts and identities.
Admins can also delete sources, but they must first ensure that the sources no longer have any active connections: the source must not be associated with any identity profile or any app, and it must not be referenced by any transform.
Refer to [Deleting Sources](https://documentation.sailpoint.com/saas/help/sources/managing_sources.html#deleting-sources) for more information about deleting sources.
Well organized, mapped out connections between sources and Identity Security Cloud are essential to achieving comprehensive identity access governance across all the source systems organizations need.
Refer to [Managing Sources](https://documentation.sailpoint.com/saas/help/sources/managing_sources.html) for more information about all the different things admins can do with sources once they are connected.
- name: Source Usages
description: |
Use this API to implement source usage insight functionality.
With this functionality in place, administrators can gather information and insights about how their tenants' sources are being used.
This allows organizations to get the information they need to start optimizing and securing source usage.
- name: Tagged Objects
description: |
Use this API to implement object tagging functionality.
With object tagging functionality in place, any user in an organization can use tags as a way to group objects together and find them more quickly when the user searches Identity Security Cloud.
In Identity Security Cloud, users can search their tenants for information and add tags objects they find.
Tagging an object provides users with a way of grouping objects together and makes it easier to find these objects in the future.
For example, if a user is searching for an entitlement that grants a risky level of access to Active Directory, it's possible that the user may have to search through hundreds of entitlements to find the correct one.
Once the user finds that entitlement, the user can add a tag to the entitlement, "AD_RISKY" to make it easier to find the entitlement again.
The user can add the same tag to multiple objects the user wants to group together for an easy future search, and the user can also do so in bulk.
When the user wants to find that tagged entitlement again, the user can search for "tags:AD_RISKY" to find all objects with that tag.
With the API, you can tag even more different object types than you can in Identity Security Cloud (access profiles, entitlements, identities, and roles).
You can use the API to tag all these objects:
- Access profiles
- Applications
- Certification campaigns
- Entitlements
- Identities
- Roles
- SOD (separation of duties) policies
- Sources
You can also use the API to directly find, create, and manage tagged objects without using search queries.
There are limits to tags:
- You can have up to 500 different tags in your tenant.
- You can apply up to 30 tags to one object.
- You can have up to 10,000 tag associations, pairings of 1 tag to 1 object, in your tenant.
Because of these limits, it is recommended that you work with your governance experts and security teams to establish a list of tags that are most expressive of governance objects and access managed by Identity Security Cloud.
These are the types of information often expressed in tags:
- Affected departments
- Compliance and regulatory categories
- Remediation urgency levels
- Risk levels
Refer to [Tagging Items in Search](https://documentation.sailpoint.com/saas/help/search/index.html?h=tags#tagging-items-in-search) for more information about tagging objects in Identity Security Cloud.
- name: Transforms
description: |
The purpose of this API is to expose functionality for the manipulation of Transform objects.
Transforms are a form of configurable objects which define an easy way to manipulate attribute data without having
to write code. These endpoints don't require API calls to other resources, audit service is used for keeping track
of which users have made changes to the Transforms.
Refer to [Transforms](https://developer.sailpoint.com/docs/extensibility/transforms/) for more information about transforms.
- name: Work Items
description: |
Use this API to implement work item functionality.
With this functionality in place, users can manage their work items (tasks).
Work items refer to the tasks users see in Identity Security Cloud's Task Manager.
They can see the pending work items they need to complete, as well as the work items they have already completed.
Task Manager lists the work items along with the involved sources, identities, accounts, and the timestamp when the work item was created.
For example, a user may see a pending 'Create an Account' work item for the identity Fred.Astaire in GitHub for Fred's GitHub account, fred-astaire-sp.
Once the user completes the work item, the work item will be listed with his or her other completed work items.
To complete work items, users can use their dashboards and select the 'My Tasks' widget.
The widget will list any work items they need to complete, and they can select the work item from the list to review its details.
When they complete the work item, they can select 'Mark Complete' to add it to their list of completed work items.
Refer to [Task Manager](https://documentation.sailpoint.com/saas/user-help/task_manager.html) for more information about work items, including the different types of work items users may need to complete.
- name: Workflows
description: |
Workflows allow administrators to create custom automation scripts directly within Identity Security Cloud. These automation scripts respond to [event triggers](https://developer.sailpoint.com/docs/extensibility/event-triggers/#how-to-get-started-with-event-triggers) and perform a series of actions to perform tasks that are either too cumbersome or not available in the Identity Security Cloud UI. Workflows can be configured via a graphical user interface within Identity Security Cloud, or by creating and uploading a JSON formatted script to the Workflow service. The Workflows API collection provides the necessary functionality to create, manage, and test your workflows via REST.
paths:
/access-profiles:
get:
operationId: listAccessProfiles
tags:
- Access Profiles
summary: List Access Profiles
description: |-
This API returns a list of Access Profiles.
A token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
parameters:
- in: query
name: for-subadmin
schema:
type: string
description: |-
If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN or SOURCE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity's ID.
A 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin.
example: 8c190e6787aa4ed9a90bd9d5344523fb
required: false
- in: query
name: limit
description: |-
Note that for this API the maximum value for limit is 50.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 50
schema:
type: integer
format: int32
minimum: 0
maximum: 50
default: 50
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, sw*
**created**: *gt, lt, ge, le*
**modified**: *gt, lt, ge, le*
**owner.id**: *eq, in*
**requestable**: *eq*
**source.id**: *eq, in*
Composite operators supported: *and, or*
example: name eq "SailPoint Support"
required: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, created, modified**
example: 'name,-modified'
required: false
- in: query
name: for-segment-ids
schema:
type: string
format: comma-separated
description: |-
If present and not empty, additionally filters Access Profiles to those which are assigned to the Segment(s) with the specified IDs.
If segmentation is currently unavailable, specifying this parameter results in an error.
example: '0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d'
required: false
- in: query
name: include-unsegmented
schema:
type: boolean
default: true
description: 'Whether or not the response list should contain unsegmented Access Profiles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error.'
example: false
required: false
responses:
'200':
description: List of Access Profiles
content:
application/json:
schema:
type: array
items:
type: object
description: Access Profile
properties:
id:
type: string
description: The ID of the Access Profile
example: 2c91808a7190d06e01719938fcd20792
readOnly: true
name:
type: string
description: Name of the Access Profile
example: Employee-database-read-write
description:
type: string
nullable: true
description: Information about the Access Profile
example: Collection of entitlements to read/write the employee database
created:
type: string
description: Date the Access Profile was created
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date the Access Profile was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
enabled:
type: boolean
default: true
description: Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement.
example: true
owner:
description: Owner of the Access Profile
type: object
nullable: false
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
source:
type: object
properties:
id:
type: string
description: The ID of the Source with with which the Access Profile is associated
example: 2c91809773dee3610173fdb0b6061ef4
type:
type: string
enum:
- SOURCE
description: 'The type of the Source, will always be SOURCE'
example: SOURCE
name:
type: string
description: The display name of the associated Source
example: ODS-AD-SOURCE
entitlements:
type: array
nullable: true
description: A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement.
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
requestable:
type: boolean
default: true
description: 'Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.'
example: true
accessRequestConfig:
nullable: true
description: Access request configuration for this object
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: true
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: true
nullable: true
default: false
approvalSchemes:
type: array
nullable: true
description: List describing the steps in approving the request
items:
type: object
properties:
approverType:
type: string
enum:
- APP_OWNER
- OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**APP_OWNER**: The owner of the Application
**OWNER**: Owner of the associated Access Profile or Role
**SOURCE_OWNER**: Owner of the Source associated with an Access Profile
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
revocationRequestConfig:
nullable: true
description: Revocation request configuration for this object.
type: object
properties:
approvalSchemes:
type: array
nullable: true
description: List describing the steps in approving the revocation request
items:
type: object
properties:
approverType:
type: string
enum:
- APP_OWNER
- OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**APP_OWNER**: The owner of the Application
**OWNER**: Owner of the associated Access Profile or Role
**SOURCE_OWNER**: Owner of the Source associated with an Access Profile
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
segments:
type: array
nullable: true
items:
type: string
description: 'List of IDs of segments, if any, to which this Access Profile is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
provisioningCriteria:
description: 'When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.'
nullable: true
example:
operation: OR
children:
- operation: AND
children:
- attribute: dn
operation: CONTAINS
value: useast
- attribute: manager
operation: CONTAINS
value: Scott.Clark
- operation: AND
children:
- attribute: dn
operation: EQUALS
value: Gibson
- attribute: telephoneNumber
operation: CONTAINS
value: '512'
type: object
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on ProvisioningCriteria
example: EQUALS
attribute:
type: string
description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines matching criteria for an Account to be provisioned with a specific Access Profile
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on ProvisioningCriteria
example: EQUALS
attribute:
type: string
description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines matching criteria for an Account to be provisioned with a specific Access Profile
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on ProvisioningCriteria
example: EQUALS
attribute:
type: string
description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.'
example: email
nullable: true
value:
type: string
description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: string
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
nullable: true
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
required:
- owner
- name
- source
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:access-profile:read'
post:
operationId: createAccessProfile
tags:
- Access Profiles
summary: Create an Access Profile
description: |-
This API creates an Access Profile.
A token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition, a token with only ROLE_SUBADMIN or SOURCE_SUBADMIN authority must be associated with the Access Profile's Source.
The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing access profiles, however, any new access profiles as well as any updates to existing descriptions will be limited to 2000 characters.
requestBody:
required: true
content:
application/json:
schema:
type: object
description: Access Profile
properties:
id:
type: string
description: The ID of the Access Profile
example: 2c91808a7190d06e01719938fcd20792
readOnly: true
name:
type: string
description: Name of the Access Profile
example: Employee-database-read-write
description:
type: string
nullable: true
description: Information about the Access Profile
example: Collection of entitlements to read/write the employee database
created:
type: string
description: Date the Access Profile was created
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date the Access Profile was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
enabled:
type: boolean
default: true
description: Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement.
example: true
owner:
description: Owner of the Access Profile
type: object
nullable: false
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
source:
type: object
properties:
id:
type: string
description: The ID of the Source with with which the Access Profile is associated
example: 2c91809773dee3610173fdb0b6061ef4
type:
type: string
enum:
- SOURCE
description: 'The type of the Source, will always be SOURCE'
example: SOURCE
name:
type: string
description: The display name of the associated Source
example: ODS-AD-SOURCE
entitlements:
type: array
nullable: true
description: A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement.
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
requestable:
type: boolean
default: true
description: 'Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.'
example: true
accessRequestConfig:
nullable: true
description: Access request configuration for this object
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: true
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: true
nullable: true
default: false
approvalSchemes:
type: array
nullable: true
description: List describing the steps in approving the request
items:
type: object
properties:
approverType:
type: string
enum:
- APP_OWNER
- OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**APP_OWNER**: The owner of the Application
**OWNER**: Owner of the associated Access Profile or Role
**SOURCE_OWNER**: Owner of the Source associated with an Access Profile
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
revocationRequestConfig:
nullable: true
description: Revocation request configuration for this object.
type: object
properties:
approvalSchemes:
type: array
nullable: true
description: List describing the steps in approving the revocation request
items:
type: object
properties:
approverType:
type: string
enum:
- APP_OWNER
- OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**APP_OWNER**: The owner of the Application
**OWNER**: Owner of the associated Access Profile or Role
**SOURCE_OWNER**: Owner of the Source associated with an Access Profile
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
segments:
type: array
nullable: true
items:
type: string
description: 'List of IDs of segments, if any, to which this Access Profile is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
provisioningCriteria:
description: 'When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.'
nullable: true
example:
operation: OR
children:
- operation: AND
children:
- attribute: dn
operation: CONTAINS
value: useast
- attribute: manager
operation: CONTAINS
value: Scott.Clark
- operation: AND
children:
- attribute: dn
operation: EQUALS
value: Gibson
- attribute: telephoneNumber
operation: CONTAINS
value: '512'
type: object
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on ProvisioningCriteria
example: EQUALS
attribute:
type: string
description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines matching criteria for an Account to be provisioned with a specific Access Profile
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on ProvisioningCriteria
example: EQUALS
attribute:
type: string
description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines matching criteria for an Account to be provisioned with a specific Access Profile
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on ProvisioningCriteria
example: EQUALS
attribute:
type: string
description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.'
example: email
nullable: true
value:
type: string
description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: string
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
nullable: true
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
required:
- owner
- name
- source
responses:
'201':
description: Access Profile created
content:
application/json:
schema:
type: object
description: Access Profile
properties:
id:
type: string
description: The ID of the Access Profile
example: 2c91808a7190d06e01719938fcd20792
readOnly: true
name:
type: string
description: Name of the Access Profile
example: Employee-database-read-write
description:
type: string
nullable: true
description: Information about the Access Profile
example: Collection of entitlements to read/write the employee database
created:
type: string
description: Date the Access Profile was created
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date the Access Profile was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
enabled:
type: boolean
default: true
description: Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement.
example: true
owner:
description: Owner of the Access Profile
type: object
nullable: false
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
source:
type: object
properties:
id:
type: string
description: The ID of the Source with with which the Access Profile is associated
example: 2c91809773dee3610173fdb0b6061ef4
type:
type: string
enum:
- SOURCE
description: 'The type of the Source, will always be SOURCE'
example: SOURCE
name:
type: string
description: The display name of the associated Source
example: ODS-AD-SOURCE
entitlements:
type: array
nullable: true
description: A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement.
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
requestable:
type: boolean
default: true
description: 'Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.'
example: true
accessRequestConfig:
nullable: true
description: Access request configuration for this object
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: true
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: true
nullable: true
default: false
approvalSchemes:
type: array
nullable: true
description: List describing the steps in approving the request
items:
type: object
properties:
approverType:
type: string
enum:
- APP_OWNER
- OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**APP_OWNER**: The owner of the Application
**OWNER**: Owner of the associated Access Profile or Role
**SOURCE_OWNER**: Owner of the Source associated with an Access Profile
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
revocationRequestConfig:
nullable: true
description: Revocation request configuration for this object.
type: object
properties:
approvalSchemes:
type: array
nullable: true
description: List describing the steps in approving the revocation request
items:
type: object
properties:
approverType:
type: string
enum:
- APP_OWNER
- OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**APP_OWNER**: The owner of the Application
**OWNER**: Owner of the associated Access Profile or Role
**SOURCE_OWNER**: Owner of the Source associated with an Access Profile
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
segments:
type: array
nullable: true
items:
type: string
description: 'List of IDs of segments, if any, to which this Access Profile is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
provisioningCriteria:
description: 'When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.'
nullable: true
example:
operation: OR
children:
- operation: AND
children:
- attribute: dn
operation: CONTAINS
value: useast
- attribute: manager
operation: CONTAINS
value: Scott.Clark
- operation: AND
children:
- attribute: dn
operation: EQUALS
value: Gibson
- attribute: telephoneNumber
operation: CONTAINS
value: '512'
type: object
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on ProvisioningCriteria
example: EQUALS
attribute:
type: string
description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines matching criteria for an Account to be provisioned with a specific Access Profile
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on ProvisioningCriteria
example: EQUALS
attribute:
type: string
description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines matching criteria for an Account to be provisioned with a specific Access Profile
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on ProvisioningCriteria
example: EQUALS
attribute:
type: string
description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.'
example: email
nullable: true
value:
type: string
description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: string
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
nullable: true
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
required:
- owner
- name
- source
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:access-profile:manage'
'/access-profiles/{id}':
get:
operationId: getAccessProfile
tags:
- Access Profiles
summary: Get an Access Profile
description: |-
This API returns an Access Profile by its ID.
A token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
parameters:
- in: path
name: id
required: true
schema:
type: string
description: ID of the Access Profile
example: 2c9180837ca6693d017ca8d097500149
responses:
'200':
description: An AccessProfile
content:
application/json:
schema:
type: object
description: Access Profile
properties:
id:
type: string
description: The ID of the Access Profile
example: 2c91808a7190d06e01719938fcd20792
readOnly: true
name:
type: string
description: Name of the Access Profile
example: Employee-database-read-write
description:
type: string
nullable: true
description: Information about the Access Profile
example: Collection of entitlements to read/write the employee database
created:
type: string
description: Date the Access Profile was created
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date the Access Profile was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
enabled:
type: boolean
default: true
description: Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement.
example: true
owner:
description: Owner of the Access Profile
type: object
nullable: false
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
source:
type: object
properties:
id:
type: string
description: The ID of the Source with with which the Access Profile is associated
example: 2c91809773dee3610173fdb0b6061ef4
type:
type: string
enum:
- SOURCE
description: 'The type of the Source, will always be SOURCE'
example: SOURCE
name:
type: string
description: The display name of the associated Source
example: ODS-AD-SOURCE
entitlements:
type: array
nullable: true
description: A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement.
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
requestable:
type: boolean
default: true
description: 'Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.'
example: true
accessRequestConfig:
nullable: true
description: Access request configuration for this object
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: true
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: true
nullable: true
default: false
approvalSchemes:
type: array
nullable: true
description: List describing the steps in approving the request
items:
type: object
properties:
approverType:
type: string
enum:
- APP_OWNER
- OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**APP_OWNER**: The owner of the Application
**OWNER**: Owner of the associated Access Profile or Role
**SOURCE_OWNER**: Owner of the Source associated with an Access Profile
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
revocationRequestConfig:
nullable: true
description: Revocation request configuration for this object.
type: object
properties:
approvalSchemes:
type: array
nullable: true
description: List describing the steps in approving the revocation request
items:
type: object
properties:
approverType:
type: string
enum:
- APP_OWNER
- OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**APP_OWNER**: The owner of the Application
**OWNER**: Owner of the associated Access Profile or Role
**SOURCE_OWNER**: Owner of the Source associated with an Access Profile
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
segments:
type: array
nullable: true
items:
type: string
description: 'List of IDs of segments, if any, to which this Access Profile is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
provisioningCriteria:
description: 'When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.'
nullable: true
example:
operation: OR
children:
- operation: AND
children:
- attribute: dn
operation: CONTAINS
value: useast
- attribute: manager
operation: CONTAINS
value: Scott.Clark
- operation: AND
children:
- attribute: dn
operation: EQUALS
value: Gibson
- attribute: telephoneNumber
operation: CONTAINS
value: '512'
type: object
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on ProvisioningCriteria
example: EQUALS
attribute:
type: string
description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines matching criteria for an Account to be provisioned with a specific Access Profile
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on ProvisioningCriteria
example: EQUALS
attribute:
type: string
description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines matching criteria for an Account to be provisioned with a specific Access Profile
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on ProvisioningCriteria
example: EQUALS
attribute:
type: string
description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.'
example: email
nullable: true
value:
type: string
description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: string
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
nullable: true
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
required:
- owner
- name
- source
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:access-profile:read'
patch:
operationId: patchAccessProfile
tags:
- Access Profiles
summary: Patch a specified Access Profile
description: |-
This API updates an existing Access Profile. The following fields are patchable:
**name**
**description**
**enabled**
**owner**
**requestable**
**accessRequestConfig**
**revokeRequestConfig**
**segments**
**entitlements**
**provisioningCriteria**
**source** (must be updated with entitlements belonging to new source in the same API call)
If you need to change the `source` of the access profile, you can do so only if you update the `entitlements` in the same API call. The new entitlements can only come from the target source that you want to change to. Look for the example "Replace Source" in the examples dropdown.
A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition, a SOURCE_SUBADMIN may only use this API to patch Access Profiles which are associated with Sources they are able to administer.
> The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing access profiles, however, any new access profiles as well as any updates to existing descriptions will be limited to 2000 characters.
> You can only add or replace **entitlements** that exist on the source that the access profile is attached to. You can use the **list entitlements** endpoint with the **filters** query parameter to get a list of available entitlements on the access profile's source.
parameters:
- name: id
in: path
description: ID of the Access Profile to patch
required: true
schema:
type: string
example: 2c91808a7813090a017814121919ecca
requestBody:
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
examples:
Add Entitlements:
description: Add one or more entitlements to the end of the list
value:
- op: add
path: /entitlements
value:
- id: 2c9180857725c14301772a93bb77242d
type: ENTITLEMENT
name: AD User Group
Insert Entitlement:
description: Add an entitlement at the beginning of the entitlement list
value:
- op: add
path: /entitlements/0
value:
id: 2c9180857725c14301772a93bb77242d
type: ENTITLEMENT
name: AD User Group
Replace Entitlements:
description: Replace all entitlements with a new list of entitlements
value:
- op: replace
path: /entitlements
value:
- id: 2c9180857725c14301772a93bb77242d
type: ENTITLEMENT
name: AD User Group
Remove Entitlement:
description: Remove the first entitlement in the list
value:
- op: remove
path: /entitlements/0
Replace Source:
description: Change the source and the entitlements of the access profile
value:
- op: replace
path: /source
value:
id: 2c9180887671ff8c01767b4671fb7d5e
type: SOURCE
name: Employees
- op: replace
path: /entitlements
value:
- id: 2c9180877677453d01767b4b08f63386
type: ENTITLEMENT
name: DevRel
required: true
responses:
'200':
description: Responds with the Access Profile as updated.
content:
application/json:
schema:
type: object
description: Access Profile
properties:
id:
type: string
description: The ID of the Access Profile
example: 2c91808a7190d06e01719938fcd20792
readOnly: true
name:
type: string
description: Name of the Access Profile
example: Employee-database-read-write
description:
type: string
nullable: true
description: Information about the Access Profile
example: Collection of entitlements to read/write the employee database
created:
type: string
description: Date the Access Profile was created
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date the Access Profile was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
enabled:
type: boolean
default: true
description: Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement.
example: true
owner:
description: Owner of the Access Profile
type: object
nullable: false
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
source:
type: object
properties:
id:
type: string
description: The ID of the Source with with which the Access Profile is associated
example: 2c91809773dee3610173fdb0b6061ef4
type:
type: string
enum:
- SOURCE
description: 'The type of the Source, will always be SOURCE'
example: SOURCE
name:
type: string
description: The display name of the associated Source
example: ODS-AD-SOURCE
entitlements:
type: array
nullable: true
description: A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement.
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
requestable:
type: boolean
default: true
description: 'Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.'
example: true
accessRequestConfig:
nullable: true
description: Access request configuration for this object
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: true
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: true
nullable: true
default: false
approvalSchemes:
type: array
nullable: true
description: List describing the steps in approving the request
items:
type: object
properties:
approverType:
type: string
enum:
- APP_OWNER
- OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**APP_OWNER**: The owner of the Application
**OWNER**: Owner of the associated Access Profile or Role
**SOURCE_OWNER**: Owner of the Source associated with an Access Profile
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
revocationRequestConfig:
nullable: true
description: Revocation request configuration for this object.
type: object
properties:
approvalSchemes:
type: array
nullable: true
description: List describing the steps in approving the revocation request
items:
type: object
properties:
approverType:
type: string
enum:
- APP_OWNER
- OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**APP_OWNER**: The owner of the Application
**OWNER**: Owner of the associated Access Profile or Role
**SOURCE_OWNER**: Owner of the Source associated with an Access Profile
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
segments:
type: array
nullable: true
items:
type: string
description: 'List of IDs of segments, if any, to which this Access Profile is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
provisioningCriteria:
description: 'When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.'
nullable: true
example:
operation: OR
children:
- operation: AND
children:
- attribute: dn
operation: CONTAINS
value: useast
- attribute: manager
operation: CONTAINS
value: Scott.Clark
- operation: AND
children:
- attribute: dn
operation: EQUALS
value: Gibson
- attribute: telephoneNumber
operation: CONTAINS
value: '512'
type: object
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on ProvisioningCriteria
example: EQUALS
attribute:
type: string
description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines matching criteria for an Account to be provisioned with a specific Access Profile
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on ProvisioningCriteria
example: EQUALS
attribute:
type: string
description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines matching criteria for an Account to be provisioned with a specific Access Profile
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on ProvisioningCriteria
example: EQUALS
attribute:
type: string
description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.'
example: email
nullable: true
value:
type: string
description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: string
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
nullable: true
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
required:
- owner
- name
- source
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:access-profile:manage'
delete:
operationId: deleteAccessProfile
tags:
- Access Profiles
summary: Delete the specified Access Profile
description: |-
This API deletes an existing Access Profile.
The Access Profile must not be in use, for example, Access Profile can not be deleted if they belong to an Application, Life Cycle State or a Role. If it is, a 400 error is returned.
A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to invoke this API. In addition, a SOURCE_SUBADMIN token must be able to administer the Source associated with the Access Profile.
parameters:
- name: id
in: path
description: ID of the Access Profile to delete
required: true
schema:
type: string
example: 2c91808a7813090a017814121919ecca
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Returned when an access profile cannot be deleted as it's being used.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
400.2.1.0 Object in use by another:
description: Returned when an access profile cannot be deleted as it's being used
value:
detailCode: 400.2.1.0 Object in use by another
trackingId: c9c1033c55b84ebc9e93e926dcf8b8b3
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The "testAccessProfile" access profile can't be deleted because it's in use.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:access-profile:manage'
/access-profiles/bulk-delete:
post:
operationId: deleteAccessProfilesInBulk
summary: Delete Access Profile(s)
tags:
- Access Profiles
description: |-
This endpoint initiates a bulk deletion of one or more access profiles.
When the request is successful, the endpoint returns the bulk delete's task result ID. To follow the task, you can use [Get Task Status by ID](https://developer.sailpoint.com/docs/api/beta/get-task-status), which will return the task result's status and information.
This endpoint can only bulk delete up to a limit of 50 access profiles per request.
By default, if any of the indicated access profiles are in use, no deletions will be performed and the **inUse** field of the response indicates the usages that must be removed first. If the request field **bestEffortOnly** is **true**, however, usages are reported in the **inUse** response field but all other indicated access profiles will be deleted.
A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this endpoint. In addition, a SOURCE_SUBADMIN can only use this endpoint to delete access profiles associated with sources they're able to administer.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
accessProfileIds:
description: List of IDs of Access Profiles to be deleted.
type: array
items:
type: string
example:
- 2c9180847812e0b1017817051919ecca
- 2c9180887812e0b201781e129f151816
bestEffortOnly:
description: 'If **true**, silently skip over any of the specified Access Profiles if they cannot be deleted because they are in use. If **false**, no deletions will be attempted if any of the Access Profiles are in use.'
type: boolean
example: true
example:
bestEffortOnly: true
accessProfileIds:
- 2c91808876438bb2017668b91919ecca
- 2c91808876438ba801766e129f151816
responses:
'200':
description: 'Returned only if **bestEffortOnly** is **false**, and one or more Access Profiles are in use.'
content:
application/json:
schema:
type: object
properties:
taskId:
type: string
description: ID of the task which is executing the bulk deletion. This can be passed to the **/task-status** API to track status.
example: 2c9180867817ac4d017817c491119a20
pending:
type: array
description: List of IDs of Access Profiles which are pending deletion.
items:
type: string
example:
- 2c91808876438bbb017668c21919ecca
- 2c91808876438bb201766e129f151816
inUse:
type: array
description: List of usages of Access Profiles targeted for deletion.
items:
type: object
properties:
accessProfileId:
type: string
description: ID of the Access Profile that is in use
example: 2c91808876438bbb017668c21919ecca
usedBy:
type: array
description: List of references to objects which are using the indicated Access Profile
items:
type: object
description: Role using the access profile.
properties:
type:
type: string
description: DTO type of role using the access profile.
enum:
- ROLE
example: ROLE
id:
type: string
description: ID of role using the access profile.
example: 2c8180857a9b3da0017aa03418480f9d
name:
type: string
description: Display name of role using the access profile.
example: Manager Role
example:
pending: []
inUse:
- accessProfileId: 2c91808876438ba801766e129f151816
usages:
- type: Role
id: 2c9180887643764201766e9f6e121518
'202':
description: Returned if at least one deletion will be performed.
content:
application/json:
schema:
type: object
properties:
taskId:
type: string
description: ID of the task which is executing the bulk deletion. This can be passed to the **/task-status** API to track status.
example: 2c9180867817ac4d017817c491119a20
pending:
type: array
description: List of IDs of Access Profiles which are pending deletion.
items:
type: string
example:
- 2c91808876438bbb017668c21919ecca
- 2c91808876438bb201766e129f151816
inUse:
type: array
description: List of usages of Access Profiles targeted for deletion.
items:
type: object
properties:
accessProfileId:
type: string
description: ID of the Access Profile that is in use
example: 2c91808876438bbb017668c21919ecca
usedBy:
type: array
description: List of references to objects which are using the indicated Access Profile
items:
type: object
description: Role using the access profile.
properties:
type:
type: string
description: DTO type of role using the access profile.
enum:
- ROLE
example: ROLE
id:
type: string
description: ID of role using the access profile.
example: 2c8180857a9b3da0017aa03418480f9d
name:
type: string
description: Display name of role using the access profile.
example: Manager Role
example:
taskId: 2c91808a7813090a01781412a1119a20
pending:
- 2c91808a7813090a017813fe1919ecca
inUse:
- accessProfileId: 2c91808876438ba801766e129f151816
usages:
- type: Role
id: 2c9180887643764201766e9f6e121518
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:access-profile:manage'
'/access-profiles/{id}/entitlements':
get:
operationId: getAccessProfileEntitlements
tags:
- Access Profiles
summary: List Access Profile's Entitlements
description: |-
This API lists the Entitlements associated with a given Access Profile
A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to invoke this API. In addition, a token with SOURCE_SUBADMIN authority must have access to the Source associated with the given Access Profile
parameters:
- name: id
in: path
description: ID of the containing Access Profile
required: true
schema:
type: string
example: 2c91808a7813090a017814121919ecca
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, sw*
**attribute**: *eq, sw*
**value**: *eq, sw*
**created**: *gt, lt, ge, le*
**modified**: *gt, lt, ge, le*
**owner.id**: *eq, in*
**source.id**: *eq, in*
example: attribute eq "memberOf"
required: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, attribute, value, created, modified**
example: 'name,-modified'
required: false
responses:
'200':
description: List of Entitlements
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The entitlement id
example: 2c91808874ff91550175097daaec161c
name:
type: string
description: The entitlement name
example: LauncherTest2
attribute:
type: string
description: The entitlement attribute name
example: memberOf
value:
type: string
description: The value of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
sourceSchemaObjectType:
type: string
description: The object type of the entitlement from the source schema
example: group
description:
type: string
description: The description of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
privileged:
type: boolean
description: True if the entitlement is privileged
example: true
cloudGoverned:
type: boolean
description: True if the entitlement is cloud governed
example: true
created:
type: string
description: Time when the entitlement was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
modified:
type: string
description: Time when the entitlement was last modified
format: date-time
example: '2020-10-08T18:33:52.029Z'
source:
type: object
properties:
id:
type: string
description: The source ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
description: 'The source type, will always be "SOURCE"'
example: SOURCE
name:
type: string
description: The source name
example: ODS-AD-Source
attributes:
type: object
description: A map of free-form key-value pairs from the source system
example:
fieldName: fieldValue
additionalProperties: true
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Entitlement is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
directPermissions:
type: array
items:
type: object
description: 'Simplified DTO for the Permission objects stored in SailPoint''s database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.'
properties:
rights:
type: array
description: All the rights (e.g. actions) that this permission allows on the target
readOnly: true
items:
type: string
example: SELECT
target:
type: string
description: The target the permission would grants rights on.
readOnly: true
example: SYS.GV_$TRANSACTION
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:access-profile:read'
/access-requests:
post:
operationId: createAccessRequest
security:
- UserContextAuth:
- 'idn:access-request:create'
summary: Submit an Access Request
tags:
- Access Requests
description: |
This submits the access request into IdentityNow, where it will follow any IdentityNow approval processes.
Access requests are processed asynchronously by IdentityNow. A success response from this endpoint means the request
has been submitted to IDN and is queued for processing. Because this endpoint is asynchronous, it will not return an error
if you submit duplicate access requests in quick succession, or you submit an access request for access that is already in progress, approved, or rejected.
It is best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can
be accomplished by using the [access request status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [pending access request approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) endpoints. You can also
use the [search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items that an identity has before submitting
an access request to ensure you are not requesting access that is already granted.
There are two types of access request:
__GRANT_ACCESS__
* Can be requested for multiple identities in a single request.
* Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options.
* Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others.
* Roles, access profiles and entitlements can be requested.
* While requesting entitlements, maximum of 25 entitlements and 10 recipients are allowed in a request.
__REVOKE_ACCESS__
* Can only be requested for a single identity at a time.
* You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.
* Does not support self request. Only manager can request to revoke access for their directly managed employees.
* If a `removeDate` is specified, then the access will be removed on that date and time only for roles and access profiles. Entitlements are currently unsupported for `removeDate`.
* Roles, access profiles, and entitlements can be requested for revocation.
* Revoke requests for entitlements are limited to 1 entitlement per access request currently.
* [Roles, Access Profiles] You can specify a `removeDate` if the access doesn't already have a sunset date. The `removeDate` must be a future date, in the UTC timezone.
* Allows a manager to request to revoke access for direct employees. A token with ORG_ADMIN authority can also request to revoke access from anyone.
>**Note:** There is no indication to the approver in the IdentityNow UI that the approval request is for a revoke action. Take this into consideration when calling this API.
A token with API authority cannot be used to call this endpoint.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
requestedFor:
description: 'A list of Identity IDs for whom the Access is requested. If it''s a Revoke request, there can only be one Identity ID.'
type: array
items:
type: string
example: 2c918084660f45d6016617daa9210584
requestType:
type: string
enum:
- GRANT_ACCESS
- REVOKE_ACCESS
- null
description: Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field.
example: GRANT_ACCESS
nullable: true
requestedItems:
type: array
items:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: The type of the item being requested.
example: ACCESS_PROFILE
id:
type: string
description: 'ID of Role, Access Profile or Entitlement being requested.'
example: 2c9180835d2e5168015d32f890ca1581
comment:
type: string
description: |
Comment provided by requester.
* Comment is required when the request is of type Revoke Access.
example: Requesting access profile for John Doe
clientMetadata:
type: object
additionalProperties:
type: string
example:
requestedAppId: 2c91808f7892918f0178b78da4a305a1
requestedAppName: test-app
example:
requestedAppName: test-app
requestedAppId: 2c91808f7892918f0178b78da4a305a1
description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities and /access-request-status.
removeDate:
type: string
description: |
The date the role or access profile is no longer assigned to the specified identity. Also known as the expiration date.
* Specify a date in the future.
* The current SLA for the deprovisioning is 24 hours.
* This date can be modified to either extend or decrease the duration of access item assignments for the specified identity. You can change the expiration date for requests for yourself or direct reports, but you cannot remove an expiration date on an already approved item. If the access request has not been approved, you can cancel it and submit a new one without the expiration. If it has already been approved, then you have to revoke the access and then re-request without the expiration.
* Currently it is not supported for entitlements.
format: date-time
example: '2020-07-11T21:23:15.000Z'
required:
- id
- type
minItems: 1
maxItems: 25
clientMetadata:
type: object
additionalProperties:
type: string
example:
requestedAppId: 2c91808f7892918f0178b78da4a305a1
requestedAppName: test-app
example:
requestedAppId: 2c91808f7892918f0178b78da4a305a1
requestedAppName: test-app
description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities.
required:
- requestedFor
- requestedItems
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/access-requests/cancel:
post:
operationId: cancelAccessRequest
security:
- UserContextAuth:
- 'idn:access-request:cancel'
tags:
- Access Requests
summary: Cancel Access Request
description: |-
This API endpoint cancels a pending access request. An access request can be cancelled only if it has not passed the approval step.
Any token with ORG_ADMIN authority or token of the user who originally requested the access request is required to cancel it.
requestBody:
required: true
content:
application/json:
schema:
type: object
description: Request body payload for cancel access request endpoint.
required:
- accountActivityId
- comment
properties:
accountActivityId:
type: string
description: 'This refers to the identityRequestId. To successfully cancel an access request, you must provide the identityRequestId.'
example: 2c9180835d2e5168015d32f890ca1581
comment:
type: string
description: Reason for cancelling the pending access request.
example: I requested this role by mistake.
example:
accountActivityId: 2c91808568c529c60168cca6f90c1313
comment: I requested this role by mistake.
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/access-request-config:
get:
operationId: getAccessRequestConfig
security:
- UserContextAuth:
- 'idn:access-request-config:read'
summary: Get Access Request Configuration
tags:
- Access Requests
description: This endpoint returns the current access-request configuration.
responses:
'200':
description: Access Request Configuration Details.
content:
application/json:
schema:
type: object
properties:
approvalsMustBeExternal:
type: boolean
description: 'If true, then approvals must be processed by external system.'
example: true
autoApprovalEnabled:
type: boolean
description: 'If true and requester and reviewer are the same, then automatically approve the approval.'
example: true
requestOnBehalfOfConfig:
description: Request On Behalf Of Configuration.
type: object
properties:
allowRequestOnBehalfOfAnyoneByAnyone:
type: boolean
description: If anyone can request access for anyone.
example: true
allowRequestOnBehalfOfEmployeeByManager:
type: boolean
description: If a manager can request access for his/her direct reports.
example: true
approvalReminderAndEscalationConfig:
description: Approval Reminder and Escalation Configuration.
type: object
properties:
daysUntilEscalation:
type: integer
description: 'Number of days to wait before the first reminder. If no reminders are configured, then this is the number of days to wait before escalation.'
format: int32
example: 0
nullable: true
daysBetweenReminders:
type: integer
description: Number of days to wait between reminder notifications.
format: int32
example: 0
nullable: true
maxReminders:
type: integer
description: Maximum number of reminder notification to send to the reviewer before approval escalation.
format: int32
minimum: 1
example: 1
nullable: true
fallbackApproverRef:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only
example: IDENTITY
id:
type: string
description: Identity id.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Human-readable display name of identity. This is read-only
example: Alison Ferguso
email:
type: string
description: Email address of identity. This is read-only
example: alison.ferguso@identitysoon.com
entitlementRequestConfig:
description: Entitlement Request Configuration.
type: object
properties:
allowEntitlementRequest:
type: boolean
description: Flag for allowing entitlement request.
example: true
requestCommentsRequired:
type: boolean
description: Flag for requiring comments while submitting an entitlement request.
default: false
example: false
deniedCommentsRequired:
type: boolean
description: Flag for requiring comments while rejecting an entitlement request.
default: false
example: false
grantRequestApprovalSchemes:
type: string
description: |
Approval schemes for granting entitlement request. This can be empty if no approval is needed.
Multiple schemes must be comma-separated. The valid schemes are "entitlementOwner", "sourceOwner", "manager" and "workgroup:{id}".
Multiple workgroups (governance groups) can be used.
default: sourceOwner
nullable: true
example: 'entitlementOwner, sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: setAccessRequestConfig
security:
- UserContextAuth:
- 'idn:access-request-config:update'
summary: Update Access Request Configuration
tags:
- Access Requests
description: |-
This endpoint replaces the current access-request configuration.
A token with ORG_ADMIN authority is required to call this API.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
approvalsMustBeExternal:
type: boolean
description: 'If true, then approvals must be processed by external system.'
example: true
autoApprovalEnabled:
type: boolean
description: 'If true and requester and reviewer are the same, then automatically approve the approval.'
example: true
requestOnBehalfOfConfig:
description: Request On Behalf Of Configuration.
type: object
properties:
allowRequestOnBehalfOfAnyoneByAnyone:
type: boolean
description: If anyone can request access for anyone.
example: true
allowRequestOnBehalfOfEmployeeByManager:
type: boolean
description: If a manager can request access for his/her direct reports.
example: true
approvalReminderAndEscalationConfig:
description: Approval Reminder and Escalation Configuration.
type: object
properties:
daysUntilEscalation:
type: integer
description: 'Number of days to wait before the first reminder. If no reminders are configured, then this is the number of days to wait before escalation.'
format: int32
example: 0
nullable: true
daysBetweenReminders:
type: integer
description: Number of days to wait between reminder notifications.
format: int32
example: 0
nullable: true
maxReminders:
type: integer
description: Maximum number of reminder notification to send to the reviewer before approval escalation.
format: int32
minimum: 1
example: 1
nullable: true
fallbackApproverRef:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only
example: IDENTITY
id:
type: string
description: Identity id.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Human-readable display name of identity. This is read-only
example: Alison Ferguso
email:
type: string
description: Email address of identity. This is read-only
example: alison.ferguso@identitysoon.com
entitlementRequestConfig:
description: Entitlement Request Configuration.
type: object
properties:
allowEntitlementRequest:
type: boolean
description: Flag for allowing entitlement request.
example: true
requestCommentsRequired:
type: boolean
description: Flag for requiring comments while submitting an entitlement request.
default: false
example: false
deniedCommentsRequired:
type: boolean
description: Flag for requiring comments while rejecting an entitlement request.
default: false
example: false
grantRequestApprovalSchemes:
type: string
description: |
Approval schemes for granting entitlement request. This can be empty if no approval is needed.
Multiple schemes must be comma-separated. The valid schemes are "entitlementOwner", "sourceOwner", "manager" and "workgroup:{id}".
Multiple workgroups (governance groups) can be used.
default: sourceOwner
nullable: true
example: 'entitlementOwner, sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584'
responses:
'200':
description: Access Request Configuration Details.
content:
application/json:
schema:
type: object
properties:
approvalsMustBeExternal:
type: boolean
description: 'If true, then approvals must be processed by external system.'
example: true
autoApprovalEnabled:
type: boolean
description: 'If true and requester and reviewer are the same, then automatically approve the approval.'
example: true
requestOnBehalfOfConfig:
description: Request On Behalf Of Configuration.
type: object
properties:
allowRequestOnBehalfOfAnyoneByAnyone:
type: boolean
description: If anyone can request access for anyone.
example: true
allowRequestOnBehalfOfEmployeeByManager:
type: boolean
description: If a manager can request access for his/her direct reports.
example: true
approvalReminderAndEscalationConfig:
description: Approval Reminder and Escalation Configuration.
type: object
properties:
daysUntilEscalation:
type: integer
description: 'Number of days to wait before the first reminder. If no reminders are configured, then this is the number of days to wait before escalation.'
format: int32
example: 0
nullable: true
daysBetweenReminders:
type: integer
description: Number of days to wait between reminder notifications.
format: int32
example: 0
nullable: true
maxReminders:
type: integer
description: Maximum number of reminder notification to send to the reviewer before approval escalation.
format: int32
minimum: 1
example: 1
nullable: true
fallbackApproverRef:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only
example: IDENTITY
id:
type: string
description: Identity id.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Human-readable display name of identity. This is read-only
example: Alison Ferguso
email:
type: string
description: Email address of identity. This is read-only
example: alison.ferguso@identitysoon.com
entitlementRequestConfig:
description: Entitlement Request Configuration.
type: object
properties:
allowEntitlementRequest:
type: boolean
description: Flag for allowing entitlement request.
example: true
requestCommentsRequired:
type: boolean
description: Flag for requiring comments while submitting an entitlement request.
default: false
example: false
deniedCommentsRequired:
type: boolean
description: Flag for requiring comments while rejecting an entitlement request.
default: false
example: false
grantRequestApprovalSchemes:
type: string
description: |
Approval schemes for granting entitlement request. This can be empty if no approval is needed.
Multiple schemes must be comma-separated. The valid schemes are "entitlementOwner", "sourceOwner", "manager" and "workgroup:{id}".
Multiple workgroups (governance groups) can be used.
default: sourceOwner
nullable: true
example: 'entitlementOwner, sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/access-request-status:
get:
operationId: listAccessRequestStatus
security:
- UserContextAuth:
- 'idn:access-request-status:read'
tags:
- Access Requests
summary: Access Request Status
description: |-
The Access Request Status API returns a list of access request statuses based on the specified query parameters.
Any token with any authority can request their own status. A token with ORG_ADMIN authority is required to call this API to get a list of statuses for other users.
parameters:
- in: query
name: requested-for
schema:
type: string
example: 2c9180877b2b6ea4017b2c545f971429
description: Filter the results by the identity for which the requests were made. *me* indicates the current user. Mutually exclusive with *regarding-identity*.
required: false
- in: query
name: requested-by
schema:
type: string
example: 2c9180877b2b6ea4017b2c545f971429
description: Filter the results by the identity that made the requests. *me* indicates the current user. Mutually exclusive with *regarding-identity*.
required: false
- in: query
name: regarding-identity
schema:
type: string
example: 2c9180877b2b6ea4017b2c545f971429
description: Filter the results by the specified identity which is either the requester or target of the requests. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*.
required: false
- in: query
name: assigned-to
schema:
type: string
example: 2c9180877b2b6ea4017b2c545f971429
description: Filter the results by the specified identity which is the owner of the Identity Request Work Item. *me* indicates the current user.
required: false
- in: query
name: count
description: If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
required: false
schema:
type: boolean
default: false
example: false
- in: query
name: limit
description: Max number of results to return.
required: false
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
example: 100
- in: query
name: offset
description: Offset into the full result set. Usually specified with *limit* to paginate through the results. Defaults to 0 if not specified.
required: false
schema:
type: integer
format: int32
minimum: 0
example: 10
- in: query
name: filters
schema:
type: string
example: accountActivityItemId eq "2c918086771c86df0177401efcdf54c0"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**accountActivityItemId**: *eq, in, ge, gt, le, lt, ne, isnull, sw*
required: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **created, modified, accountActivityItemId, name**
example: created
required: false
responses:
'200':
description: List of requested item status.
content:
application/json:
schema:
type: array
items:
type: object
properties:
name:
type: string
description: Human-readable display name of the item being requested.
example: AccessProfile1
nullable: true
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
- null
description: Type of requested object.
example: ACCESS_PROFILE
nullable: true
cancelledRequestDetails:
allOf:
- type: object
properties:
comment:
type: string
description: Comment made by the owner when cancelling the associated request.
example: This request must be cancelled.
owner:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
modified:
type: string
format: date-time
description: Date comment was added by the owner when cancelling the associated request.
example: '2019-12-20T09:17:12.192Z'
description: Provides additional details for a request that has been cancelled.
- nullable: true
errorMessages:
type: array
nullable: true
items:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
description: 'List of list of localized error messages, if any, encountered during the approval/provisioning process.'
state:
type: string
enum:
- EXECUTING
- REQUEST_COMPLETED
- CANCELLED
- TERMINATED
- PROVISIONING_VERIFICATION_PENDING
- REJECTED
- PROVISIONING_FAILED
- NOT_ALL_ITEMS_PROVISIONED
- ERROR
description: |-
Indicates the state of an access request:
* EXECUTING: The request is executing, which indicates the system is doing some processing.
* REQUEST_COMPLETED: Indicates the request has been completed.
* CANCELLED: The request was cancelled with no user input.
* TERMINATED: The request has been terminated before it was able to complete.
* PROVISIONING_VERIFICATION_PENDING: The request has finished any approval steps and provisioning is waiting to be verified.
* REJECTED: The request was rejected.
* PROVISIONING_FAILED: The request has failed to complete.
* NOT_ALL_ITEMS_PROVISIONED: One or more of the requested items failed to complete, but there were one or more successes.
* ERROR: An error occurred during request processing.
example: EXECUTING
approvalDetails:
type: array
items:
type: object
properties:
forwarded:
type: boolean
default: false
description: True if the request for this item was forwarded from one owner to another.
example: false
originalOwner:
type: object
description: Identity of orginal approval owner.
properties:
type:
type: string
description: DTO type of original approval owner's identity.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of original approval owner's identity.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Display name of original approval owner.
example: Michael Michaels
currentOwner:
allOf:
- type: object
description: Identity who reviewed the access item request.
properties:
type:
type: string
description: DTO type of identity who reviewed the access item request.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity who reviewed the access item request.
example: 2c3780a46faadee4016fb4e018c20652
name:
type: string
description: Human-readable display name of identity who reviewed the access item request.
example: Allen Albertson
- nullable: true
modified:
type: string
format: date-time
description: Time at which item was modified.
example: '2019-08-23T18:52:57.398Z'
nullable: true
status:
type: string
enum:
- PENDING
- APPROVED
- REJECTED
- EXPIRED
- CANCELLED
- ARCHIVED
description: |-
Indicates the state of the request processing for this item:
* PENDING: The request for this item is awaiting processing.
* APPROVED: The request for this item has been approved.
* REJECTED: The request for this item was rejected.
* EXPIRED: The request for this item expired with no action taken.
* CANCELLED: The request for this item was cancelled with no user action.
* ARCHIVED: The request for this item has been archived after completion.
example: PENDING
scheme:
type: string
enum:
- APP_OWNER
- SOURCE_OWNER
- MANAGER
- ROLE_OWNER
- ACCESS_PROFILE_OWNER
- ENTITLEMENT_OWNER
- GOVERNANCE_GROUP
description: Describes the individual or group that is responsible for an approval step.
example: MANAGER
errorMessages:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
description: 'If the request failed, includes any error messages that were generated.'
nullable: true
comment:
type: string
description: 'Comment, if any, provided by the approver.'
example: I approve this request
nullable: true
removeDate:
type: string
description: The date the role or access profile is no longer assigned to the specified identity.
format: date-time
example: '2020-07-11T00:00:00Z'
nullable: true
description: Approval details for each item.
manualWorkItemDetails:
type: array
nullable: true
items:
type: object
properties:
forwarded:
type: boolean
default: false
description: True if the request for this item was forwarded from one owner to another.
example: true
originalOwner:
type: object
nullable: true
description: 'Identity of original work item owner, if the work item has been forwarded.'
properties:
type:
type: string
description: DTO type of original work item owner's identity.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of original work item owner's identity.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Display name of original work item owner.
example: Michael Michaels
currentOwner:
type: object
description: Identity of current work item owner.
nullable: true
properties:
type:
type: string
description: DTO type of current work item owner's identity.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of current work item owner's identity.
example: 2c3780a46faadee4016fb4e018c20652
name:
type: string
description: Display name of current work item owner.
example: Allen Albertson
modified:
type: string
format: date-time
description: Time at which item was modified.
example: '2019-08-23T18:52:57.398Z'
status:
type: string
enum:
- PENDING
- APPROVED
- REJECTED
- EXPIRED
- CANCELLED
- ARCHIVED
description: |-
Indicates the state of the request processing for this item:
* PENDING: The request for this item is awaiting processing.
* APPROVED: The request for this item has been approved.
* REJECTED: The request for this item was rejected.
* EXPIRED: The request for this item expired with no action taken.
* CANCELLED: The request for this item was cancelled with no user action.
* ARCHIVED: The request for this item has been archived after completion.
example: PENDING
forwardHistory:
type: array
nullable: true
items:
type: object
properties:
oldApproverName:
type: string
description: Display name of approver from whom the approval was forwarded.
example: Frank Mir
newApproverName:
type: string
description: Display name of approver to whom the approval was forwarded.
example: Al Volta
comment:
type: string
nullable: true
description: Comment made while forwarding.
example: Forwarding from Frank to Al
modified:
type: string
format: date-time
description: Time at which approval was forwarded.
example: '2019-08-23T18:52:57.398Z'
forwarderName:
type: string
nullable: true
description: Display name of forwarder who forwarded the approval.
example: William Wilson
reassignmentType:
description: |-
The approval reassignment type.
* MANUAL_REASSIGNMENT: An approval with this reassignment type has been specifically reassigned by the approval task's owner, from their queue to someone else's.
* AUTOMATIC_REASSIGNMENT: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to that approver's reassignment configuration. The approver's reassignment configuration may be set up to automatically reassign approval tasks for a defined (or possibly open-ended) period of time.
* AUTO_ESCALATION: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to the request's escalation configuration. For more information about escalation configuration, refer to [Setting Global Reminders and Escalation Policies](https://documentation.sailpoint.com/saas/help/requests/config_emails.html).
* SELF_REVIEW_DELEGATION: An approval with this reassignment type has been automatically reassigned by the system to prevent self-review. This helps prevent situations like a requester being tasked with approving their own request. For more information about preventing self-review, refer to [Self-review Prevention](https://documentation.sailpoint.com/saas/help/users/work_reassignment.html#self-review-prevention) and [Preventing Self-approval](https://documentation.sailpoint.com/saas/help/requests/config_ap_roles.html#preventing-self-approval).
example: AUTOMATIC_REASSIGNMENT
type: string
enum:
- MANUAL_REASSIGNMENT
- AUTOMATIC_REASSIGNMENT
- AUTO_ESCALATION
- SELF_REVIEW_DELEGATION
description: The history of approval forward action.
description: Manual work items created for provisioning the item.
accountActivityItemId:
type: string
description: Id of associated account activity item.
example: 2c9180926cbfbddd016cbfc7c3b10010
requestType:
type: string
enum:
- GRANT_ACCESS
- REVOKE_ACCESS
- null
description: Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field.
example: GRANT_ACCESS
nullable: true
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
nullable: true
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
requester:
type: object
description: Access item requester's identity.
properties:
type:
type: string
description: Access item requester's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Access item requester's identity ID.
example: 2c7180a46faadee4016fb4e018c20648
name:
type: string
description: Access item owner's human-readable display name.
example: William Wilson
requestedFor:
type: array
description: Identities access was requested for.
items:
type: object
description: Identity the access item is requested for.
properties:
type:
type: string
description: DTO type of identity the access item is requested for.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity the access item is requested for.
example: 2c4180a46faadee4016fb4e018c20626
name:
type: string
description: Human-readable display name of identity the access item is requested for.
example: Robert Robinson
minItems: 1
maxItems: 10
requesterComment:
allOf:
- type: object
properties:
comment:
type: string
nullable: true
description: Comment content.
example: This is a comment.
created:
type: string
format: date-time
description: Date and time comment was created.
example: '2017-07-11T18:45:37.098Z'
author:
type: object
readOnly: true
description: Author of the comment
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object
id:
type: string
description: The unique ID of the object
example: 2c9180847e25f377017e2ae8cae4650b
name:
type: string
description: The display name of the object
example: john.doe
- nullable: true
description: The requester's comment.
sodViolationContext:
allOf:
- description: An object referencing a completed SOD violation check
type: object
properties:
state:
type: string
enum:
- SUCCESS
- ERROR
- null
description: The status of SOD violation check
example: SUCCESS
nullable: true
uuid:
description: The id of the Violation check event
type: string
example: f73d16e9-a038-46c5-b217-1246e15fdbdd
nullable: true
violationCheckResult:
description: The inner object representing the completed SOD Violation check
type: object
properties:
message:
description: 'If the request failed, this includes any error message that was generated.'
example:
- locale: en-US
localeOrigin: DEFAULT
text: An error has occurred during the SOD violation check
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
clientMetadata:
type: object
nullable: true
additionalProperties:
type: string
description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check.
example:
requestedAppName: test-app
requestedAppId: 2c91808f7892918f0178b78da4a305a1
violationContexts:
type: array
nullable: true
items:
description: The contextual information of the violated criteria
type: object
properties:
policy:
type: object
description: SOD policy.
properties:
type:
type: string
description: SOD policy DTO type.
enum:
- SOD_POLICY
example: SOD_POLICY
id:
type: string
description: SOD policy ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: SOD policy display name.
example: Business SOD Policy
conflictingAccessCriteria:
type: object
description: The object which contains the left and right hand side of the entitlements that got violated according to the policy.
properties:
leftCriteria:
type: object
properties:
criteriaList:
type: array
items:
description: Details of the Entitlement criteria
type: object
properties:
existing:
type: boolean
default: false
example: true
description: If the entitlement already belonged to the user or not.
type:
example: ENTITLEMENT
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Entitlement ID
example: 2c918085771e9d3301773b3cb66f6398
name:
type: string
description: Entitlement name
example: My HR Entitlement
rightCriteria:
type: object
properties:
criteriaList:
type: array
items:
description: Details of the Entitlement criteria
type: object
properties:
existing:
type: boolean
default: false
example: true
description: If the entitlement already belonged to the user or not.
type:
example: ENTITLEMENT
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Entitlement ID
example: 2c918085771e9d3301773b3cb66f6398
name:
type: string
description: Entitlement name
example: My HR Entitlement
violatedPolicies:
type: array
nullable: true
description: A list of the SOD policies that were violated.
items:
type: object
description: SOD policy.
properties:
type:
type: string
description: SOD policy DTO type.
enum:
- SOD_POLICY
example: SOD_POLICY
id:
type: string
description: SOD policy ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: SOD policy display name.
example: Business SOD Policy
- nullable: true
description: The details of the SOD violations for the associated approval.
provisioningDetails:
allOf:
- type: object
properties:
orderedSubPhaseReferences:
type: string
description: 'Ordered CSV of sub phase references to objects that contain more information about provisioning. For example, this can contain "manualWorkItemDetails" which indicate that there is further information in that object for this phase.'
example: manualWorkItemDetails
description: Provides additional details about provisioning for this request.
- nullable: true
preApprovalTriggerDetails:
allOf:
- type: object
properties:
comment:
type: string
description: Comment left for the pre-approval decision
example: Access is Approved
reviewer:
type: string
description: The reviewer of the pre-approval decision
example: John Doe
decision:
type: string
enum:
- APPROVED
- REJECTED
description: The decision of the pre-approval trigger
example: APPROVED
description: Provides additional details about the pre-approval trigger for this request.
- nullable: true
accessRequestPhases:
type: array
items:
type: object
properties:
started:
type: string
description: The time that this phase started.
format: date-time
example: '2020-07-11T00:00:00Z'
finished:
type: string
description: The time that this phase finished.
format: date-time
example: '2020-07-12T00:00:00Z'
nullable: true
name:
type: string
description: The name of this phase.
example: APPROVAL_PHASE
state:
type: string
enum:
- PENDING
- EXECUTING
- COMPLETED
- CANCELLED
- NOT_EXECUTED
description: The state of this phase.
example: COMPLETED
result:
type: string
enum:
- SUCCESSFUL
- FAILED
- null
description: The state of this phase.
example: SUCCESSFUL
nullable: true
phaseReference:
type: string
description: 'A reference to another object on the RequestedItemStatus that contains more details about the phase. Note that for the Provisioning phase, this will be empty if there are no manual work items.'
example: approvalDetails
nullable: true
description: Provides additional details about this access request phase.
description: 'A list of Phases that the Access Request has gone through in order, to help determine the status of the request.'
nullable: true
description:
type: string
description: Description associated to the requested object.
example: This is the Engineering role that engineers are granted.
nullable: true
removeDate:
type: string
format: date-time
nullable: true
description: When the role access is scheduled for removal.
example: '2019-10-23T00:00:00.000Z'
cancelable:
type: boolean
default: false
description: True if the request can be canceled.
example: true
accessRequestId:
type: string
description: This is the account activity id.
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
clientMetadata:
nullable: true
type: object
additionalProperties:
type: string
description: 'Arbitrary key-value pairs, if any were included in the corresponding access request'
example:
key1: value1
key2: value2
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/access-request-approvals/pending:
get:
operationId: listPendingApprovals
summary: Pending Access Request Approvals List
tags:
- Access Request Approvals
description: This endpoint returns a list of pending approvals. See "owner-id" query parameter below for authorization info.
parameters:
- in: query
name: owner-id
schema:
type: string
description: |-
If present, the value returns only pending approvals for the specified identity.
* ORG_ADMIN users can call this with any identity ID value.
* ORG_ADMIN users can also fetch all the approvals in the org, when owner-id is not used.
* Non-ORG_ADMIN users can only specify *me* or pass their own identity ID value.
example: 2c91808568c529c60168cca6f90c1313
required: false
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
required: false
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**requestedFor.id**: *eq, in*
**modified**: *gt, lt, ge, le, eq, in*
example: id eq "2c91808568c529c60168cca6f90c1313"
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **created, modified**
example: modified
responses:
'200':
description: List of Pending Approvals.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The approval id.
example: id12345
name:
type: string
description: The name of the approval.
example: aName
created:
type: string
format: date-time
description: When the approval was created.
example: '2017-07-11T18:45:37.098Z'
modified:
type: string
format: date-time
description: When the approval was modified last time.
example: '2018-07-25T20:22:28.104Z'
requestCreated:
type: string
format: date-time
description: When the access-request was created.
example: '2017-07-11T18:45:35.098Z'
requestType:
description: If the access-request was for granting or revoking access.
type: string
enum:
- GRANT_ACCESS
- REVOKE_ACCESS
- null
example: GRANT_ACCESS
nullable: true
requester:
type: object
description: Access item requester's identity.
properties:
type:
type: string
description: Access item requester's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Access item requester's identity ID.
example: 2c7180a46faadee4016fb4e018c20648
name:
type: string
description: Access item owner's human-readable display name.
example: William Wilson
requestedFor:
type: array
description: Identities access was requested for.
items:
type: object
description: Identity the access item is requested for.
properties:
type:
type: string
description: DTO type of identity the access item is requested for.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity the access item is requested for.
example: 2c4180a46faadee4016fb4e018c20626
name:
type: string
description: Human-readable display name of identity the access item is requested for.
example: Robert Robinson
minItems: 1
maxItems: 10
owner:
type: object
description: Access item owner's identity.
properties:
type:
type: string
description: Access item owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Access item owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Access item owner's human-readable display name.
example: Support
requestedObject:
description: The requested access item.
type: object
properties:
id:
type: string
description: Id of the object.
example: 2c9180835d2e5168015d32f890ca1581
name:
type: string
description: Name of the object.
example: Applied Research Access
description:
type: string
description: Description of the object.
example: 'Access to research information, lab results, and schematics'
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: Type of the object.
example: ROLE
requesterComment:
description: The requester's comment.
type: object
properties:
comment:
type: string
nullable: true
description: Comment content.
example: This is a comment.
created:
type: string
format: date-time
description: Date and time comment was created.
example: '2017-07-11T18:45:37.098Z'
author:
type: object
readOnly: true
description: Author of the comment
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object
id:
type: string
description: The unique ID of the object
example: 2c9180847e25f377017e2ae8cae4650b
name:
type: string
description: The display name of the object
example: john.doe
previousReviewersComments:
type: array
items:
type: object
properties:
comment:
type: string
nullable: true
description: Comment content.
example: This is a comment.
created:
type: string
format: date-time
description: Date and time comment was created.
example: '2017-07-11T18:45:37.098Z'
author:
type: object
readOnly: true
description: Author of the comment
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object
id:
type: string
description: The unique ID of the object
example: 2c9180847e25f377017e2ae8cae4650b
name:
type: string
description: The display name of the object
example: john.doe
description: The history of the previous reviewers comments.
forwardHistory:
type: array
items:
type: object
properties:
oldApproverName:
type: string
description: Display name of approver from whom the approval was forwarded.
example: Frank Mir
newApproverName:
type: string
description: Display name of approver to whom the approval was forwarded.
example: Al Volta
comment:
type: string
nullable: true
description: Comment made while forwarding.
example: Forwarding from Frank to Al
modified:
type: string
format: date-time
description: Time at which approval was forwarded.
example: '2019-08-23T18:52:57.398Z'
forwarderName:
type: string
nullable: true
description: Display name of forwarder who forwarded the approval.
example: William Wilson
reassignmentType:
description: |-
The approval reassignment type.
* MANUAL_REASSIGNMENT: An approval with this reassignment type has been specifically reassigned by the approval task's owner, from their queue to someone else's.
* AUTOMATIC_REASSIGNMENT: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to that approver's reassignment configuration. The approver's reassignment configuration may be set up to automatically reassign approval tasks for a defined (or possibly open-ended) period of time.
* AUTO_ESCALATION: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to the request's escalation configuration. For more information about escalation configuration, refer to [Setting Global Reminders and Escalation Policies](https://documentation.sailpoint.com/saas/help/requests/config_emails.html).
* SELF_REVIEW_DELEGATION: An approval with this reassignment type has been automatically reassigned by the system to prevent self-review. This helps prevent situations like a requester being tasked with approving their own request. For more information about preventing self-review, refer to [Self-review Prevention](https://documentation.sailpoint.com/saas/help/users/work_reassignment.html#self-review-prevention) and [Preventing Self-approval](https://documentation.sailpoint.com/saas/help/requests/config_ap_roles.html#preventing-self-approval).
example: AUTOMATIC_REASSIGNMENT
type: string
enum:
- MANUAL_REASSIGNMENT
- AUTOMATIC_REASSIGNMENT
- AUTO_ESCALATION
- SELF_REVIEW_DELEGATION
description: The history of approval forward action.
commentRequiredWhenRejected:
type: boolean
default: false
description: When true the rejector has to provide comments when rejecting
example: true
actionInProcess:
description: 'Action that is performed on this approval, and system has not finished performing that action yet.'
type: string
enum:
- APPROVED
- REJECTED
- FORWARDED
example: APPROVED
removeDate:
type: string
description: The date the role or access profile is no longer assigned to the specified identity.
format: date-time
example: '2020-07-11T00:00:00Z'
removeDateUpdateRequested:
type: boolean
default: false
description: 'If true, then the request is to change the remove date or sunset date.'
example: true
currentRemoveDate:
type: string
description: The remove date or sunset date that was assigned at the time of the request.
format: date-time
example: '2020-07-11T00:00:00Z'
sodViolationContext:
description: The details of the SOD violations for the associated approval.
type: object
properties:
state:
type: string
enum:
- SUCCESS
- ERROR
- null
description: The status of SOD violation check
example: SUCCESS
nullable: true
uuid:
description: The id of the Violation check event
type: string
example: f73d16e9-a038-46c5-b217-1246e15fdbdd
nullable: true
violationCheckResult:
description: The inner object representing the completed SOD Violation check
type: object
properties:
message:
description: 'If the request failed, this includes any error message that was generated.'
example:
- locale: en-US
localeOrigin: DEFAULT
text: An error has occurred during the SOD violation check
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
clientMetadata:
type: object
nullable: true
additionalProperties:
type: string
description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check.
example:
requestedAppName: test-app
requestedAppId: 2c91808f7892918f0178b78da4a305a1
violationContexts:
type: array
nullable: true
items:
description: The contextual information of the violated criteria
type: object
properties:
policy:
type: object
description: SOD policy.
properties:
type:
type: string
description: SOD policy DTO type.
enum:
- SOD_POLICY
example: SOD_POLICY
id:
type: string
description: SOD policy ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: SOD policy display name.
example: Business SOD Policy
conflictingAccessCriteria:
type: object
description: The object which contains the left and right hand side of the entitlements that got violated according to the policy.
properties:
leftCriteria:
type: object
properties:
criteriaList:
type: array
items:
description: Details of the Entitlement criteria
type: object
properties:
existing:
type: boolean
default: false
example: true
description: If the entitlement already belonged to the user or not.
type:
example: ENTITLEMENT
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Entitlement ID
example: 2c918085771e9d3301773b3cb66f6398
name:
type: string
description: Entitlement name
example: My HR Entitlement
rightCriteria:
type: object
properties:
criteriaList:
type: array
items:
description: Details of the Entitlement criteria
type: object
properties:
existing:
type: boolean
default: false
example: true
description: If the entitlement already belonged to the user or not.
type:
example: ENTITLEMENT
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Entitlement ID
example: 2c918085771e9d3301773b3cb66f6398
name:
type: string
description: Entitlement name
example: My HR Entitlement
violatedPolicies:
type: array
nullable: true
description: A list of the SOD policies that were violated.
items:
type: object
description: SOD policy.
properties:
type:
type: string
description: SOD policy DTO type.
enum:
- SOD_POLICY
example: SOD_POLICY
id:
type: string
description: SOD policy ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: SOD policy display name.
example: Business SOD Policy
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/access-request-approvals/completed:
get:
operationId: listCompletedApprovals
summary: Completed Access Request Approvals List
tags:
- Access Request Approvals
description: This endpoint returns list of completed approvals. See *owner-id* query parameter below for authorization info.
parameters:
- in: query
name: owner-id
required: false
schema:
type: string
description: |-
If present, the value returns only completed approvals for the specified identity.
* ORG_ADMIN users can call this with any identity ID value.
* ORG_ADMIN users can also fetch all the approvals in the org, when
owner-id is not used.
* Non-ORG_ADMIN users can only specify *me* or pass their own
identity ID value.
example: 2c91808568c529c60168cca6f90c1313
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
required: false
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in, ge, gt, le, lt, ne, isnull, sw*
**requestedFor.id**: *eq, in, ge, gt, le, lt, ne, isnull, sw*
**modified**: *gt, lt, ge, le, eq, in, ne, sw*
example: id eq "2c91808568c529c60168cca6f90c1313"
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **created, modified**
example: modified
responses:
'200':
description: List of Completed Approvals.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The approval id.
example: id12345
name:
type: string
description: The name of the approval.
example: aName
created:
type: string
format: date-time
description: When the approval was created.
example: '2017-07-11T18:45:37.098Z'
modified:
type: string
format: date-time
description: When the approval was modified last time.
example: '2018-07-25T20:22:28.104Z'
requestCreated:
type: string
format: date-time
description: When the access-request was created.
example: '2017-07-11T18:45:35.098Z'
requestType:
description: If the access-request was for granting or revoking access.
type: string
enum:
- GRANT_ACCESS
- REVOKE_ACCESS
- null
example: GRANT_ACCESS
nullable: true
requester:
type: object
description: Access item requester's identity.
properties:
type:
type: string
description: Access item requester's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Access item requester's identity ID.
example: 2c7180a46faadee4016fb4e018c20648
name:
type: string
description: Access item owner's human-readable display name.
example: William Wilson
requestedFor:
type: array
description: Identities access was requested for.
items:
type: object
description: Identity the access item is requested for.
properties:
type:
type: string
description: DTO type of identity the access item is requested for.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity the access item is requested for.
example: 2c4180a46faadee4016fb4e018c20626
name:
type: string
description: Human-readable display name of identity the access item is requested for.
example: Robert Robinson
minItems: 1
maxItems: 10
reviewedBy:
type: object
description: Identity who reviewed the access item request.
properties:
type:
type: string
description: DTO type of identity who reviewed the access item request.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity who reviewed the access item request.
example: 2c3780a46faadee4016fb4e018c20652
name:
type: string
description: Human-readable display name of identity who reviewed the access item request.
example: Allen Albertson
owner:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
requestedObject:
description: The requested access item.
type: object
properties:
id:
type: string
description: Id of the object.
example: 2c9180835d2e5168015d32f890ca1581
name:
type: string
description: Name of the object.
example: Applied Research Access
description:
type: string
description: Description of the object.
example: 'Access to research information, lab results, and schematics'
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: Type of the object.
example: ROLE
requesterComment:
allOf:
- type: object
properties:
comment:
type: string
nullable: true
description: Comment content.
example: This is a comment.
created:
type: string
format: date-time
description: Date and time comment was created.
example: '2017-07-11T18:45:37.098Z'
author:
type: object
readOnly: true
description: Author of the comment
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object
id:
type: string
description: The unique ID of the object
example: 2c9180847e25f377017e2ae8cae4650b
name:
type: string
description: The display name of the object
example: john.doe
- description: The requester's comment.
reviewerComment:
allOf:
- type: object
properties:
comment:
type: string
nullable: true
description: Comment content.
example: This is a comment.
created:
type: string
format: date-time
description: Date and time comment was created.
example: '2017-07-11T18:45:37.098Z'
author:
type: object
readOnly: true
description: Author of the comment
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object
id:
type: string
description: The unique ID of the object
example: 2c9180847e25f377017e2ae8cae4650b
name:
type: string
description: The display name of the object
example: john.doe
- description: The approval's reviewer's comment.
nullable: true
previousReviewersComments:
type: array
items:
type: object
properties:
comment:
type: string
nullable: true
description: Comment content.
example: This is a comment.
created:
type: string
format: date-time
description: Date and time comment was created.
example: '2017-07-11T18:45:37.098Z'
author:
type: object
readOnly: true
description: Author of the comment
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object
id:
type: string
description: The unique ID of the object
example: 2c9180847e25f377017e2ae8cae4650b
name:
type: string
description: The display name of the object
example: john.doe
description: The history of the previous reviewers comments.
forwardHistory:
type: array
items:
type: object
properties:
oldApproverName:
type: string
description: Display name of approver from whom the approval was forwarded.
example: Frank Mir
newApproverName:
type: string
description: Display name of approver to whom the approval was forwarded.
example: Al Volta
comment:
type: string
nullable: true
description: Comment made while forwarding.
example: Forwarding from Frank to Al
modified:
type: string
format: date-time
description: Time at which approval was forwarded.
example: '2019-08-23T18:52:57.398Z'
forwarderName:
type: string
nullable: true
description: Display name of forwarder who forwarded the approval.
example: William Wilson
reassignmentType:
description: |-
The approval reassignment type.
* MANUAL_REASSIGNMENT: An approval with this reassignment type has been specifically reassigned by the approval task's owner, from their queue to someone else's.
* AUTOMATIC_REASSIGNMENT: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to that approver's reassignment configuration. The approver's reassignment configuration may be set up to automatically reassign approval tasks for a defined (or possibly open-ended) period of time.
* AUTO_ESCALATION: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to the request's escalation configuration. For more information about escalation configuration, refer to [Setting Global Reminders and Escalation Policies](https://documentation.sailpoint.com/saas/help/requests/config_emails.html).
* SELF_REVIEW_DELEGATION: An approval with this reassignment type has been automatically reassigned by the system to prevent self-review. This helps prevent situations like a requester being tasked with approving their own request. For more information about preventing self-review, refer to [Self-review Prevention](https://documentation.sailpoint.com/saas/help/users/work_reassignment.html#self-review-prevention) and [Preventing Self-approval](https://documentation.sailpoint.com/saas/help/requests/config_ap_roles.html#preventing-self-approval).
example: AUTOMATIC_REASSIGNMENT
type: string
enum:
- MANUAL_REASSIGNMENT
- AUTOMATIC_REASSIGNMENT
- AUTO_ESCALATION
- SELF_REVIEW_DELEGATION
description: The history of approval forward action.
commentRequiredWhenRejected:
type: boolean
default: false
description: When true the rejector has to provide comments when rejecting
example: true
state:
description: The final state of the approval
type: string
enum:
- APPROVED
- REJECTED
example: APPROVED
removeDate:
type: string
description: The date the role or access profile is no longer assigned to the specified identity.
format: date-time
example: '2020-07-11T00:00:00Z'
nullable: true
removeDateUpdateRequested:
type: boolean
default: false
description: 'If true, then the request was to change the remove date or sunset date.'
example: true
currentRemoveDate:
type: string
description: The remove date or sunset date that was assigned at the time of the request.
format: date-time
example: '2020-07-11T00:00:00Z'
nullable: true
sodViolationContext:
description: The details of the SOD violations for the associated approval.
type: object
properties:
state:
type: string
enum:
- SUCCESS
- ERROR
- null
description: The status of SOD violation check
example: SUCCESS
nullable: true
uuid:
description: The id of the Violation check event
type: string
example: f73d16e9-a038-46c5-b217-1246e15fdbdd
nullable: true
violationCheckResult:
description: The inner object representing the completed SOD Violation check
type: object
properties:
message:
description: 'If the request failed, this includes any error message that was generated.'
example:
- locale: en-US
localeOrigin: DEFAULT
text: An error has occurred during the SOD violation check
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
clientMetadata:
type: object
nullable: true
additionalProperties:
type: string
description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check.
example:
requestedAppName: test-app
requestedAppId: 2c91808f7892918f0178b78da4a305a1
violationContexts:
type: array
nullable: true
items:
description: The contextual information of the violated criteria
type: object
properties:
policy:
type: object
description: SOD policy.
properties:
type:
type: string
description: SOD policy DTO type.
enum:
- SOD_POLICY
example: SOD_POLICY
id:
type: string
description: SOD policy ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: SOD policy display name.
example: Business SOD Policy
conflictingAccessCriteria:
type: object
description: The object which contains the left and right hand side of the entitlements that got violated according to the policy.
properties:
leftCriteria:
type: object
properties:
criteriaList:
type: array
items:
description: Details of the Entitlement criteria
type: object
properties:
existing:
type: boolean
default: false
example: true
description: If the entitlement already belonged to the user or not.
type:
example: ENTITLEMENT
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Entitlement ID
example: 2c918085771e9d3301773b3cb66f6398
name:
type: string
description: Entitlement name
example: My HR Entitlement
rightCriteria:
type: object
properties:
criteriaList:
type: array
items:
description: Details of the Entitlement criteria
type: object
properties:
existing:
type: boolean
default: false
example: true
description: If the entitlement already belonged to the user or not.
type:
example: ENTITLEMENT
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Entitlement ID
example: 2c918085771e9d3301773b3cb66f6398
name:
type: string
description: Entitlement name
example: My HR Entitlement
violatedPolicies:
type: array
nullable: true
description: A list of the SOD policies that were violated.
items:
type: object
description: SOD policy.
properties:
type:
type: string
description: SOD policy DTO type.
enum:
- SOD_POLICY
example: SOD_POLICY
id:
type: string
description: SOD policy ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: SOD policy display name.
example: Business SOD Policy
preApprovalTriggerResult:
nullable: true
type: object
description: 'If the access request submitted event trigger is configured and this access request was intercepted by it, then this is the result of the trigger''s decision to either approve or deny the request.'
properties:
comment:
type: string
description: The comment from the trigger
example: This request was autoapproved by our automated ETS subscriber
decision:
description: The approval decision of the trigger
type: string
enum:
- APPROVED
- REJECTED
example: APPROVED
reviewer:
type: string
description: The name of the approver
example: Automated AR Approval
date:
type: string
format: date-time
example: '2022-06-07T19:18:40.748Z'
description: The date and time the trigger decided on the request
clientMetadata:
type: object
additionalProperties:
type: string
description: Arbitrary key-value pairs provided during the request.
example:
requestedAppName: test-app
requestedAppId: 2c91808f7892918f0178b78da4a305a1
requestedAccounts:
type: string
nullable: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/access-request-approvals/{approvalId}/approve':
post:
operationId: approveAccessRequest
summary: Approves an access request approval.
tags:
- Access Request Approvals
description: This endpoint approves an access request approval. Only the owner of the approval and ORG_ADMIN users are allowed to perform this action.
parameters:
- in: path
name: approvalId
schema:
type: string
required: true
description: The id of the approval.
example: 2c91808b7294bea301729568c68c002e
requestBody:
description: Reviewer's comment.
required: false
content:
application/json:
schema:
type: object
properties:
comment:
type: string
nullable: true
description: Comment content.
example: This is a comment.
created:
type: string
format: date-time
description: Date and time comment was created.
example: '2017-07-11T18:45:37.098Z'
author:
type: object
readOnly: true
description: Author of the comment
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object
id:
type: string
description: The unique ID of the object
example: 2c9180847e25f377017e2ae8cae4650b
name:
type: string
description: The display name of the object
example: john.doe
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/access-request-approvals/{approvalId}/reject':
post:
operationId: rejectAccessRequest
summary: Rejects an access request approval.
tags:
- Access Request Approvals
description: This endpoint rejects an access request approval. Only the owner of the approval and admin users are allowed to perform this action.
parameters:
- in: path
name: approvalId
schema:
type: string
required: true
description: The id of the approval.
example: 2c91808b7294bea301729568c68c002e
requestBody:
description: Reviewer's comment.
required: false
content:
application/json:
schema:
type: object
properties:
comment:
type: string
nullable: true
description: Comment content.
example: This is a comment.
created:
type: string
format: date-time
description: Date and time comment was created.
example: '2017-07-11T18:45:37.098Z'
author:
type: object
readOnly: true
description: Author of the comment
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object
id:
type: string
description: The unique ID of the object
example: 2c9180847e25f377017e2ae8cae4650b
name:
type: string
description: The display name of the object
example: john.doe
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/access-request-approvals/{approvalId}/forward':
post:
operationId: forwardAccessRequest
summary: Forwards an access request approval.
tags:
- Access Request Approvals
description: This endpoint forwards an access request approval to a new owner. Only the owner of the approval and ORG_ADMIN users are allowed to perform this action.
parameters:
- in: path
name: approvalId
schema:
type: string
required: true
description: The id of the approval.
example: 2c91808b7294bea301729568c68c002e
requestBody:
description: Information about the forwarded approval.
required: true
content:
application/json:
schema:
type: object
required:
- newOwnerId
- comment
properties:
newOwnerId:
type: string
description: The Id of the new owner
example: 2c91808568c529c60168cca6f90c1314
minLength: 1
maxLength: 255
comment:
type: string
description: The comment provided by the forwarder
example: 2c91808568c529c60168cca6f90c1313
minLength: 1
maxLength: 255
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/access-request-approvals/approval-summary:
get:
operationId: getAccessRequestApprovalSummary
security:
- UserContextAuth:
- 'idn:access-request-approvals-summary:read'
summary: Get the number of access-requests-approvals
tags:
- Access Request Approvals
description: 'This endpoint returns the number of pending, approved and rejected access requests approvals. See "owner-id" query parameter below for authorization info.'
parameters:
- in: query
name: owner-id
schema:
type: string
description: |-
The id of the owner or approver identity of the approvals. If present, the value returns approval summary for the specified identity.
* ORG_ADMIN users can call this with any identity ID value.
* ORG_ADMIN user can also fetch all the approvals in the org, when
owner-id is not used.
* Non ORG_ADMIN users can only specify *me* or pass their own
identity ID value.
example: 2c91808568c529c60168cca6f90c1313
required: false
- in: query
name: from-date
schema:
type: string
description: From date is the date and time from which the results will be shown. It should be in a valid ISO-8601 format
example: 'from-date=2020-03-19T19:59:11Z'
required: false
responses:
'200':
description: 'Number of pending, approved, rejected access request approvals.'
content:
application/json:
schema:
type: object
properties:
pending:
type: integer
description: The number of pending access requests approvals.
format: int32
example: 0
approved:
type: integer
description: The number of approved access requests approvals.
format: int32
example: 0
rejected:
type: integer
description: The number of rejected access requests approvals.
format: int32
example: 0
'400':
description: Client Error - Returned if the query parameter is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/accounts:
get:
operationId: listAccounts
tags:
- Accounts
summary: Accounts List
description: |-
This returns a list of accounts.
A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:accounts:read'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
example: identityId eq "2c9180858082150f0180893dbaf44201"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in, sw*
**identityId**: *eq, in, sw*
**name**: *eq, in, sw*
**nativeIdentity**: *eq, in, sw*
**sourceId**: *eq, in, sw*
**uncorrelated**: *eq*
**entitlements**: *eq*
**identity.name**: *eq, in, sw*
**identity.correlated**: *eq*
**identity.identityState**: *eq, in*
**source.displayableName**: *eq, in*
**source.authoritative**: *eq*
**source.connectionType**: *eq, in*
required: false
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
example: 'id,name'
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **id, name, created, modified, sourceId, identityId, identity.id, nativeIdentity, uuid, manuallyCorrelated, entitlements, identity.name, identity.identityState, identity.correlated, source.displayableName, source.authoritative, source.connectionType**
responses:
'200':
description: List of account objects
content:
application/json:
schema:
type: array
items:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
required:
- sourceId
- sourceName
- attributes
- authoritative
- disabled
- locked
- nativeIdentity
- systemAccount
- uncorrelated
- manuallyCorrelated
- hasEntitlements
properties:
sourceId:
type: string
example: 2c9180835d2e5168015d32f890ca1581
description: The unique ID of the source this account belongs to
sourceName:
type: string
example: Employees
description: The display name of the source this account belongs to
identityId:
type: string
example: 2c9180835d2e5168015d32f890ca1581
description: The unique ID of the identity this account is correlated to
attributes:
type: object
nullable: true
additionalProperties: true
description: The account attributes that are aggregated
example:
firstName: SailPoint
lastName: Support
displayName: SailPoint Support
authoritative:
type: boolean
description: Indicates if this account is from an authoritative source
example: false
description:
type: string
description: A description of the account
nullable: true
example: null
disabled:
type: boolean
description: Indicates if the account is currently disabled
example: false
locked:
type: boolean
description: Indicates if the account is currently locked
example: false
nativeIdentity:
type: string
description: The unique ID of the account generated by the source system
example: '552775'
systemAccount:
type: boolean
example: false
description: 'If true, this is a user account within IdentityNow. If false, this is an account from a source system.'
uncorrelated:
type: boolean
description: Indicates if this account is not correlated to an identity
example: false
uuid:
type: string
description: The unique ID of the account as determined by the account schema
example: slpt.support
nullable: true
manuallyCorrelated:
type: boolean
description: Indicates if the account has been manually correlated to an identity
example: false
hasEntitlements:
type: boolean
description: Indicates if the account has entitlements
example: true
identity:
description: The identity this account is correlated to
example:
id: 2c918084660f45d6016617daa9210584
type: IDENTITY
name: Adam Kennedy
type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
sourceOwner:
description: The owner of the source this account belongs to
example:
id: 4c5c8534e99445de98eef6c75e25eb01
type: IDENTITY
name: SailPoint Support
type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
features:
type: string
description: A string list containing the owning source's features
example: ENABLE
nullable: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createAccount
tags:
- Accounts
summary: Create Account
description: |-
This API submits an account creation task and returns the task ID.
You must include the `sourceId` where the account will be created in the `attributes` object.
This endpoint creates an account on the source record in your ISC tenant. This is useful for Flat File (`DelimitedFile`) type sources because it allows you to aggregate new accounts without needing to import a new CSV file every time.
However, if you use this endpoint to create an account for a Direct Connection type source, you must ensure that the account also exists on the target source. The endpoint doesn't actually provision the account on the target source, which means that if the account doesn't also exist on the target source, an aggregation between the source and your tenant will remove it from your tenant.
A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:accounts:manage'
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- attributes
properties:
attributes:
description: The schema attribute values for the account
type: object
required:
- sourceId
properties:
sourceId:
type: string
description: Target source to create an account
example: 34bfcbe116c9407464af37acbaf7a4dc
additionalProperties:
type: string
example:
sourceId: 34bfcbe116c9407464af37acbaf7a4dc
city: Austin
displayName: John Doe
userName: jdoe
sAMAccountName: jDoe
mail: john.doe@sailpoint.com
responses:
'202':
description: Async task details
content:
application/json:
schema:
description: Accounts async response containing details on started async process
required:
- id
type: object
properties:
id:
description: id of the task
type: string
example: 2c91808474683da6017468693c260195
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/accounts/{id}':
get:
operationId: getAccount
tags:
- Accounts
summary: Account Details
description: |-
Use this API to return the details for a single account by its ID.
A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:accounts:read'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: Account ID.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: Account object.
content:
application/json:
schema:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
required:
- sourceId
- sourceName
- attributes
- authoritative
- disabled
- locked
- nativeIdentity
- systemAccount
- uncorrelated
- manuallyCorrelated
- hasEntitlements
properties:
sourceId:
type: string
example: 2c9180835d2e5168015d32f890ca1581
description: The unique ID of the source this account belongs to
sourceName:
type: string
example: Employees
description: The display name of the source this account belongs to
identityId:
type: string
example: 2c9180835d2e5168015d32f890ca1581
description: The unique ID of the identity this account is correlated to
attributes:
type: object
nullable: true
additionalProperties: true
description: The account attributes that are aggregated
example:
firstName: SailPoint
lastName: Support
displayName: SailPoint Support
authoritative:
type: boolean
description: Indicates if this account is from an authoritative source
example: false
description:
type: string
description: A description of the account
nullable: true
example: null
disabled:
type: boolean
description: Indicates if the account is currently disabled
example: false
locked:
type: boolean
description: Indicates if the account is currently locked
example: false
nativeIdentity:
type: string
description: The unique ID of the account generated by the source system
example: '552775'
systemAccount:
type: boolean
example: false
description: 'If true, this is a user account within IdentityNow. If false, this is an account from a source system.'
uncorrelated:
type: boolean
description: Indicates if this account is not correlated to an identity
example: false
uuid:
type: string
description: The unique ID of the account as determined by the account schema
example: slpt.support
nullable: true
manuallyCorrelated:
type: boolean
description: Indicates if the account has been manually correlated to an identity
example: false
hasEntitlements:
type: boolean
description: Indicates if the account has entitlements
example: true
identity:
description: The identity this account is correlated to
example:
id: 2c918084660f45d6016617daa9210584
type: IDENTITY
name: Adam Kennedy
type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
sourceOwner:
description: The owner of the source this account belongs to
example:
id: 4c5c8534e99445de98eef6c75e25eb01
type: IDENTITY
name: SailPoint Support
type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
features:
type: string
description: A string list containing the owning source's features
example: ENABLE
nullable: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: updateAccount
tags:
- Accounts
summary: Update Account
description: |-
This updates account details. A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
This endpoint supports updating an account's correlation. It can only modify the identityId and manuallyCorrelated attributes. To re-assign an account from one identity to another, replace the current identityId with a new value. If the account you're assigning was provisioned by IdentityNow, it's possible IdentityNow could create a new account for the previous identity as soon as the account is moved. If the account you're assigning is authoritative, this will cause the previous identity to become uncorrelated and could even result in its deletion. All accounts that are are reassigned will be set to manuallyCorrelated: true.
security:
- UserContextAuth:
- 'idn:accounts:manage'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: Account ID.
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
description: 'A list of account update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.'
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /identityId
value: 2c9180845d1edece015d27a975983e21
responses:
'202':
description: Accepted. Update request accepted and is in progress.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putAccount
tags:
- Accounts
summary: Update Account
description: |-
Use this API to update an account with a PUT request.
This endpoint submits an account update task and returns the task ID.
A token with ORG_ADMIN authority is required to call this API.
>**NOTE: You can only use this PUT endpoint to update accounts from sources of the "DelimitedFile" type.**
security:
- UserContextAuth:
- 'idn:accounts:manage'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: Account ID.
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- attributes
properties:
attributes:
description: The schema attribute values for the account
type: object
additionalProperties: true
example:
city: Austin
displayName: John Doe
userName: jdoe
sAMAccountName: jDoe
mail: john.doe@sailpoint.com
responses:
'202':
description: Async task details.
content:
application/json:
schema:
description: Accounts async response containing details on started async process
required:
- id
type: object
properties:
id:
description: id of the task
type: string
example: 2c91808474683da6017468693c260195
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteAccount
tags:
- Accounts
summary: Delete Account
description: |-
Use this API to delete an account.
This endpoint submits an account delete task and returns the task ID.
This endpoint only deletes the account from IdentityNow, not the source itself, which can result in the account's returning with the next aggregation between the source and IdentityNow. To avoid this scenario, it is recommended that you [disable accounts](https://developer.sailpoint.com/idn/api/v3/disable-account) rather than delete them. This will also allow you to reenable the accounts in the future.
A token with ORG_ADMIN authority is required to call this API.
>**NOTE: You can only delete accounts from sources of the "DelimitedFile" type.**
security:
- UserContextAuth:
- 'idn:accounts:manage'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: Account ID.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'202':
description: Async task details.
content:
application/json:
schema:
description: Accounts async response containing details on started async process
required:
- id
type: object
properties:
id:
description: id of the task
type: string
example: 2c91808474683da6017468693c260195
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/accounts/{id}/entitlements':
get:
operationId: getAccountEntitlements
tags:
- Accounts
summary: Account Entitlements
description: |-
This API returns entitlements of the account.
A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:accounts:read'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: path
name: id
schema:
type: string
required: true
description: The account id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: An array of account entitlements
content:
application/json:
schema:
type: array
items:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
description: Entitlement object that represents entitlement
properties:
attribute:
description: Name of the entitlement attribute
type: string
example: authorizationType
value:
description: Raw value of the entitlement
type: string
example: 'CN=Users,dc=sailpoint,dc=com'
description:
description: Entitlment description
type: string
example: Active Directory DC
attributes:
description: Entitlement attributes
type: object
additionalProperties: true
example:
GroupType: Security
sAMAccountName: Buyer
sourceSchemaObjectType:
description: Schema objectType on the given application that maps to an Account Group
type: string
example: group
privileged:
description: Determines if this Entitlement is privileged.
type: boolean
example: false
cloudGoverned:
description: Determines if this Entitlement is goverened in the cloud.
type: boolean
example: false
source:
type: object
description: Source the entitlement belongs to.
properties:
type:
type: string
description: DTO type of source the entitlement belongs to.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source the entitlement belongs to.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source the entitlement belongs to.
example: HR Active Directory
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/accounts/{id}/reload':
post:
operationId: reloadAccount
tags:
- Accounts
summary: Reload Account
description: |-
This API asynchronously reloads the account directly from the connector and performs a one-time aggregation process.
A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:accounts-state:manage'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The account id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'202':
description: Async task details
content:
application/json:
schema:
description: Accounts async response containing details on started async process
required:
- id
type: object
properties:
id:
description: id of the task
type: string
example: 2c91808474683da6017468693c260195
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/accounts/{id}/enable':
post:
operationId: enableAccount
tags:
- Accounts
summary: Enable Account
description: |-
This API submits a task to enable account and returns the task ID.
A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:accounts-state:manage'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The account id
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
description: Request used for account enable/disable
type: object
properties:
externalVerificationId:
description: 'If set, an external process validates that the user wants to proceed with this request.'
type: string
example: 3f9180835d2e5168015d32f890ca1581
forceProvisioning:
description: 'If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated. Providing ''true'' for an unlocked account will add and process ''Unlock'' operation by the workflow.'
type: boolean
example: false
responses:
'202':
description: Async task details
content:
application/json:
schema:
description: Accounts async response containing details on started async process
required:
- id
type: object
properties:
id:
description: id of the task
type: string
example: 2c91808474683da6017468693c260195
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/accounts/{id}/disable':
post:
operationId: disableAccount
tags:
- Accounts
summary: Disable Account
description: |-
This API submits a task to disable the account and returns the task ID.
A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:accounts-state:manage'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The account id
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
description: Request used for account enable/disable
type: object
properties:
externalVerificationId:
description: 'If set, an external process validates that the user wants to proceed with this request.'
type: string
example: 3f9180835d2e5168015d32f890ca1581
forceProvisioning:
description: 'If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated. Providing ''true'' for an unlocked account will add and process ''Unlock'' operation by the workflow.'
type: boolean
example: false
responses:
'202':
description: Async task details
content:
application/json:
schema:
description: Accounts async response containing details on started async process
required:
- id
type: object
properties:
id:
description: id of the task
type: string
example: 2c91808474683da6017468693c260195
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/accounts/{id}/unlock':
post:
operationId: unlockAccount
tags:
- Accounts
summary: Unlock Account
description: |-
This API submits a task to unlock an account and returns the task ID.
To use this endpoint to unlock an account that has the `forceProvisioning` option set to true, the `idn:accounts-provisioning:manage` scope is required.
A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:accounts-state:manage'
- 'idn:accounts-provisioning:manage'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The account ID.
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
description: Request used for account unlock
type: object
properties:
externalVerificationId:
description: 'If set, an external process validates that the user wants to proceed with this request.'
type: string
example: 3f9180835d2e5168015d32f890ca1581
unlockIDNAccount:
description: 'If set, the IDN account is unlocked after the workflow completes.'
type: boolean
example: false
forceProvisioning:
description: 'If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated.'
type: boolean
example: false
responses:
'202':
description: Async task details
content:
application/json:
schema:
description: Accounts async response containing details on started async process
required:
- id
type: object
properties:
id:
description: id of the task
type: string
example: 2c91808474683da6017468693c260195
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/account-activities:
get:
operationId: listAccountActivities
tags:
- Account Activities
summary: List Account Activities
description: This gets a collection of account activities that satisfy the given query parameters.
parameters:
- in: query
name: requested-for
schema:
type: string
description: The identity that the activity was requested for. *me* indicates the current user. Mutually exclusive with *regarding-identity*.
required: false
example: 2c91808568c529c60168cca6f90c1313
- in: query
name: requested-by
schema:
type: string
description: The identity that requested the activity. *me* indicates the current user. Mutually exclusive with *regarding-identity*.
required: false
example: 2c91808568c529c60168cca6f90c1313
- in: query
name: regarding-identity
schema:
type: string
description: The specified identity will be either the requester or target of the account activity. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*.
required: false
example: 2c91808568c529c60168cca6f90c1313
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**type**: *eq, in, ge, gt, le, lt, ne, isnull, sw*
**created**: *gt, lt, ge, le, eq, in, ne, isnull, sw*
**modified**: *gt, lt, ge, le, eq, in, ne, isnull, sw*
example: type eq "Identity Refresh"
required: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **type, created, modified**
example: created
required: false
responses:
'200':
description: List of account activities
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: Id of the account activity
example: 2c9180835d2e5168015d32f890ca1581
name:
type: string
description: The name of the activity
example: 2c9180835d2e5168015d32f890ca1581
created:
description: When the activity was first created
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
modified:
description: When the activity was last modified
type: string
format: date-time
example: '2018-06-25T20:22:28.104Z'
nullable: true
completed:
description: When the activity was completed
type: string
format: date-time
nullable: true
example: '2018-10-19T13:49:37.385Z'
completionStatus:
allOf:
- nullable: true
type: string
description: The status after completion.
enum:
- SUCCESS
- FAILURE
- INCOMPLETE
- PENDING
- null
example: SUCCESS
- nullable: true
type:
nullable: true
type: string
example: appRequest
description: |
The type of action the activity performed. Please see the following list of types. This list may grow over time.
- CloudAutomated
- IdentityAttributeUpdate
- appRequest
- LifecycleStateChange
- AccountStateUpdate
- AccountAttributeUpdate
- CloudPasswordRequest
- Attribute Synchronization Refresh
- Certification
- Identity Refresh
- Lifecycle Change Refresh
[Learn more here](https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data).
requesterIdentitySummary:
type: object
nullable: true
properties:
id:
type: string
description: ID of this identity summary
example: ff80818155fe8c080155fe8d925b0316
name:
type: string
description: Human-readable display name of identity
example: SailPoint Services
identityId:
type: string
description: ID of the identity that this summary represents
example: c15b9f5cca5a4e9599eaa0e64fa921bd
completed:
type: boolean
description: Indicates if all access items for this summary have been decided on
example: true
targetIdentitySummary:
type: object
nullable: true
properties:
id:
type: string
description: ID of this identity summary
example: ff80818155fe8c080155fe8d925b0316
name:
type: string
description: Human-readable display name of identity
example: SailPoint Services
identityId:
type: string
description: ID of the identity that this summary represents
example: c15b9f5cca5a4e9599eaa0e64fa921bd
completed:
type: boolean
description: Indicates if all access items for this summary have been decided on
example: true
errors:
nullable: true
description: 'A list of error messages, if any, that were encountered.'
type: array
items:
type: string
example:
- 'sailpoint.connector.ConnectorException: java.lang.InterruptedException: Timeout waiting for response to message 0 from client 57a4ab97-ab3f-4aef-9fe2-0eaf15c73d26 after 60 seconds.'
warnings:
nullable: true
description: 'A list of warning messages, if any, that were encountered.'
type: array
items:
type: string
example:
- 'Some warning, another warning'
items:
nullable: true
type: array
description: Individual actions performed as part of this account activity
items:
type: object
properties:
id:
type: string
description: Item id
example: 48c545831b264409a81befcabb0e3c5a
name:
type: string
description: Human-readable display name of item
example: 48c545831b264409a81befcabb0e3c5a
requested:
type: string
format: date-time
description: Date and time item was requested
example: '2017-07-11T18:45:37.098Z'
approvalStatus:
allOf:
- type: string
enum:
- FINISHED
- REJECTED
- RETURNED
- EXPIRED
- PENDING
- CANCELED
- null
example: FINISHED
description: The state of a work item
- nullable: true
provisioningStatus:
type: string
enum:
- PENDING
- FINISHED
- UNVERIFIABLE
- COMMITED
- FAILED
- RETRY
description: Provisioning state of an account activity item
example: PENDING
requesterComment:
type: object
nullable: true
properties:
commenterId:
type: string
description: Id of the identity making the comment
example: 2c918084660f45d6016617daa9210584
commenterName:
type: string
description: Human-readable display name of the identity making the comment
example: Adam Kennedy
body:
type: string
description: Content of the comment
example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.
date:
type: string
format: date-time
description: Date and time comment was made
example: '2017-07-11T18:45:37.098Z'
reviewerIdentitySummary:
type: object
nullable: true
properties:
id:
type: string
description: ID of this identity summary
example: ff80818155fe8c080155fe8d925b0316
name:
type: string
description: Human-readable display name of identity
example: SailPoint Services
identityId:
type: string
description: ID of the identity that this summary represents
example: c15b9f5cca5a4e9599eaa0e64fa921bd
completed:
type: boolean
description: Indicates if all access items for this summary have been decided on
example: true
reviewerComment:
type: object
nullable: true
properties:
commenterId:
type: string
description: Id of the identity making the comment
example: 2c918084660f45d6016617daa9210584
commenterName:
type: string
description: Human-readable display name of the identity making the comment
example: Adam Kennedy
body:
type: string
description: Content of the comment
example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.
date:
type: string
format: date-time
description: Date and time comment was made
example: '2017-07-11T18:45:37.098Z'
operation:
allOf:
- type: string
enum:
- ADD
- CREATE
- MODIFY
- DELETE
- DISABLE
- ENABLE
- UNLOCK
- LOCK
- REMOVE
- SET
- null
description: Represents an operation in an account activity item
example: ADD
- nullable: true
attribute:
type: string
description: Attribute to which account activity applies
nullable: true
example: detectedRoles
value:
type: string
description: Value of attribute
nullable: true
example: 'Treasury Analyst [AccessProfile-1529010191212]'
nativeIdentity:
nullable: true
type: string
description: Native identity in the target system to which the account activity applies
example: Sandie.Camero
sourceId:
type: string
description: Id of Source to which account activity applies
example: 2c91808363ef85290164000587130c0c
accountRequestInfo:
type: object
nullable: true
properties:
requestedObjectId:
type: string
description: Id of requested object
example: 2c91808563ef85690164001c31140c0c
requestedObjectName:
type: string
description: Human-readable name of requested object
example: Treasury Analyst
requestedObjectType:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: 'The currently supported requestable object types. '
example: ACCESS_PROFILE
description: 'If an account activity item is associated with an access request, captures details of that request.'
clientMetadata:
nullable: true
type: object
additionalProperties:
type: string
description: 'Arbitrary key-value pairs, if any were included in the corresponding access request item'
example:
customKey1: custom value 1
customKey2: custom value 2
removeDate:
nullable: true
type: string
description: The date the role or access profile is no longer assigned to the specified identity.
format: date-time
example: '2020-07-11T00:00:00Z'
executionStatus:
type: string
description: The current state of execution.
enum:
- EXECUTING
- VERIFYING
- TERMINATED
- COMPLETED
example: COMPLETED
clientMetadata:
nullable: true
type: object
additionalProperties:
type: string
description: 'Arbitrary key-value pairs, if any were included in the corresponding access request'
example:
customKey1: custom value 1
customKey2: custom value 2
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/account-activities/{id}':
get:
operationId: getAccountActivity
tags:
- Account Activities
summary: Get an Account Activity
description: This gets a single account activity by its id.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The account activity id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: An account activity object
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Id of the account activity
example: 2c9180835d2e5168015d32f890ca1581
name:
type: string
description: The name of the activity
example: 2c9180835d2e5168015d32f890ca1581
created:
description: When the activity was first created
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
modified:
description: When the activity was last modified
type: string
format: date-time
example: '2018-06-25T20:22:28.104Z'
nullable: true
completed:
description: When the activity was completed
type: string
format: date-time
nullable: true
example: '2018-10-19T13:49:37.385Z'
completionStatus:
allOf:
- nullable: true
type: string
description: The status after completion.
enum:
- SUCCESS
- FAILURE
- INCOMPLETE
- PENDING
- null
example: SUCCESS
- nullable: true
type:
nullable: true
type: string
example: appRequest
description: |
The type of action the activity performed. Please see the following list of types. This list may grow over time.
- CloudAutomated
- IdentityAttributeUpdate
- appRequest
- LifecycleStateChange
- AccountStateUpdate
- AccountAttributeUpdate
- CloudPasswordRequest
- Attribute Synchronization Refresh
- Certification
- Identity Refresh
- Lifecycle Change Refresh
[Learn more here](https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data).
requesterIdentitySummary:
type: object
nullable: true
properties:
id:
type: string
description: ID of this identity summary
example: ff80818155fe8c080155fe8d925b0316
name:
type: string
description: Human-readable display name of identity
example: SailPoint Services
identityId:
type: string
description: ID of the identity that this summary represents
example: c15b9f5cca5a4e9599eaa0e64fa921bd
completed:
type: boolean
description: Indicates if all access items for this summary have been decided on
example: true
targetIdentitySummary:
type: object
nullable: true
properties:
id:
type: string
description: ID of this identity summary
example: ff80818155fe8c080155fe8d925b0316
name:
type: string
description: Human-readable display name of identity
example: SailPoint Services
identityId:
type: string
description: ID of the identity that this summary represents
example: c15b9f5cca5a4e9599eaa0e64fa921bd
completed:
type: boolean
description: Indicates if all access items for this summary have been decided on
example: true
errors:
nullable: true
description: 'A list of error messages, if any, that were encountered.'
type: array
items:
type: string
example:
- 'sailpoint.connector.ConnectorException: java.lang.InterruptedException: Timeout waiting for response to message 0 from client 57a4ab97-ab3f-4aef-9fe2-0eaf15c73d26 after 60 seconds.'
warnings:
nullable: true
description: 'A list of warning messages, if any, that were encountered.'
type: array
items:
type: string
example:
- 'Some warning, another warning'
items:
nullable: true
type: array
description: Individual actions performed as part of this account activity
items:
type: object
properties:
id:
type: string
description: Item id
example: 48c545831b264409a81befcabb0e3c5a
name:
type: string
description: Human-readable display name of item
example: 48c545831b264409a81befcabb0e3c5a
requested:
type: string
format: date-time
description: Date and time item was requested
example: '2017-07-11T18:45:37.098Z'
approvalStatus:
allOf:
- type: string
enum:
- FINISHED
- REJECTED
- RETURNED
- EXPIRED
- PENDING
- CANCELED
- null
example: FINISHED
description: The state of a work item
- nullable: true
provisioningStatus:
type: string
enum:
- PENDING
- FINISHED
- UNVERIFIABLE
- COMMITED
- FAILED
- RETRY
description: Provisioning state of an account activity item
example: PENDING
requesterComment:
type: object
nullable: true
properties:
commenterId:
type: string
description: Id of the identity making the comment
example: 2c918084660f45d6016617daa9210584
commenterName:
type: string
description: Human-readable display name of the identity making the comment
example: Adam Kennedy
body:
type: string
description: Content of the comment
example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.
date:
type: string
format: date-time
description: Date and time comment was made
example: '2017-07-11T18:45:37.098Z'
reviewerIdentitySummary:
type: object
nullable: true
properties:
id:
type: string
description: ID of this identity summary
example: ff80818155fe8c080155fe8d925b0316
name:
type: string
description: Human-readable display name of identity
example: SailPoint Services
identityId:
type: string
description: ID of the identity that this summary represents
example: c15b9f5cca5a4e9599eaa0e64fa921bd
completed:
type: boolean
description: Indicates if all access items for this summary have been decided on
example: true
reviewerComment:
type: object
nullable: true
properties:
commenterId:
type: string
description: Id of the identity making the comment
example: 2c918084660f45d6016617daa9210584
commenterName:
type: string
description: Human-readable display name of the identity making the comment
example: Adam Kennedy
body:
type: string
description: Content of the comment
example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.
date:
type: string
format: date-time
description: Date and time comment was made
example: '2017-07-11T18:45:37.098Z'
operation:
allOf:
- type: string
enum:
- ADD
- CREATE
- MODIFY
- DELETE
- DISABLE
- ENABLE
- UNLOCK
- LOCK
- REMOVE
- SET
- null
description: Represents an operation in an account activity item
example: ADD
- nullable: true
attribute:
type: string
description: Attribute to which account activity applies
nullable: true
example: detectedRoles
value:
type: string
description: Value of attribute
nullable: true
example: 'Treasury Analyst [AccessProfile-1529010191212]'
nativeIdentity:
nullable: true
type: string
description: Native identity in the target system to which the account activity applies
example: Sandie.Camero
sourceId:
type: string
description: Id of Source to which account activity applies
example: 2c91808363ef85290164000587130c0c
accountRequestInfo:
type: object
nullable: true
properties:
requestedObjectId:
type: string
description: Id of requested object
example: 2c91808563ef85690164001c31140c0c
requestedObjectName:
type: string
description: Human-readable name of requested object
example: Treasury Analyst
requestedObjectType:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: 'The currently supported requestable object types. '
example: ACCESS_PROFILE
description: 'If an account activity item is associated with an access request, captures details of that request.'
clientMetadata:
nullable: true
type: object
additionalProperties:
type: string
description: 'Arbitrary key-value pairs, if any were included in the corresponding access request item'
example:
customKey1: custom value 1
customKey2: custom value 2
removeDate:
nullable: true
type: string
description: The date the role or access profile is no longer assigned to the specified identity.
format: date-time
example: '2020-07-11T00:00:00Z'
executionStatus:
type: string
description: The current state of execution.
enum:
- EXECUTING
- VERIFYING
- TERMINATED
- COMPLETED
example: COMPLETED
clientMetadata:
nullable: true
type: object
additionalProperties:
type: string
description: 'Arbitrary key-value pairs, if any were included in the corresponding access request'
example:
customKey1: custom value 1
customKey2: custom value 2
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/auth-org/network-config:
get:
operationId: getAuthOrgNetworkConfig
tags:
- Global Tenant Security Settings
summary: Get security network configuration.
description: 'This API returns the details of an org''s network auth configuration. Requires security scope of: ''sp:auth-org:read'''
security:
- UserContextAuth:
- 'sp:auth-org:read'
responses:
'200':
description: Network configuration for the tenant's auth org.
content:
application/json:
schema:
type: object
properties:
range:
type: array
description: The collection of ip ranges.
items:
type: string
example:
- 1.3.7.2
- 255.255.255.252/30
nullable: true
geolocation:
type: array
description: The collection of country codes.
items:
type: string
example:
- CA
- FR
- HT
nullable: true
whitelisted:
type: boolean
description: Denotes whether the provided lists are whitelisted or blacklisted for geo location.
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createAuthOrgNetworkConfig
tags:
- Global Tenant Security Settings
summary: Create security network configuration.
description: 'This API returns the details of an org''s network auth configuration. Requires security scope of: ''sp:auth-org:create'''
security:
- UserContextAuth:
- 'sp:auth-org:create'
requestBody:
required: true
description: |-
Network configuration creation request body. The following constraints ensure the request body conforms to certain logical guidelines, which are:
1. Each string element in the range array must be a valid ip address or
ip subnet mask.
2. Each string element in the geolocation array must be 2 characters,
and they can only be uppercase letters.
content:
application/json:
schema:
type: object
properties:
range:
type: array
description: The collection of ip ranges.
items:
type: string
example:
- 1.3.7.2
- 255.255.255.252/30
nullable: true
geolocation:
type: array
description: The collection of country codes.
items:
type: string
example:
- CA
- FR
- HT
nullable: true
whitelisted:
type: boolean
description: Denotes whether the provided lists are whitelisted or blacklisted for geo location.
default: false
example: true
responses:
'200':
description: Network configuration for the tenant.
content:
application/json:
schema:
type: object
properties:
range:
type: array
description: The collection of ip ranges.
items:
type: string
example:
- 1.3.7.2
- 255.255.255.252/30
nullable: true
geolocation:
type: array
description: The collection of country codes.
items:
type: string
example:
- CA
- FR
- HT
nullable: true
whitelisted:
type: boolean
description: Denotes whether the provided lists are whitelisted or blacklisted for geo location.
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchAuthOrgNetworkConfig
tags:
- Global Tenant Security Settings
summary: Update security network configuration.
description: |-
This API updates an existing network configuration for an org using PATCH
Requires security scope of: 'sp:auth-org:update'
security:
- UserContextAuth:
- 'sp:auth-org:update'
requestBody:
required: true
description: |-
A list of auth org network configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
Ensures that the patched Network Config conforms to certain logical guidelines, which are:
1. Each string element in the range array must be a valid ip address or
ip subnet mask.
2. Each string element in the geolocation array must be 2 characters,
and they can only be uppercase letters.
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /whitelisted
value: 'false,'
- op: add
path: /geolocation
value:
- AF
- HN
- ES
responses:
'200':
description: Updated Auth Org network configuration.
content:
application/json:
schema:
type: object
properties:
range:
type: array
description: The collection of ip ranges.
items:
type: string
example:
- 1.3.7.2
- 255.255.255.252/30
nullable: true
geolocation:
type: array
description: The collection of country codes.
items:
type: string
example:
- CA
- FR
- HT
nullable: true
whitelisted:
type: boolean
description: Denotes whether the provided lists are whitelisted or blacklisted for geo location.
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/auth-users/{id}':
get:
operationId: getAuthUser
tags:
- Auth Users
summary: Auth User Details
description: Return the specified user's authentication system details.
parameters:
- in: path
name: id
description: Identity ID
required: true
schema:
type: string
example: ef38f94347e94562b5bb8424a56397d8
security:
- UserContextAuth:
- 'sp:auth-user:read'
responses:
'200':
description: The specified user's authentication system details.
content:
application/json:
schema:
type: object
properties:
tenant:
type: string
description: Tenant name.
example: test-tenant
id:
type: string
description: Identity ID.
example: 2c91808458ae7a4f0158b1bbf8af0628
uid:
type: string
description: Identity's unique identitifier.
example: will.smith
profile:
type: string
description: ID of the auth profile associated with the auth user.
example: 2c91808458ae7a4f0158b1bbf8af0756
identificationNumber:
type: string
description: Auth user's employee number.
example: 19-5588452
email:
type: string
description: Auth user's email.
example: william.smith@example.com
phone:
type: string
description: Auth user's phone number.
example: '5555555555'
workPhone:
type: string
description: Auth user's work phone number.
example: '5555555555'
personalEmail:
type: string
description: Auth user's personal email.
example: william.smith@example.com
firstname:
type: string
description: Auth user's first name.
example: Will
lastname:
type: string
description: Auth user's last name.
example: Smith
displayName:
type: string
description: Auth user's name in displayed format.
example: Will Smith
alias:
type: string
description: Auth user's alias.
example: will.smith
lastPasswordChangeDate:
type: string
description: Date of last password change.
example: '2021-03-08T22:37:33.901Z'
lastLoginTimestamp:
description: Timestamp of the last login (long type value).
type: integer
format: int64
example: 1656327185832
currentLoginTimestamp:
description: Timestamp of the current login (long type value).
type: integer
format: int64
example: 1656327185832
capabilities:
description: Array of the auth user's capabilities.
type: array
items:
type: string
enum:
- CERT_ADMIN
- CLOUD_GOV_ADMIN
- CLOUD_GOV_USER
- HELPDESK
- ORG_ADMIN
- REPORT_ADMIN
- ROLE_ADMIN
- ROLE_SUBADMIN
- SAAS_MANAGEMENT_ADMIN
- SAAS_MANAGEMENT_READER
- SOURCE_ADMIN
- SOURCE_SUBADMIN
- 'das:ui-administrator'
- 'das:ui-compliance_manager'
- 'das:ui-auditor'
- 'das:ui-data-scope'
- 'sp:aic-dashboard-read'
- 'sp:aic-dashboard-write'
- 'sp:ui-config-hub-admin'
- 'sp:ui-config-hub-backup-admin'
- 'sp:ui-config-hub-read'
example: ORG_ADMIN
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchAuthUser
tags:
- Auth Users
summary: Auth User Update
description: |-
Use a PATCH request to update an existing user in the authentication system.
Use this endpoint to modify these fields:
* `capabilities`
A '400.1.1 Illegal update attempt' detail code indicates that you attempted to PATCH a field that is not allowed.
security:
- UserContextAuth:
- 'sp:auth-user:update'
parameters:
- in: path
name: id
description: Identity ID
required: true
schema:
type: string
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
description: 'A list of auth user update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.'
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /capabilities
value:
- ORG_ADMIN
responses:
'200':
description: Auth user updated.
content:
application/json:
schema:
type: object
properties:
tenant:
type: string
description: Tenant name.
example: test-tenant
id:
type: string
description: Identity ID.
example: 2c91808458ae7a4f0158b1bbf8af0628
uid:
type: string
description: Identity's unique identitifier.
example: will.smith
profile:
type: string
description: ID of the auth profile associated with the auth user.
example: 2c91808458ae7a4f0158b1bbf8af0756
identificationNumber:
type: string
description: Auth user's employee number.
example: 19-5588452
email:
type: string
description: Auth user's email.
example: william.smith@example.com
phone:
type: string
description: Auth user's phone number.
example: '5555555555'
workPhone:
type: string
description: Auth user's work phone number.
example: '5555555555'
personalEmail:
type: string
description: Auth user's personal email.
example: william.smith@example.com
firstname:
type: string
description: Auth user's first name.
example: Will
lastname:
type: string
description: Auth user's last name.
example: Smith
displayName:
type: string
description: Auth user's name in displayed format.
example: Will Smith
alias:
type: string
description: Auth user's alias.
example: will.smith
lastPasswordChangeDate:
type: string
description: Date of last password change.
example: '2021-03-08T22:37:33.901Z'
lastLoginTimestamp:
description: Timestamp of the last login (long type value).
type: integer
format: int64
example: 1656327185832
currentLoginTimestamp:
description: Timestamp of the current login (long type value).
type: integer
format: int64
example: 1656327185832
capabilities:
description: Array of the auth user's capabilities.
type: array
items:
type: string
enum:
- CERT_ADMIN
- CLOUD_GOV_ADMIN
- CLOUD_GOV_USER
- HELPDESK
- ORG_ADMIN
- REPORT_ADMIN
- ROLE_ADMIN
- ROLE_SUBADMIN
- SAAS_MANAGEMENT_ADMIN
- SAAS_MANAGEMENT_READER
- SOURCE_ADMIN
- SOURCE_SUBADMIN
- 'das:ui-administrator'
- 'das:ui-compliance_manager'
- 'das:ui-auditor'
- 'das:ui-data-scope'
- 'sp:aic-dashboard-read'
- 'sp:aic-dashboard-write'
- 'sp:ui-config-hub-admin'
- 'sp:ui-config-hub-backup-admin'
- 'sp:ui-config-hub-read'
example: ORG_ADMIN
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/brandings:
get:
operationId: getBrandingList
tags:
- Branding
summary: List of branding items
description: |-
This API endpoint returns a list of branding items.
A token with API, ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth: []
responses:
'200':
description: A list of branding items.
content:
application/json:
schema:
type: array
items:
type: object
properties:
name:
type: string
description: name of branding item
example: default
productName:
type: string
description: product name
example: product name
nullable: true
actionButtonColor:
type: string
description: hex value of color for action button
example: 0074D9
nullable: true
activeLinkColor:
type: string
description: hex value of color for link
example: 011E69
nullable: true
navigationColor:
type: string
description: hex value of color for navigation bar
example: 011E69
nullable: true
emailFromAddress:
type: string
description: email from address
example: no-reply@sailpoint.com
nullable: true
standardLogoURL:
type: string
description: url to standard logo
example: ''
nullable: true
loginInformationalMessage:
type: string
description: login information message
example: ''
nullable: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createBrandingItem
tags:
- Branding
summary: Create a branding item
description: |-
This API endpoint creates a branding item.
A token with API, ORG_ADMIN authority is required to call this API.
requestBody:
required: true
content:
multipart/form-data:
schema:
type: object
required:
- name
- productName
properties:
name:
type: string
description: name of branding item
example: custom-branding-item
productName:
type: string
description: product name
example: product name
nullable: true
actionButtonColor:
type: string
description: hex value of color for action button
example: 0074D9
activeLinkColor:
type: string
description: hex value of color for link
example: 011E69
navigationColor:
type: string
description: hex value of color for navigation bar
example: 011E69
emailFromAddress:
type: string
description: email from address
example: no-reply@sailpoint.com
loginInformationalMessage:
type: string
description: login information message
example: ''
fileStandard:
type: string
format: binary
description: png file with logo
example: \x00\x00\x00\x02
security:
- UserContextAuth: []
responses:
'201':
description: Branding item created
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: name of branding item
example: default
productName:
type: string
description: product name
example: product name
nullable: true
actionButtonColor:
type: string
description: hex value of color for action button
example: 0074D9
nullable: true
activeLinkColor:
type: string
description: hex value of color for link
example: 011E69
nullable: true
navigationColor:
type: string
description: hex value of color for navigation bar
example: 011E69
nullable: true
emailFromAddress:
type: string
description: email from address
example: no-reply@sailpoint.com
nullable: true
standardLogoURL:
type: string
description: url to standard logo
example: ''
nullable: true
loginInformationalMessage:
type: string
description: login information message
example: ''
nullable: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/brandings/{name}':
get:
operationId: getBranding
tags:
- Branding
summary: Get a branding item
description: |-
This API endpoint retrieves information for an existing branding item by name.
A token with API, ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth: []
parameters:
- in: path
name: name
schema:
type: string
required: true
description: The name of the branding item to be retrieved
example: default
responses:
'200':
description: A branding item object
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: name of branding item
example: default
productName:
type: string
description: product name
example: product name
nullable: true
actionButtonColor:
type: string
description: hex value of color for action button
example: 0074D9
nullable: true
activeLinkColor:
type: string
description: hex value of color for link
example: 011E69
nullable: true
navigationColor:
type: string
description: hex value of color for navigation bar
example: 011E69
nullable: true
emailFromAddress:
type: string
description: email from address
example: no-reply@sailpoint.com
nullable: true
standardLogoURL:
type: string
description: url to standard logo
example: ''
nullable: true
loginInformationalMessage:
type: string
description: login information message
example: ''
nullable: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: setBrandingItem
tags:
- Branding
summary: Update a branding item
description: |-
This API endpoint updates information for an existing branding item.
A token with API, ORG_ADMIN authority is required to call this API.
parameters:
- in: path
name: name
schema:
type: string
required: true
description: The name of the branding item to be retrieved
example: default
requestBody:
required: true
content:
multipart/form-data:
schema:
type: object
required:
- name
- productName
properties:
name:
type: string
description: name of branding item
example: custom-branding-item
productName:
type: string
description: product name
example: product name
nullable: true
actionButtonColor:
type: string
description: hex value of color for action button
example: 0074D9
activeLinkColor:
type: string
description: hex value of color for link
example: 011E69
navigationColor:
type: string
description: hex value of color for navigation bar
example: 011E69
emailFromAddress:
type: string
description: email from address
example: no-reply@sailpoint.com
loginInformationalMessage:
type: string
description: login information message
example: ''
fileStandard:
type: string
format: binary
description: png file with logo
example: \x00\x00\x00\x02
security:
- UserContextAuth: []
responses:
'200':
description: Branding item updated
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: name of branding item
example: default
productName:
type: string
description: product name
example: product name
nullable: true
actionButtonColor:
type: string
description: hex value of color for action button
example: 0074D9
nullable: true
activeLinkColor:
type: string
description: hex value of color for link
example: 011E69
nullable: true
navigationColor:
type: string
description: hex value of color for navigation bar
example: 011E69
nullable: true
emailFromAddress:
type: string
description: email from address
example: no-reply@sailpoint.com
nullable: true
standardLogoURL:
type: string
description: url to standard logo
example: ''
nullable: true
loginInformationalMessage:
type: string
description: login information message
example: ''
nullable: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteBranding
tags:
- Branding
summary: Delete a branding item
description: |-
This API endpoint delete information for an existing branding item by name.
A token with API, ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth: []
parameters:
- in: path
name: name
schema:
type: string
required: true
description: The name of the branding item to be deleted
example: default
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/campaigns:
get:
operationId: getActiveCampaigns
tags:
- Certification Campaigns
summary: List Campaigns
description: Gets campaigns and returns them in a list. Can provide increased level of detail for each campaign if provided the correct query.
security:
- UserContextAuth:
- 'idn:campaign-list:read'
parameters:
- in: query
name: detail
schema:
type: string
enum:
- SLIM
- FULL
required: false
description: 'Determines whether slim, or increased level of detail is provided for each campaign in the returned list. Slim is the default behavior.'
example: FULL
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
required: false
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, sw*
**status**: *eq, in*
example: name eq "Manager Campaign"
- in: query
name: sorters
schema:
type: string
format: comma-separated
required: false
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, created**
example: name
responses:
'200':
description: A list of campaign objects. By default list of SLIM campaigns is returned.
content:
application/json:
schema:
type: array
items:
oneOf:
- type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
name:
description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
type: string
example: Manager Campaign
description:
type: string
description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
example: Everyone needs to be reviewed by their manager
deadline:
type: string
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
- type: object
title: Campaign
allOf:
- type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
name:
description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
type: string
example: Manager Campaign
description:
type: string
description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
example: Everyone needs to be reviewed by their manager
deadline:
type: string
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
- type: object
properties:
modified:
type: string
readOnly: true
format: date-time
description: Modified time of the campaign
example: '2020-03-03T22:20:12.674Z'
correlatedStatus:
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
filter:
type: object
description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.
properties:
id:
type: string
description: The ID of whatever type of filter is being used.
example: 0fbe863c063c4c88a35fd7f17e8a3df5
type:
type: string
description: Type of the filter
enum:
- CAMPAIGN_FILTER
- RULE
example: CAMPAIGN_FILTER
name:
type: string
description: Name of the filter
example: Test Filter
sunsetCommentsRequired:
type: boolean
description: Determines if comments on sunset date changes are required.
default: true
example: true
sourceOwnerCampaignInfo:
type: object
description: Must be set only if the campaign type is SOURCE_OWNER.
properties:
sourceIds:
type: array
description: The list of sources to be included in the campaign.
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
searchCampaignInfo:
type: object
description: Must be set only if the campaign type is SEARCH.
properties:
type:
type: string
description: The type of search campaign represented.
enum:
- IDENTITY
- ACCESS
example: ACCESS
description:
type: string
description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.'
example: Search Campaign description
reviewer:
type: object
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
query:
type: string
description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set.
example: Search Campaign query description
identityIds:
type: array
description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set.
items:
type: string
maxItems: 1000
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
accessConstraints:
type: array
description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
- ACCESS_PROFILE
- ROLE
description: Type of Access
example: ENTITLEMENT
ids:
description: Must be set only if operator is SELECTED.
type: array
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
operator:
type: string
enum:
- ALL
- SELECTED
description: Used to determine whether the scope of the campaign should be reduced for selected ids or all.
example: SELECTED
required:
- type
- operator
maxItems: 1000
required:
- type
roleCompositionCampaignInfo:
type: object
description: Optional configuration options for role composition campaigns.
properties:
reviewer:
type: object
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
roleIds:
type: array
description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
remediatorRef:
type: object
description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.'
properties:
type:
type: string
enum:
- IDENTITY
description: Legal Remediator Type
example: IDENTITY
id:
type: string
description: The ID of the remediator.
example: 2c90ad2a70ace7d50170acf22ca90010
name:
type: string
description: The name of the remediator.
readOnly: true
example: Role Admin
required:
- type
- id
query:
type: string
description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
example: Search Query
description:
type: string
description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.'
example: Role Composition Description
required:
- remediatorRef
sourcesWithOrphanEntitlements:
type: array
description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).
readOnly: true
items:
type: object
properties:
id:
type: string
description: Id of the source
example: 2c90ad2a70ace7d50170acf22ca90010
type:
type: string
enum:
- SOURCE
description: Type
example: SOURCE
name:
type: string
description: Name of the source
example: Source with orphan entitlements
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
examples:
Slim Campaign:
description: List of Slim Campaigns that would result from not specifying *detail* or specifying SLIM
value:
- id: 2c918086719eec070171a7e3355a360a
name: Manager Review
description: A review of everyone's access by their manager.
deadline: '2020-12-25T06:00:00.123Z'
type: MANAGER
status: ACTIVE
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
created: 2022-08-02T19:00:27.731Z
totalCertifications: 10
completedCertifications: 3
alerts:
- level: ERROR
localizations:
- locale: en
localeOrigin: DEFAULT
text: Composite criterion must have children non-composite criterion must not.
- id: 7e1a731e3fb845cfbe58112ba4673ee4
name: Search Campaign
description: Search Campaign Info
deadline: 2022-07-26T15:42:44.000Z
type: SEARCH
status: ACTIVE
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
created: 2022-07-25T15:42:18.276Z
totalCertifications: 5
completedCertifications: 3
alerts: null
- id: 2c918086719eec070171a7e3355a412b
name: AD Source Review
description: A review of our AD source.
deadline: '2020-12-25T06:00:00.123Z'
type: SOURCE_OWNER
status: STAGED
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
created: 2022-07-27T17:04:19.027Z
totalCertifications: 7
completedCertifications: 3
alerts:
- level: WARN
localizations:
- locale: en
localeOrigin: DEFAULT
text: Composite criterion is in wrong format.
- id: 3b2e2e5821e84127b6d693d41c40623b
name: Role Composition Campaign
description: A review done by a role owner.
deadline: 2020-12-25T06:00:00.468Z
type: ROLE_COMPOSITION
status: ACTIVE
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
created: 2022-08-02T20:29:51.065Z
totalCertifications: 1
completedCertifications: 1
alerts: null
Full Campaign:
description: List of Campaigns that would result from specifying *detail* as FULL
value:
- id: 078696a575e045c68d6722ccdb9f101d
name: Role Composition Campaign
description: A review done by a role owner.
deadline: 2020-12-25T06:00:00.468Z
type: ROLE_COMPOSITION
status: ERROR
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
modified: 2022-08-02T20:29:51.331Z
filter:
type: CAMPAIGN_FILTER
id: 0fbe863c063c4c88a35fd7f17e8a3df5
name: Test Role Composition Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo:
remediatorRef:
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
reviewerId: null
reviewer: null
roleIds:
- b15d609fc5c8434b865fe552315fda8f
query: null
description: null
sourcesWithOrphanEntitlements: null
mandatoryCommentRequirement: NO_DECISIONS
- id: 1be8fc1103914bf0a4e14e316b6a7b7c
name: Manager Review
description: A review of everyone's access by their manager.
deadline: 2020-12-25T06:00:00.468Z
type: MANAGER
status: STAGED
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
modified: 2022-08-02T19:00:34.391Z
filter:
type: CAMPAIGN_FILTER
id: 0fbe863c063c4c88a35fd7f17e8a3df5
name: Test Manager Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo: null
sourcesWithOrphanEntitlements: []
mandatoryCommentRequirement: NO_DECISIONS
- id: 7e1a731e3fb845cfbe58112ba4673ee4
name: Search Campaign
description: Search Campaign for Identities
deadline: 2022-07-26T15:42:44.000Z
type: SEARCH
status: ACTIVE
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
modified: 2022-07-25T15:42:53.718Z
filter:
type: CAMPAIGN_FILTER
id: 0fbe863c063c4c88a35fd7f17e8a3df5
name: Test Search Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo:
type: IDENTITY
description: Example of Search Campaign
reviewer:
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: null
query: user
identityIds: null
accessConstraints: []
roleCompositionCampaignInfo: null
sourcesWithOrphanEntitlements: []
mandatoryCommentRequirement: NO_DECISIONS
- id: ad3cf3dd50394b1bad646de4bc51b999
name: Source Owner Campaign
description: Example for Source Owner Campaign
deadline: 2022-08-10T17:09:02.000Z
type: SOURCE_OWNER
status: ACTIVE
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
modified: 2022-07-27T17:09:13.925Z
filter:
type: CAMPAIGN_FILTER
id: 0fbe863c063c4c88a35fd7f17e8a3df5
name: Test Source Owner Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo:
sourceIds:
- 2c91808781fd5aea01821200dc88318e
searchCampaignInfo: null
roleCompositionCampaignInfo: null
sourcesWithOrphanEntitlements: []
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createCampaign
tags:
- Certification Campaigns
summary: Create a campaign
description: Creates a new Certification Campaign with the information provided in the request body.
security:
- UserContextAuth:
- 'idn:campaign:create'
requestBody:
required: true
content:
application/json:
schema:
type: object
title: Campaign
allOf:
- type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
name:
description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
type: string
example: Manager Campaign
description:
type: string
description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
example: Everyone needs to be reviewed by their manager
deadline:
type: string
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
- type: object
properties:
modified:
type: string
readOnly: true
format: date-time
description: Modified time of the campaign
example: '2020-03-03T22:20:12.674Z'
correlatedStatus:
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
filter:
type: object
description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.
properties:
id:
type: string
description: The ID of whatever type of filter is being used.
example: 0fbe863c063c4c88a35fd7f17e8a3df5
type:
type: string
description: Type of the filter
enum:
- CAMPAIGN_FILTER
- RULE
example: CAMPAIGN_FILTER
name:
type: string
description: Name of the filter
example: Test Filter
sunsetCommentsRequired:
type: boolean
description: Determines if comments on sunset date changes are required.
default: true
example: true
sourceOwnerCampaignInfo:
type: object
description: Must be set only if the campaign type is SOURCE_OWNER.
properties:
sourceIds:
type: array
description: The list of sources to be included in the campaign.
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
searchCampaignInfo:
type: object
description: Must be set only if the campaign type is SEARCH.
properties:
type:
type: string
description: The type of search campaign represented.
enum:
- IDENTITY
- ACCESS
example: ACCESS
description:
type: string
description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.'
example: Search Campaign description
reviewer:
type: object
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
query:
type: string
description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set.
example: Search Campaign query description
identityIds:
type: array
description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set.
items:
type: string
maxItems: 1000
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
accessConstraints:
type: array
description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
- ACCESS_PROFILE
- ROLE
description: Type of Access
example: ENTITLEMENT
ids:
description: Must be set only if operator is SELECTED.
type: array
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
operator:
type: string
enum:
- ALL
- SELECTED
description: Used to determine whether the scope of the campaign should be reduced for selected ids or all.
example: SELECTED
required:
- type
- operator
maxItems: 1000
required:
- type
roleCompositionCampaignInfo:
type: object
description: Optional configuration options for role composition campaigns.
properties:
reviewer:
type: object
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
roleIds:
type: array
description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
remediatorRef:
type: object
description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.'
properties:
type:
type: string
enum:
- IDENTITY
description: Legal Remediator Type
example: IDENTITY
id:
type: string
description: The ID of the remediator.
example: 2c90ad2a70ace7d50170acf22ca90010
name:
type: string
description: The name of the remediator.
readOnly: true
example: Role Admin
required:
- type
- id
query:
type: string
description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
example: Search Query
description:
type: string
description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.'
example: Role Composition Description
required:
- remediatorRef
sourcesWithOrphanEntitlements:
type: array
description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).
readOnly: true
items:
type: object
properties:
id:
type: string
description: Id of the source
example: 2c90ad2a70ace7d50170acf22ca90010
type:
type: string
enum:
- SOURCE
description: Type
example: SOURCE
name:
type: string
description: Name of the source
example: Source with orphan entitlements
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
examples:
Manager:
value:
name: Manager Review
description: A review of everyone's access by their manager.
deadline: 2020-12-25T06:00:00.468Z
type: MANAGER
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
filter:
type: CAMPAIGN_FILTER
id: 0c46fb26c6b20967a55517ee90d15b93
mandatoryCommentRequirement: NO_DECISIONS
Search:
value:
name: Search Campaign
description: Search Campaign
deadline: 2020-12-25T06:00:00.468Z
type: SEARCH
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
filter:
type: CAMPAIGN_FILTER
id: 0c46fb26c6b20967a55517ee90d15b93
searchCampaignInfo:
type: ACCESS
query: user
mandatoryCommentRequirement: NO_DECISIONS
Source Owner:
value:
name: Source Owner
description: Source Owner Info
deadline: 2020-12-25T06:00:00.468Z
type: SOURCE_OWNER
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
filter:
type: CAMPAIGN_FILTER
id: 0c46fb26c6b20967a55517ee90d15b93
sourceOwnerCampaignInfo:
sourceIds:
- 612b31b1a0f04aaf83123bdb80e70db6
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
Role Composition:
value:
name: Role Composition Campaign
description: A review done by a role owner.
deadline: 2020-12-25T06:00:00.468Z
type: ROLE_COMPOSITION
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
filter:
type: CAMPAIGN_FILTER
id: 0c46fb26c6b20967a55517ee90d15b93
roleCompositionCampaignInfo:
remediatorRef:
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
roleIds:
- b15d609fc5c8434b865fe552315fda8f
mandatoryCommentRequirement: NO_DECISIONS
responses:
'200':
description: Indicates that the campaign requested was successfully created and returns its representation.
content:
application/json:
schema:
type: object
title: Campaign
allOf:
- type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
name:
description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
type: string
example: Manager Campaign
description:
type: string
description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
example: Everyone needs to be reviewed by their manager
deadline:
type: string
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
- type: object
properties:
modified:
type: string
readOnly: true
format: date-time
description: Modified time of the campaign
example: '2020-03-03T22:20:12.674Z'
correlatedStatus:
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
filter:
type: object
description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.
properties:
id:
type: string
description: The ID of whatever type of filter is being used.
example: 0fbe863c063c4c88a35fd7f17e8a3df5
type:
type: string
description: Type of the filter
enum:
- CAMPAIGN_FILTER
- RULE
example: CAMPAIGN_FILTER
name:
type: string
description: Name of the filter
example: Test Filter
sunsetCommentsRequired:
type: boolean
description: Determines if comments on sunset date changes are required.
default: true
example: true
sourceOwnerCampaignInfo:
type: object
description: Must be set only if the campaign type is SOURCE_OWNER.
properties:
sourceIds:
type: array
description: The list of sources to be included in the campaign.
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
searchCampaignInfo:
type: object
description: Must be set only if the campaign type is SEARCH.
properties:
type:
type: string
description: The type of search campaign represented.
enum:
- IDENTITY
- ACCESS
example: ACCESS
description:
type: string
description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.'
example: Search Campaign description
reviewer:
type: object
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
query:
type: string
description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set.
example: Search Campaign query description
identityIds:
type: array
description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set.
items:
type: string
maxItems: 1000
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
accessConstraints:
type: array
description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
- ACCESS_PROFILE
- ROLE
description: Type of Access
example: ENTITLEMENT
ids:
description: Must be set only if operator is SELECTED.
type: array
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
operator:
type: string
enum:
- ALL
- SELECTED
description: Used to determine whether the scope of the campaign should be reduced for selected ids or all.
example: SELECTED
required:
- type
- operator
maxItems: 1000
required:
- type
roleCompositionCampaignInfo:
type: object
description: Optional configuration options for role composition campaigns.
properties:
reviewer:
type: object
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
roleIds:
type: array
description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
remediatorRef:
type: object
description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.'
properties:
type:
type: string
enum:
- IDENTITY
description: Legal Remediator Type
example: IDENTITY
id:
type: string
description: The ID of the remediator.
example: 2c90ad2a70ace7d50170acf22ca90010
name:
type: string
description: The name of the remediator.
readOnly: true
example: Role Admin
required:
- type
- id
query:
type: string
description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
example: Search Query
description:
type: string
description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.'
example: Role Composition Description
required:
- remediatorRef
sourcesWithOrphanEntitlements:
type: array
description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).
readOnly: true
items:
type: object
properties:
id:
type: string
description: Id of the source
example: 2c90ad2a70ace7d50170acf22ca90010
type:
type: string
enum:
- SOURCE
description: Type
example: SOURCE
name:
type: string
description: Name of the source
example: Source with orphan entitlements
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
examples:
Manager:
value:
id: 5594f43b76804a6980ece5fdccf74be7
name: Manager Review
description: A review of everyone's access by their manager.
deadline: 2020-12-25T06:00:00.468Z
type: MANAGER
status: PENDING
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
created: 2022-08-02T20:21:18.421Z
modified: null
filter:
type: CAMPAIGN_FILTER
id: 0fbe863c063c4c88a35fd7f17e8a3df5
name: Test Manager Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: 0
completedCertifications: 0
sourcesWithOrphanEntitlements: null
mandatoryCommentRequirement: NO_DECISIONS
Search:
value:
id: ec041831cb2147778b594feb9d8db44a
name: Search Campaign
description: Search Campaign
deadline: 2020-12-25T06:00:00.468Z
type: SEARCH
status: PENDING
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
created: 2022-08-03T13:54:34.344Z
modified: null
filter:
type: CAMPAIGN_FILTER
id: 0fbe863c063c4c88a35fd7f17e8a3df5
name: Test Search Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo:
type: ACCESS
description: user
reviewer:
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: null
query: user
identityIds: null
accessConstraints: []
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: 0
completedCertifications: 0
sourcesWithOrphanEntitlements: null
mandatoryCommentRequirement: NO_DECISIONS
Source Owner:
value:
id: fd7b76ba4ea042de8a9414aa12fc977a
name: Source Owner
description: Source Owner Info
deadline: 2020-12-25T06:00:00.468Z
type: SOURCE_OWNER
status: PENDING
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
created: 2022-08-03T13:34:19.541Z
modified: null
filter:
type: CAMPAIGN_FILTER
id: 0fbe863c063c4c88a35fd7f17e8a3df5
name: Test Source Owner Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
sourceIds:
- 612b31b1a0f04aaf83123bdb80e70db6
searchCampaignInfo: null
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: 0
completedCertifications: 0
sourcesWithOrphanEntitlements: null
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
Role Composition:
value:
id: 3b2e2e5821e84127b6d693d41c40623b
name: Role Composition Campaign
description: A review done by a role owner.
deadline: 2020-12-25T06:00:00.468Z
type: ROLE_COMPOSITION
status: PENDING
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
created: 2022-08-02T20:30:46.083Z
modified: null
filter:
type: CAMPAIGN_FILTER
id: 0fbe863c063c4c88a35fd7f17e8a3df5
name: Test Role Composition Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo:
remediatorRef:
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
reviewerId: null
reviewer: null
roleIds:
- b15d609fc5c8434b865fe552315fda8f
query: null
description: null
alerts: null
totalCertifications: 0
completedCertifications: 0
sourcesWithOrphanEntitlements: null
mandatoryCommentRequirement: NO_DECISIONS
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/campaigns/{id}':
get:
operationId: getCampaign
tags:
- Certification Campaigns
summary: Get a campaign
description: 'Retrieves information for an existing campaign using the campaign''s ID. Authorized callers must be a reviewer for this campaign, an ORG_ADMIN, or a CERT_ADMIN.'
security:
- UserContextAuth: []
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the campaign to be retrieved
example: 2c91808571bcfcf80171c23e4b4221fc
responses:
'200':
description: A campaign object
content:
application/json:
schema:
type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
name:
description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
type: string
example: Manager Campaign
description:
type: string
description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
example: Everyone needs to be reviewed by their manager
deadline:
type: string
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
Manager:
value:
id: 2c918086719eec070171a7e3355a360a
name: Manager Review
description: A review of everyone's access by their manager.
deadline: '2020-12-25T06:00:00.123Z'
type: MANAGER
status: ACTIVE
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
Search:
value:
id: 7e1a731e3fb845cfbe58112ba4673ee4
name: Search Campaign
description: Search Campaign Info
deadline: 2022-07-26T15:42:44.000Z
type: SEARCH
status: ACTIVE
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
Source Owner:
value:
id: 2c918086719eec070171a7e3355a412b
name: AD Source Review
description: A review of our AD source.
deadline: '2020-12-25T06:00:00.123Z'
type: SOURCE_OWNER
status: STAGED
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
RoleComposition:
value:
id: 3b2e2e5821e84127b6d693d41c40623b
name: Role Composition Campaign
description: A review done by a role owner.
deadline: 2020-12-25T06:00:00.468Z
type: ROLE_COMPOSITION
status: ACTIVE
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: updateCampaign
tags:
- Certification Campaigns
summary: Update a Campaign
description: 'Allows updating individual fields on a campaign using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.'
security:
- UserContextAuth:
- 'idn:campaign:update'
- 'idn:campaign:read'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the campaign template being modified.
example: 2c91808571bcfcf80171c23e4b4221fc
requestBody:
required: true
description: |
A list of campaign update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
The fields that can be patched differ based on the status of the campaign.
In the *STAGED* status, the following fields can be patched:
* name
* description
* recommendationsEnabled
* deadline
* emailNotificationEnabled
* autoRevokeAllowed
In the *ACTIVE* status, the following fields can be patched:
* deadline
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /name
value: This field has been updated!
- op: copy
from: /name
path: /description
responses:
'200':
description: 'Indicates the PATCH operation succeeded, and returns the campaign''s new representation.'
content:
application/json:
schema:
type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
name:
description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
type: string
example: Manager Campaign
description:
type: string
description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
example: Everyone needs to be reviewed by their manager
deadline:
type: string
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
Manager:
value:
id: 2c918086719eec070171a7e3355a360a
name: Manager Review
description: A review of everyone's access by their manager.
deadline: '2020-12-25T06:00:00.123Z'
type: MANAGER
status: ACTIVE
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
Search:
value:
id: 7e1a731e3fb845cfbe58112ba4673ee4
name: Search Campaign
description: Search Campaign Info
deadline: 2022-07-26T15:42:44.000Z
type: SEARCH
status: ACTIVE
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
Source Owner:
value:
id: 2c918086719eec070171a7e3355a412b
name: AD Source Review
description: A review of our AD source.
deadline: '2020-12-25T06:00:00.123Z'
type: SOURCE_OWNER
status: STAGED
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
RoleComposition:
value:
id: 3b2e2e5821e84127b6d693d41c40623b
name: Role Composition Campaign
description: A review done by a role owner.
deadline: 2020-12-25T06:00:00.468Z
type: ROLE_COMPOSITION
status: ACTIVE
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/campaigns/{id}/reassign':
post:
security:
- UserContextAuth:
- 'idn:certification:write'
operationId: move
tags:
- Certification Campaigns
summary: Reassign Certifications
description: This API reassigns the specified certifications from one identity to another. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The certification campaign ID
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
certificationIds:
description: List of certification IDs to reassign
type: array
items:
type: string
minItems: 1
maxItems: 250
example:
- af3859464779471211bb8424a563abc1
- af3859464779471211bb8424a563abc2
- af3859464779471211bb8424a563abc3
reassignTo:
type: object
properties:
id:
type: string
description: The identity ID to which the review is being assigned.
example: ef38f94347e94562b5bb8424a56397d8
type:
type: string
description: The type of the ID provided.
enum:
- IDENTITY
example: IDENTITY
reason:
type: string
description: Comment to explain why the certification was reassigned
example: reassigned for some reason
responses:
'202':
description: The reassign task that has been submitted.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The ID of the certification task.
example: 2c918086719eec070171a7e3355a360a
type:
type: string
description: The type of the certification task. More values may be added in the future.
enum:
- REASSIGN
- ADMIN_REASSIGN
- COMPLETE_CERTIFICATION
- FINISH_CERTIFICATION
- COMPLETE_CAMPAIGN
- ACTIVATE_CAMPAIGN
- CAMPAIGN_CREATE
- CAMPAIGN_DELETE
example: ADMIN_REASSIGN
targetType:
type: string
description: The type of item that is being operated on by this task whose ID is stored in the targetId field.
enum:
- CERTIFICATION
- CAMPAIGN
example: CAMPAIGN
targetId:
type: string
description: The ID of the item being operated on by this task.
example: 2c918086719eec070171a7e3355a834c
status:
type: string
description: The status of the task.
enum:
- QUEUED
- IN_PROGRESS
- SUCCESS
- ERROR
example: QUEUED
errors:
description: A list of errors that have been encountered by the task.
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
reassignmentTrailDTOs:
description: Reassignment trails that lead to self certification identity
type: array
items:
type: object
properties:
previousOwner:
type: string
description: The ID of previous owner identity.
example: ef38f94347e94562b5bb8424a56397d8
newOwner:
type: string
description: The ID of new owner identity.
example: ef38f94347e94562b5bb8424a56397a3
reassignmentType:
type: string
description: The type of reassignment.
example: AUTOMATIC_REASSIGNMENT
example:
previousOwner: ef38f94347e94562b5bb8424a56397d8
newOwner: ef38f94347e94562b5bb8424a56397a3
reassignmentType: AUTOMATIC_REASSIGNMENT
created:
type: string
description: The date and time on which this task was created.
format: date-time
example: '2020-09-24T18:10:47.693Z'
example:
id: 2c918086719eec070171a7e3355a360a
type: ADMIN_REASSIGN
targetType: CAMPAIGN
targetId: 2c918086719eec070171a7e3355a834c
status: QUEUED
errors: []
created: '2020-09-24T18:10:47.693Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/campaigns/{id}/activate':
post:
operationId: startCampaign
tags:
- Certification Campaigns
summary: Activate a Campaign
description: |-
Submits a job to activate the campaign with the given Id. The campaign must be staged.
Requires roles of CERT_ADMIN and ORG_ADMIN
security:
- UserContextAuth:
- 'idn:campaign:update'
requestBody:
description: 'Optional. If no timezone is specified, the standard UTC timezone is used (i.e. UTC+00:00). Although this can take any timezone, the intended value is the caller''s timezone. The activation time calculated from the given timezone may cause the campaign deadline time to be modified, but it will remain within the original date. The timezone must be in a valid ISO 8601 format.'
required: false
content:
application/json:
schema:
type: object
properties:
timeZone:
type: string
description: 'The timezone must be in a valid ISO 8601 format. Timezones in ISO 8601 are represented as UTC (represented as ''Z'') or as an offset from UTC. The offset format can be +/-hh:mm, +/-hhmm, or +/-hh.'
default: Z
example: '-05:00'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The campaign id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/campaigns/{id}/complete':
post:
operationId: completeCampaign
tags:
- Certification Campaigns
summary: Complete a Campaign
description: |
:::caution
This endpoint will run successfully for any campaigns that are **past due**.
This endpoint will return a content error if the campaign is **not past due**.
:::
Completes a certification campaign. This is provided to admins so that they
can complete a certification even if all items have not been completed.
Requires roles of CERT_ADMIN and ORG_ADMIN
security:
- UserContextAuth:
- 'idn:campaign:update'
requestBody:
description: 'Optional. Default behavior is for the campaign to auto-approve upon completion, unless autoCompleteAction=REVOKE'
required: false
content:
application/json:
schema:
type: object
properties:
autoCompleteAction:
description: Determines whether to auto-approve(APPROVE) or auto-revoke(REVOKE) upon campaign completion.
type: string
enum:
- APPROVE
- REVOKE
default: APPROVE
example: REVOKE
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The campaign id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/campaigns/delete:
post:
operationId: deleteCampaigns
tags:
- Certification Campaigns
summary: Deletes Campaigns
description: Deletes campaigns whose Ids are specified in the provided list of campaign Ids. Authorized callers must be an ORG_ADMIN or a CERT_ADMIN.
security:
- UserContextAuth:
- 'idn:campaign:delete'
requestBody:
description: The ids of the campaigns to delete.
required: true
content:
application/json:
schema:
type: object
properties:
ids:
description: The ids of the campaigns to delete
type: array
items:
type: string
example:
- 2c9180887335cee10173490db1776c26
- 2c9180836a712436016a7125a90c0021
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/campaigns/{id}/run-remediation-scan':
post:
operationId: startCampaignRemediationScan
tags:
- Certification Campaigns
summary: Run Campaign Remediation Scan
description: |-
Kicks off remediation scan task for a certification campaign.
Requires roles of CERT_ADMIN and ORG_ADMIN
security:
- UserContextAuth:
- 'idn:campaign-report:run'
parameters:
- in: path
name: id
schema:
type: string
example: 2c91808571bcfcf80171c23e4b4221fc
required: true
description: The ID of the campaign for which remediation scan is being run.
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/campaigns/{id}/reports':
get:
operationId: getCampaignReports
tags:
- Certification Campaigns
summary: Get Campaign Reports
description: |-
Fetches all reports for a certification campaign by campaign ID.
Requires roles of CERT_ADMIN, DASHBOARD, ORG_ADMIN and REPORT_ADMIN
security:
- UserContextAuth:
- 'idn:campaign-report:read'
parameters:
- in: path
name: id
schema:
type: string
example: 2c91808571bcfcf80171c23e4b4221fc
required: true
description: The ID of the campaign for which reports are being fetched.
responses:
'200':
description: Array of campaign report objects.
content:
application/json:
schema:
type: array
items:
type: object
title: Campaign Report
required:
- reportType
allOf:
- allOf:
- type: object
description: SOD policy violation report result.
properties:
type:
type: string
description: SOD policy violation report result DTO type.
enum:
- REPORT_RESULT
example: REPORT_RESULT
id:
type: string
description: SOD policy violation report result ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of the SOD policy violation report result.
example: SOD Policy 1 Violation
- type: object
properties:
status:
type: string
description: Status of a SOD policy violation report.
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMP_ERROR
- PENDING
example: PENDING
- type: object
properties:
reportType:
type: string
description: type of a Report
enum:
- CAMPAIGN_COMPOSITION_REPORT
- CAMPAIGN_REMEDIATION_STATUS_REPORT
- CAMPAIGN_STATUS_REPORT
- CERTIFICATION_SIGNOFF_REPORT
example: CAMPAIGN_COMPOSITION_REPORT
lastRunAt:
type: string
readOnly: true
format: date-time
description: The most recent date and time this report was run
example:
type: REPORT_RESULT
id: 2c91808568c529c60168cca6f90c1313
name: Campaign Composition Report
status: SUCCESS
reportType: CAMPAIGN_COMPOSITION_REPORT
lastRunAt: '2019-12-19T13:49:37.385Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/campaigns/{id}/run-report/{type}':
post:
operationId: startCampaignReport
tags:
- Certification Campaigns
summary: Run Campaign Report
description: |-
Runs a report for a certification campaign.
Requires the following roles: CERT_ADMIN, DASHBOARD, ORG_ADMIN and REPORT_ADMIN.
security:
- UserContextAuth:
- 'idn:campaign-report:run'
parameters:
- in: path
name: id
schema:
type: string
example: 2c91808571bcfcf80171c23e4b4221fc
required: true
description: The ID of the campaign for which report is being run.
- in: path
name: type
schema:
type: string
description: type of a Report
enum:
- CAMPAIGN_COMPOSITION_REPORT
- CAMPAIGN_REMEDIATION_STATUS_REPORT
- CAMPAIGN_STATUS_REPORT
- CERTIFICATION_SIGNOFF_REPORT
example: CAMPAIGN_COMPOSITION_REPORT
required: true
description: The type of the report to run.
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/campaigns/reports-configuration:
get:
operationId: getCampaignReportsConfig
tags:
- Certification Campaigns
summary: Get Campaign Reports Configuration
description: |-
Fetches configuration for campaign reports. Currently it includes only one element - identity attributes defined as custom report columns.
Requires roles of CERT_ADMIN and ORG_ADMIN.
security:
- UserContextAuth:
- 'idn:campaign-reports-config:read'
responses:
'200':
description: Campaign Report Configuration
content:
application/json:
schema:
type: object
title: Campaign Reports Configuration
properties:
identityAttributeColumns:
type: array
nullable: true
description: list of identity attribute columns
items:
type: string
example:
- firstname
- lastname
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: setCampaignReportsConfig
tags:
- Certification Campaigns
summary: Set Campaign Reports Configuration
description: |-
Overwrites configuration for campaign reports.
Requires roles CERT_ADMIN and ORG_ADMIN.
security:
- UserContextAuth:
- 'idn:campaign-reports-config:write'
requestBody:
required: true
description: Campaign Report Configuration
content:
application/json:
schema:
type: object
title: Campaign Reports Configuration
properties:
identityAttributeColumns:
type: array
nullable: true
description: list of identity attribute columns
items:
type: string
example:
- firstname
- lastname
responses:
'200':
description: The persisted Campaign Report Configuration
content:
application/json:
schema:
type: object
title: Campaign Reports Configuration
properties:
identityAttributeColumns:
type: array
nullable: true
description: list of identity attribute columns
items:
type: string
example:
- firstname
- lastname
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/campaign-filters:
post:
operationId: createCampaignFilter
tags:
- Certification Campaign Filters
summary: Create a Campaign Filter
description: Create a campaign Filter based on filter details and criteria.
security:
- UserContextAuth:
- 'idn:campaign-filter:create'
requestBody:
required: true
content:
application/json:
schema:
type: object
description: Campaign Filter Details
properties:
id:
type: string
description: Id of the campaign filter
example: e9f9a1397b842fd5a65842087040d3ac
name:
type: string
description: This is campaign filter's name.
example: Identity Attribute Campaign Filter
description:
type: string
description: This is campaign filter's description.
example: Campaign filter to certify data based on specified property of Identity Attribute.
owner:
type: string
description: The owner of this filter. This field is automatically populated at creation time with the current user.
example: SailPoint Support
nullable: true
mode:
description: 'The mode/type of Filter, where it is of INCLUSION or EXCLUSION type. INCLUSION type will include the data in generated campaign as per specified in criteria, whereas EXCLUSION type will exclude the the data in generated campaign as per specified in criteria.'
enum:
- INCLUSION
- EXCLUSION
example: INCLUSION
criteriaList:
type: array
description: List of criteria.
items:
type: object
properties:
type:
type: string
enum:
- COMPOSITE
- ROLE
- IDENTITY
- IDENTITY_ATTRIBUTE
- ENTITLEMENT
- ACCESS_PROFILE
- SOURCE
- ACCOUNT
- AGGREGATED_ENTITLEMENT
- INVALID_CERTIFIABLE_ENTITY
description: Type of the criteria in the filter. The `COMPOSITE` filter can contain multiple filters in an AND/OR relationship.
example: IDENTITY_ATTRIBUTE
operation:
allOf:
- type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
- null
description: Operation on a specific criteria
example: EQUALS
- nullable: true
property:
type: string
description: The specified key from the Type of criteria.
example: displayName
nullable: true
value:
type: string
description: The value for the specified key from the Type of Criteria
example: Allie
nullable: true
required:
- type
- property
- value
- operation
example:
- type: IDENTITY_ATTRIBUTE
property: displayName
value: support
operation: CONTAINS
negateResult: false
shortCircuit: false
recordChildMatches: false
id: null
suppressMatchedItems: false
children: null
required:
- name
- description
- owner
- mode
responses:
'200':
description: Created successfully.
content:
application/json:
schema:
type: object
description: Campaign Filter Details
properties:
id:
type: string
description: Id of the campaign filter
example: e9f9a1397b842fd5a65842087040d3ac
name:
type: string
description: This is campaign filter's name.
example: Identity Attribute Campaign Filter
description:
type: string
description: This is campaign filter's description.
example: Campaign filter to certify data based on specified property of Identity Attribute.
owner:
type: string
description: The owner of this filter. This field is automatically populated at creation time with the current user.
example: SailPoint Support
nullable: true
mode:
description: 'The mode/type of Filter, where it is of INCLUSION or EXCLUSION type. INCLUSION type will include the data in generated campaign as per specified in criteria, whereas EXCLUSION type will exclude the the data in generated campaign as per specified in criteria.'
enum:
- INCLUSION
- EXCLUSION
example: INCLUSION
criteriaList:
type: array
description: List of criteria.
items:
type: object
properties:
type:
type: string
enum:
- COMPOSITE
- ROLE
- IDENTITY
- IDENTITY_ATTRIBUTE
- ENTITLEMENT
- ACCESS_PROFILE
- SOURCE
- ACCOUNT
- AGGREGATED_ENTITLEMENT
- INVALID_CERTIFIABLE_ENTITY
description: Type of the criteria in the filter. The `COMPOSITE` filter can contain multiple filters in an AND/OR relationship.
example: IDENTITY_ATTRIBUTE
operation:
allOf:
- type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
- null
description: Operation on a specific criteria
example: EQUALS
- nullable: true
property:
type: string
description: The specified key from the Type of criteria.
example: displayName
nullable: true
value:
type: string
description: The value for the specified key from the Type of Criteria
example: Allie
nullable: true
required:
- type
- property
- value
- operation
example:
- type: IDENTITY_ATTRIBUTE
property: displayName
value: support
operation: CONTAINS
negateResult: false
shortCircuit: false
recordChildMatches: false
id: null
suppressMatchedItems: false
children: null
required:
- name
- description
- owner
- mode
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
operationId: listCampaignFilters
tags:
- Certification Campaign Filters
summary: List Campaign Filters
description: |-
Lists all Campaign Filters. Scope can be reduced via standard V3 query params.
All Campaign Filters matching the query params
security:
- UserContextAuth:
- 'idn:campaign-filter-list:read'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: start
description: 'Start/Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.'
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: includeSystemFilters
description: 'If true, include system filters in the count and results, exclude them otherwise. If not provided any value for it then by default it is true.'
required: false
example: true
schema:
type: boolean
default: true
responses:
'200':
description: List of campaign filter objects
content:
application/json:
schema:
type: object
properties:
items:
type: array
description: The list of campaign filters
items:
type: object
description: Campaign Filter Details
properties:
id:
type: string
description: Id of the campaign filter
example: e9f9a1397b842fd5a65842087040d3ac
name:
type: string
description: This is campaign filter's name.
example: Identity Attribute Campaign Filter
description:
type: string
description: This is campaign filter's description.
example: Campaign filter to certify data based on specified property of Identity Attribute.
owner:
type: string
description: The owner of this filter. This field is automatically populated at creation time with the current user.
example: SailPoint Support
nullable: true
mode:
description: 'The mode/type of Filter, where it is of INCLUSION or EXCLUSION type. INCLUSION type will include the data in generated campaign as per specified in criteria, whereas EXCLUSION type will exclude the the data in generated campaign as per specified in criteria.'
enum:
- INCLUSION
- EXCLUSION
example: INCLUSION
criteriaList:
type: array
description: List of criteria.
items:
type: object
properties:
type:
type: string
enum:
- COMPOSITE
- ROLE
- IDENTITY
- IDENTITY_ATTRIBUTE
- ENTITLEMENT
- ACCESS_PROFILE
- SOURCE
- ACCOUNT
- AGGREGATED_ENTITLEMENT
- INVALID_CERTIFIABLE_ENTITY
description: Type of the criteria in the filter. The `COMPOSITE` filter can contain multiple filters in an AND/OR relationship.
example: IDENTITY_ATTRIBUTE
operation:
allOf:
- type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
- null
description: Operation on a specific criteria
example: EQUALS
- nullable: true
property:
type: string
description: The specified key from the Type of criteria.
example: displayName
nullable: true
value:
type: string
description: The value for the specified key from the Type of Criteria
example: Allie
nullable: true
required:
- type
- property
- value
- operation
example:
- type: IDENTITY_ATTRIBUTE
property: displayName
value: support
operation: CONTAINS
negateResult: false
shortCircuit: false
recordChildMatches: false
id: null
suppressMatchedItems: false
children: null
required:
- name
- description
- owner
- mode
count:
type: integer
description: The number of filters returned
example: 2
example:
items:
- id: 5b8a2ba86393dd174495c4436dd76b25
name: IdentityAttribute Inclusion Campaign Filter
description: IdentityAttribute Inclusion Campaign Filter
owner: SailPoint Support
mode: INCLUSION
criteriaList:
- type: IDENTITY_ATTRIBUTE
property: displayName
value: '#'
operation: CONTAINS
negateResult: false
shortCircuit: false
recordChildMatches: false
id: null
suppressMatchedItems: false
children: null
isSystemFilter: false
- id: e9f9a1397b842fd5a65842087040d3ac
name: Exclusion Campaign Filter
description: Campaign filter for Exclusion update
owner: SailPoint Support
mode: EXCLUSION
criteriaList:
- type: IDENTITY_ATTRIBUTE
property: displayName
value: '#@'
operation: CONTAINS
negateResult: false
shortCircuit: false
recordChildMatches: false
id: null
suppressMatchedItems: false
children: null
isSystemFilter: false
count: 2
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/campaign-filters/{id}':
get:
operationId: getCampaignFilterById
tags:
- Certification Campaign Filters
summary: Get Campaign Filter by ID
description: Retrieves information for an existing campaign filter using the filter's ID.
security:
- UserContextAuth:
- 'idn:campaign-filter:read'
parameters:
- in: path
name: filterId
schema:
type: string
example: e9f9a1397b842fd5a65842087040d3ac
required: true
description: The ID of the campaign filter to be retrieved.
responses:
'200':
description: A campaign filter object.
content:
application/json:
schema:
type: array
items:
type: object
description: Campaign Filter Details
properties:
id:
type: string
description: Id of the campaign filter
example: e9f9a1397b842fd5a65842087040d3ac
name:
type: string
description: This is campaign filter's name.
example: Identity Attribute Campaign Filter
description:
type: string
description: This is campaign filter's description.
example: Campaign filter to certify data based on specified property of Identity Attribute.
owner:
type: string
description: The owner of this filter. This field is automatically populated at creation time with the current user.
example: SailPoint Support
nullable: true
mode:
description: 'The mode/type of Filter, where it is of INCLUSION or EXCLUSION type. INCLUSION type will include the data in generated campaign as per specified in criteria, whereas EXCLUSION type will exclude the the data in generated campaign as per specified in criteria.'
enum:
- INCLUSION
- EXCLUSION
example: INCLUSION
criteriaList:
type: array
description: List of criteria.
items:
type: object
properties:
type:
type: string
enum:
- COMPOSITE
- ROLE
- IDENTITY
- IDENTITY_ATTRIBUTE
- ENTITLEMENT
- ACCESS_PROFILE
- SOURCE
- ACCOUNT
- AGGREGATED_ENTITLEMENT
- INVALID_CERTIFIABLE_ENTITY
description: Type of the criteria in the filter. The `COMPOSITE` filter can contain multiple filters in an AND/OR relationship.
example: IDENTITY_ATTRIBUTE
operation:
allOf:
- type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
- null
description: Operation on a specific criteria
example: EQUALS
- nullable: true
property:
type: string
description: The specified key from the Type of criteria.
example: displayName
nullable: true
value:
type: string
description: The value for the specified key from the Type of Criteria
example: Allie
nullable: true
required:
- type
- property
- value
- operation
example:
- type: IDENTITY_ATTRIBUTE
property: displayName
value: support
operation: CONTAINS
negateResult: false
shortCircuit: false
recordChildMatches: false
id: null
suppressMatchedItems: false
children: null
required:
- name
- description
- owner
- mode
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: updateCampaignFilter
tags:
- Certification Campaign Filters
summary: Updates a Campaign Filter
description: Updates an existing campaign filter using the filter's ID.
security:
- UserContextAuth:
- 'idn:campaign-filter:update'
parameters:
- in: path
name: filterId
schema:
type: string
example: e9f9a1397b842fd5a65842087040d3ac
required: true
description: The ID of the campaign filter being modified.
requestBody:
required: true
description: A campaign filter details with updated field values.
content:
application/json:
schema:
type: object
description: Campaign Filter Details
properties:
id:
type: string
description: Id of the campaign filter
example: e9f9a1397b842fd5a65842087040d3ac
name:
type: string
description: This is campaign filter's name.
example: Identity Attribute Campaign Filter
description:
type: string
description: This is campaign filter's description.
example: Campaign filter to certify data based on specified property of Identity Attribute.
owner:
type: string
description: The owner of this filter. This field is automatically populated at creation time with the current user.
example: SailPoint Support
nullable: true
mode:
description: 'The mode/type of Filter, where it is of INCLUSION or EXCLUSION type. INCLUSION type will include the data in generated campaign as per specified in criteria, whereas EXCLUSION type will exclude the the data in generated campaign as per specified in criteria.'
enum:
- INCLUSION
- EXCLUSION
example: INCLUSION
criteriaList:
type: array
description: List of criteria.
items:
type: object
properties:
type:
type: string
enum:
- COMPOSITE
- ROLE
- IDENTITY
- IDENTITY_ATTRIBUTE
- ENTITLEMENT
- ACCESS_PROFILE
- SOURCE
- ACCOUNT
- AGGREGATED_ENTITLEMENT
- INVALID_CERTIFIABLE_ENTITY
description: Type of the criteria in the filter. The `COMPOSITE` filter can contain multiple filters in an AND/OR relationship.
example: IDENTITY_ATTRIBUTE
operation:
allOf:
- type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
- null
description: Operation on a specific criteria
example: EQUALS
- nullable: true
property:
type: string
description: The specified key from the Type of criteria.
example: displayName
nullable: true
value:
type: string
description: The value for the specified key from the Type of Criteria
example: Allie
nullable: true
required:
- type
- property
- value
- operation
example:
- type: IDENTITY_ATTRIBUTE
property: displayName
value: support
operation: CONTAINS
negateResult: false
shortCircuit: false
recordChildMatches: false
id: null
suppressMatchedItems: false
children: null
required:
- name
- description
- owner
- mode
responses:
'200':
description: Created successfully.
content:
application/json:
schema:
type: object
description: Campaign Filter Details
properties:
id:
type: string
description: Id of the campaign filter
example: e9f9a1397b842fd5a65842087040d3ac
name:
type: string
description: This is campaign filter's name.
example: Identity Attribute Campaign Filter
description:
type: string
description: This is campaign filter's description.
example: Campaign filter to certify data based on specified property of Identity Attribute.
owner:
type: string
description: The owner of this filter. This field is automatically populated at creation time with the current user.
example: SailPoint Support
nullable: true
mode:
description: 'The mode/type of Filter, where it is of INCLUSION or EXCLUSION type. INCLUSION type will include the data in generated campaign as per specified in criteria, whereas EXCLUSION type will exclude the the data in generated campaign as per specified in criteria.'
enum:
- INCLUSION
- EXCLUSION
example: INCLUSION
criteriaList:
type: array
description: List of criteria.
items:
type: object
properties:
type:
type: string
enum:
- COMPOSITE
- ROLE
- IDENTITY
- IDENTITY_ATTRIBUTE
- ENTITLEMENT
- ACCESS_PROFILE
- SOURCE
- ACCOUNT
- AGGREGATED_ENTITLEMENT
- INVALID_CERTIFIABLE_ENTITY
description: Type of the criteria in the filter. The `COMPOSITE` filter can contain multiple filters in an AND/OR relationship.
example: IDENTITY_ATTRIBUTE
operation:
allOf:
- type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
- null
description: Operation on a specific criteria
example: EQUALS
- nullable: true
property:
type: string
description: The specified key from the Type of criteria.
example: displayName
nullable: true
value:
type: string
description: The value for the specified key from the Type of Criteria
example: Allie
nullable: true
required:
- type
- property
- value
- operation
example:
- type: IDENTITY_ATTRIBUTE
property: displayName
value: support
operation: CONTAINS
negateResult: false
shortCircuit: false
recordChildMatches: false
id: null
suppressMatchedItems: false
children: null
required:
- name
- description
- owner
- mode
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/campaign-filters/delete:
post:
operationId: deleteCampaignFilters
tags:
- Certification Campaign Filters
summary: Deletes Campaign Filters
description: Deletes campaign filters whose Ids are specified in the provided list of campaign filter Ids. Authorized callers must be an ORG_ADMIN or a CERT_ADMIN.
security:
- UserContextAuth:
- 'idn:campaign-filter:delete'
requestBody:
description: A json list of IDs of campaign filters to delete.
required: true
content:
application/json:
schema:
type: array
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
- 2efb374d392c4d88a34sv7b11e8a4eq6
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/campaign-templates:
post:
operationId: createCampaignTemplate
tags:
- Certification Campaigns
summary: Create a Campaign Template
description: Create a campaign Template based on campaign.
security:
- UserContextAuth:
- 'idn:campaign-template:create'
requestBody:
required: true
content:
application/json:
schema:
type: object
description: Campaign Template
properties:
id:
type: string
description: Id of the campaign template
example: 2c9079b270a266a60170a277bb960008
name:
type: string
description: This template's name. Has no bearing on generated campaigns' names.
example: Manager Campaign Template
description:
type: string
description: This template's description. Has no bearing on generated campaigns' descriptions.
example: Template for the annual manager campaign.
created:
type: string
description: Creation date of Campaign Template
readOnly: true
format: date-time
example: '2020-03-05T22:44:00.364Z'
modified:
type: string
description: Modification date of Campaign Template
readOnly: true
format: date-time
example: '2020-03-05T22:52:09.969Z'
scheduled:
type: boolean
readOnly: true
description: Indicates if this campaign template has been scheduled.
example: false
default: false
ownerRef:
type: object
description: 'The owner of this template, and the owner of campaigns generated from this template via a schedule. This field is automatically populated at creation time with the current user.'
properties:
id:
type: string
description: Id of the owner
example: 2c918086676d3e0601677611dbde220f
type:
type: string
enum:
- IDENTITY
description: Type of the owner
example: IDENTITY
name:
type: string
description: Name of the owner
example: Mister Manager
email:
type: string
description: Email of the owner
example: mr.manager@example.com
deadlineDuration:
type: string
description: 'The time period during which the campaign should be completed, formatted as an ISO-8601 Duration. When this template generates a campaign, the campaign''s deadline will be the current date plus this duration. For example, if generation occurred on 2020-01-01 and this field was "P2W" (two weeks), the resulting campaign''s deadline would be 2020-01-15 (the current date plus 14 days).'
example: P2W
campaign:
type: object
description: 'This will hold campaign related information like name, description etc.'
title: Campaign
allOf:
- type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
name:
description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
type: string
example: Manager Campaign
description:
type: string
description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
example: Everyone needs to be reviewed by their manager
deadline:
type: string
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
- type: object
properties:
modified:
type: string
readOnly: true
format: date-time
description: Modified time of the campaign
example: '2020-03-03T22:20:12.674Z'
correlatedStatus:
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
filter:
type: object
description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.
properties:
id:
type: string
description: The ID of whatever type of filter is being used.
example: 0fbe863c063c4c88a35fd7f17e8a3df5
type:
type: string
description: Type of the filter
enum:
- CAMPAIGN_FILTER
- RULE
example: CAMPAIGN_FILTER
name:
type: string
description: Name of the filter
example: Test Filter
sunsetCommentsRequired:
type: boolean
description: Determines if comments on sunset date changes are required.
default: true
example: true
sourceOwnerCampaignInfo:
type: object
description: Must be set only if the campaign type is SOURCE_OWNER.
properties:
sourceIds:
type: array
description: The list of sources to be included in the campaign.
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
searchCampaignInfo:
type: object
description: Must be set only if the campaign type is SEARCH.
properties:
type:
type: string
description: The type of search campaign represented.
enum:
- IDENTITY
- ACCESS
example: ACCESS
description:
type: string
description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.'
example: Search Campaign description
reviewer:
type: object
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
query:
type: string
description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set.
example: Search Campaign query description
identityIds:
type: array
description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set.
items:
type: string
maxItems: 1000
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
accessConstraints:
type: array
description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
- ACCESS_PROFILE
- ROLE
description: Type of Access
example: ENTITLEMENT
ids:
description: Must be set only if operator is SELECTED.
type: array
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
operator:
type: string
enum:
- ALL
- SELECTED
description: Used to determine whether the scope of the campaign should be reduced for selected ids or all.
example: SELECTED
required:
- type
- operator
maxItems: 1000
required:
- type
roleCompositionCampaignInfo:
type: object
description: Optional configuration options for role composition campaigns.
properties:
reviewer:
type: object
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
roleIds:
type: array
description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
remediatorRef:
type: object
description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.'
properties:
type:
type: string
enum:
- IDENTITY
description: Legal Remediator Type
example: IDENTITY
id:
type: string
description: The ID of the remediator.
example: 2c90ad2a70ace7d50170acf22ca90010
name:
type: string
description: The name of the remediator.
readOnly: true
example: Role Admin
required:
- type
- id
query:
type: string
description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
example: Search Query
description:
type: string
description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.'
example: Role Composition Description
required:
- remediatorRef
sourcesWithOrphanEntitlements:
type: array
description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).
readOnly: true
items:
type: object
properties:
id:
type: string
description: Id of the source
example: 2c90ad2a70ace7d50170acf22ca90010
type:
type: string
enum:
- SOURCE
description: Type
example: SOURCE
name:
type: string
description: Name of the source
example: Source with orphan entitlements
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
required:
- name
- description
- created
- modified
- campaign
examples:
Manager:
description: 'This creates a template that can be used to generate manager campaigns. The campaigns will have a due date that is two weeks after their creation date, and will be named "{current date} Manager Review" (e.g. "2020-03-16 Manager Review").'
value:
name: Manager Review
description: A review of everyone's access by their manager.
deadlineDuration: P2W
campaign:
name: Manager Review
description: Review everyone's access.
type: MANAGER
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
mandatoryCommentRequirement: NO_DECISIONS
Search:
description: This creates a template that can be used to generate search access campaigns. The campaigns will cover the "reporter" access item for across all identities.
value:
name: Reporting Access Review
description: A review of everyone's access to the reporting system.
deadlineDuration: P2W
campaign:
name: Search Review
description: Review everyone's access to the reporting system.
type: SEARCH
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
searchCampaignInfo:
type: ACCESS
query: '@access(name: ("reporter"))'
description: Identities with reporting abilities
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
mandatoryCommentRequirement: NO_DECISIONS
Source Owner:
description: 'This creates a template that can be used to generate source owner campaigns. The campaigns will have a due date that is one month after their creation date, and will review one source.'
value:
name: AD Source Review
description: A review of our AD source.
deadlineDuration: P1M
campaign:
name: Source Review
description: Review everyone's access.
type: SOURCE_OWNER
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
sourceOwnerCampaignInfo:
sourceIds:
- 2c918084707deba501709d45ce4e5569
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
RoleComposition:
description: 'This creates a template that can be used to generate role composition campaigns. The campaigns will have a due date that is two weeks after their creation date, and will be named "{current date} Role Composition Review" (e.g. "2020-03-16 Role Composition Review").'
value:
name: Role Composition Review
description: 'A review of every role''s access items, by the specified reviewer.'
deadlineDuration: P2W
campaign:
name: Role Composition Review
description: Review all our roles.
type: ROLE_COMPOSITION
roleCompositionCampaignInfo:
remediatorRef:
type: IDENTITY
id: 2c9180876ab2c053016ab6f65dfd5aaa
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
mandatoryCommentRequirement: NO_DECISIONS
responses:
'200':
description: Created successfully.
content:
application/json:
schema:
type: object
description: Campaign Template
properties:
id:
type: string
description: Id of the campaign template
example: 2c9079b270a266a60170a277bb960008
name:
type: string
description: This template's name. Has no bearing on generated campaigns' names.
example: Manager Campaign Template
description:
type: string
description: This template's description. Has no bearing on generated campaigns' descriptions.
example: Template for the annual manager campaign.
created:
type: string
description: Creation date of Campaign Template
readOnly: true
format: date-time
example: '2020-03-05T22:44:00.364Z'
modified:
type: string
description: Modification date of Campaign Template
readOnly: true
format: date-time
example: '2020-03-05T22:52:09.969Z'
scheduled:
type: boolean
readOnly: true
description: Indicates if this campaign template has been scheduled.
example: false
default: false
ownerRef:
type: object
description: 'The owner of this template, and the owner of campaigns generated from this template via a schedule. This field is automatically populated at creation time with the current user.'
properties:
id:
type: string
description: Id of the owner
example: 2c918086676d3e0601677611dbde220f
type:
type: string
enum:
- IDENTITY
description: Type of the owner
example: IDENTITY
name:
type: string
description: Name of the owner
example: Mister Manager
email:
type: string
description: Email of the owner
example: mr.manager@example.com
deadlineDuration:
type: string
description: 'The time period during which the campaign should be completed, formatted as an ISO-8601 Duration. When this template generates a campaign, the campaign''s deadline will be the current date plus this duration. For example, if generation occurred on 2020-01-01 and this field was "P2W" (two weeks), the resulting campaign''s deadline would be 2020-01-15 (the current date plus 14 days).'
example: P2W
campaign:
type: object
description: 'This will hold campaign related information like name, description etc.'
title: Campaign
allOf:
- type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
name:
description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
type: string
example: Manager Campaign
description:
type: string
description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
example: Everyone needs to be reviewed by their manager
deadline:
type: string
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
- type: object
properties:
modified:
type: string
readOnly: true
format: date-time
description: Modified time of the campaign
example: '2020-03-03T22:20:12.674Z'
correlatedStatus:
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
filter:
type: object
description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.
properties:
id:
type: string
description: The ID of whatever type of filter is being used.
example: 0fbe863c063c4c88a35fd7f17e8a3df5
type:
type: string
description: Type of the filter
enum:
- CAMPAIGN_FILTER
- RULE
example: CAMPAIGN_FILTER
name:
type: string
description: Name of the filter
example: Test Filter
sunsetCommentsRequired:
type: boolean
description: Determines if comments on sunset date changes are required.
default: true
example: true
sourceOwnerCampaignInfo:
type: object
description: Must be set only if the campaign type is SOURCE_OWNER.
properties:
sourceIds:
type: array
description: The list of sources to be included in the campaign.
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
searchCampaignInfo:
type: object
description: Must be set only if the campaign type is SEARCH.
properties:
type:
type: string
description: The type of search campaign represented.
enum:
- IDENTITY
- ACCESS
example: ACCESS
description:
type: string
description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.'
example: Search Campaign description
reviewer:
type: object
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
query:
type: string
description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set.
example: Search Campaign query description
identityIds:
type: array
description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set.
items:
type: string
maxItems: 1000
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
accessConstraints:
type: array
description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
- ACCESS_PROFILE
- ROLE
description: Type of Access
example: ENTITLEMENT
ids:
description: Must be set only if operator is SELECTED.
type: array
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
operator:
type: string
enum:
- ALL
- SELECTED
description: Used to determine whether the scope of the campaign should be reduced for selected ids or all.
example: SELECTED
required:
- type
- operator
maxItems: 1000
required:
- type
roleCompositionCampaignInfo:
type: object
description: Optional configuration options for role composition campaigns.
properties:
reviewer:
type: object
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
roleIds:
type: array
description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
remediatorRef:
type: object
description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.'
properties:
type:
type: string
enum:
- IDENTITY
description: Legal Remediator Type
example: IDENTITY
id:
type: string
description: The ID of the remediator.
example: 2c90ad2a70ace7d50170acf22ca90010
name:
type: string
description: The name of the remediator.
readOnly: true
example: Role Admin
required:
- type
- id
query:
type: string
description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
example: Search Query
description:
type: string
description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.'
example: Role Composition Description
required:
- remediatorRef
sourcesWithOrphanEntitlements:
type: array
description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).
readOnly: true
items:
type: object
properties:
id:
type: string
description: Id of the source
example: 2c90ad2a70ace7d50170acf22ca90010
type:
type: string
enum:
- SOURCE
description: Type
example: SOURCE
name:
type: string
description: Name of the source
example: Source with orphan entitlements
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
required:
- name
- description
- created
- modified
- campaign
examples:
Manager:
value:
id: e7dbec99d49349c8951bd84f58a05120
name: Manager Review
created: 2022-08-02T19:16:42.632Z
modified: null
description: A review of everyone's access by their manager.
deadlineDuration: P14D
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Manager Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Manager Review
description: Review everyone's access.
deadline: null
type: MANAGER
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
Search:
value:
id: b7e6459eed5247ac8b98a5fed81fe27f
name: Reporting Access Review
created: 2022-07-28T19:19:40.035Z
modified: null
description: A review of everyone's access to the reporting system.
deadlineDuration: P14D
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Search Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo:
type: ACCESS
description: Identities with reporting abilities
reviewerId: null
reviewer: null
query: '@access(name: ("reporter"))'
identityIds: null
accessConstraints: []
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Search Campaign Review
description: Review everyone's access to the reporting system.
deadline: null
type: SEARCH
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
Source Owner:
value:
id: b9f41bc69e7a4291b9de0630396d030d
name: AD Source Review
created: 2022-08-02T13:40:36.857Z
modified: null
description: A review of our AD source.
deadlineDuration: P1M
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Source Owner Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo:
sourceIds:
- 2c918084707deba501709d45ce4e5569
searchCampaignInfo: null
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: AD Source Review
description: Review everyone's access.
deadline: null
type: SOURCE_OWNER
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
RoleComposition:
value:
id: b9f41bc69e7a4291b9de0630396d030d
name: Campaign With Admin Role
created: 2022-08-02T13:40:36.857Z
modified: null
description: Campaign With Admin Role
deadlineDuration: null
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter: null
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo:
remediatorRef:
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
reviewerId: null
reviewer: null
roleIds:
- b15d609fc5c8434b865fe552315fda8f
query: null
description: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Campaign With Admin Role
description: Campaign With Admin Role
deadline: null
type: ROLE_COMPOSITION
status: null
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
operationId: listCampaignTemplates
tags:
- Certification Campaigns
summary: List Campaign Templates
description: |-
Lists all CampaignTemplates. Scope can be reduced via standard V3 query params.
All CampaignTemplates matching the query params
security:
- UserContextAuth:
- 'idn:campaign-template-list:read'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, created, modified**
example: name
- in: query
name: filters
schema:
type: string
format: comma-separated
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**name**: *eq, ge, gt, in, le, lt, ne, sw*
**id**: *eq, ge, gt, in, le, lt, ne, sw*
example: name eq "manager template"
responses:
'200':
description: List of campaign template objects
content:
application/json:
schema:
type: array
items:
type: object
description: Campaign Template
properties:
id:
type: string
description: Id of the campaign template
example: 2c9079b270a266a60170a277bb960008
name:
type: string
description: This template's name. Has no bearing on generated campaigns' names.
example: Manager Campaign Template
description:
type: string
description: This template's description. Has no bearing on generated campaigns' descriptions.
example: Template for the annual manager campaign.
created:
type: string
description: Creation date of Campaign Template
readOnly: true
format: date-time
example: '2020-03-05T22:44:00.364Z'
modified:
type: string
description: Modification date of Campaign Template
readOnly: true
format: date-time
example: '2020-03-05T22:52:09.969Z'
scheduled:
type: boolean
readOnly: true
description: Indicates if this campaign template has been scheduled.
example: false
default: false
ownerRef:
type: object
description: 'The owner of this template, and the owner of campaigns generated from this template via a schedule. This field is automatically populated at creation time with the current user.'
properties:
id:
type: string
description: Id of the owner
example: 2c918086676d3e0601677611dbde220f
type:
type: string
enum:
- IDENTITY
description: Type of the owner
example: IDENTITY
name:
type: string
description: Name of the owner
example: Mister Manager
email:
type: string
description: Email of the owner
example: mr.manager@example.com
deadlineDuration:
type: string
description: 'The time period during which the campaign should be completed, formatted as an ISO-8601 Duration. When this template generates a campaign, the campaign''s deadline will be the current date plus this duration. For example, if generation occurred on 2020-01-01 and this field was "P2W" (two weeks), the resulting campaign''s deadline would be 2020-01-15 (the current date plus 14 days).'
example: P2W
campaign:
type: object
description: 'This will hold campaign related information like name, description etc.'
title: Campaign
allOf:
- type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
name:
description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
type: string
example: Manager Campaign
description:
type: string
description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
example: Everyone needs to be reviewed by their manager
deadline:
type: string
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
- type: object
properties:
modified:
type: string
readOnly: true
format: date-time
description: Modified time of the campaign
example: '2020-03-03T22:20:12.674Z'
correlatedStatus:
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
filter:
type: object
description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.
properties:
id:
type: string
description: The ID of whatever type of filter is being used.
example: 0fbe863c063c4c88a35fd7f17e8a3df5
type:
type: string
description: Type of the filter
enum:
- CAMPAIGN_FILTER
- RULE
example: CAMPAIGN_FILTER
name:
type: string
description: Name of the filter
example: Test Filter
sunsetCommentsRequired:
type: boolean
description: Determines if comments on sunset date changes are required.
default: true
example: true
sourceOwnerCampaignInfo:
type: object
description: Must be set only if the campaign type is SOURCE_OWNER.
properties:
sourceIds:
type: array
description: The list of sources to be included in the campaign.
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
searchCampaignInfo:
type: object
description: Must be set only if the campaign type is SEARCH.
properties:
type:
type: string
description: The type of search campaign represented.
enum:
- IDENTITY
- ACCESS
example: ACCESS
description:
type: string
description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.'
example: Search Campaign description
reviewer:
type: object
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
query:
type: string
description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set.
example: Search Campaign query description
identityIds:
type: array
description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set.
items:
type: string
maxItems: 1000
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
accessConstraints:
type: array
description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
- ACCESS_PROFILE
- ROLE
description: Type of Access
example: ENTITLEMENT
ids:
description: Must be set only if operator is SELECTED.
type: array
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
operator:
type: string
enum:
- ALL
- SELECTED
description: Used to determine whether the scope of the campaign should be reduced for selected ids or all.
example: SELECTED
required:
- type
- operator
maxItems: 1000
required:
- type
roleCompositionCampaignInfo:
type: object
description: Optional configuration options for role composition campaigns.
properties:
reviewer:
type: object
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
roleIds:
type: array
description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
remediatorRef:
type: object
description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.'
properties:
type:
type: string
enum:
- IDENTITY
description: Legal Remediator Type
example: IDENTITY
id:
type: string
description: The ID of the remediator.
example: 2c90ad2a70ace7d50170acf22ca90010
name:
type: string
description: The name of the remediator.
readOnly: true
example: Role Admin
required:
- type
- id
query:
type: string
description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
example: Search Query
description:
type: string
description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.'
example: Role Composition Description
required:
- remediatorRef
sourcesWithOrphanEntitlements:
type: array
description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).
readOnly: true
items:
type: object
properties:
id:
type: string
description: Id of the source
example: 2c90ad2a70ace7d50170acf22ca90010
type:
type: string
enum:
- SOURCE
description: Type
example: SOURCE
name:
type: string
description: Name of the source
example: Source with orphan entitlements
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
required:
- name
- description
- created
- modified
- campaign
example:
- id: e7dbec99d49349c8951bd84f58a05120
name: Manager Review
created: 2022-08-02T19:16:42.632Z
modified: null
description: A review of everyone's access by their manager.
deadlineDuration: P14D
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Manager Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Manager Review
description: Review everyone's access.
deadline: null
type: MANAGER
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
mandatoryCommentRequirement: NO_DECISIONS
- id: b7e6459eed5247ac8b98a5fed81fe27f
name: Reporting Access Review
created: 2022-07-28T19:19:40.035Z
modified: null
description: A review of everyone's access to the reporting system.
deadlineDuration: P14D
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Search Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo:
type: ACCESS
description: Identities with reporting abilities
reviewerId: null
reviewer: null
query: '@access(name: ("reporter"))'
identityIds: null
accessConstraints: []
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Search Campaign
description: Review everyone's access to the reporting system.
deadline: null
type: SEARCH
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
mandatoryCommentRequirement: NO_DECISIONS
- id: b9f41bc69e7a4291b9de0630396d030d
name: Campaign With Admin Role
created: 2022-08-02T13:40:36.857Z
modified: null
description: Campaign With Admin Role
deadlineDuration: null
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter: null
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo:
remediatorRef:
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
reviewerId: null
reviewer: null
roleIds:
- b15d609fc5c8434b865fe552315fda8f
query: null
description: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Campaign With Admin Role
description: Campaign With Admin Role
deadline: null
type: ROLE_COMPOSITION
status: null
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
mandatoryCommentRequirement: NO_DECISIONS
- id: b9f41bc69e7a4291b9de0630396d030d
name: AD Source Review
created: 2022-08-02T13:40:36.857Z
modified: null
description: A review of our AD source.
deadlineDuration: P1M
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Source Owner Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo:
sourceIds:
- 2c918084707deba501709d45ce4e5569
searchCampaignInfo: null
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: AD Source Review
description: Review everyone's access.
deadline: null
type: SOURCE_OWNER
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/campaign-templates/{id}':
patch:
operationId: patchCampaignTemplate
tags:
- Certification Campaigns
summary: Update a Campaign Template
description: 'Allows updating individual fields on a campaign template using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.'
security:
- UserContextAuth:
- 'idn:campaign-template:update'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the campaign template being modified.
example: 2c9180835d191a86015d28455b4a2329
requestBody:
required: true
description: |
A list of campaign update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
The following fields are patchable:
* name
* description
* deadlineDuration
* campaign (all fields that are allowed during create)
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /description
value: Updated description!
- op: replace
path: /campaign/filter/id
value: ff80818155fe8c080155fe8d925b0316
responses:
'200':
description: 'Indicates the PATCH operation succeeded, and returns the template''s new representation.'
content:
application/json:
schema:
type: object
description: Campaign Template
properties:
id:
type: string
description: Id of the campaign template
example: 2c9079b270a266a60170a277bb960008
name:
type: string
description: This template's name. Has no bearing on generated campaigns' names.
example: Manager Campaign Template
description:
type: string
description: This template's description. Has no bearing on generated campaigns' descriptions.
example: Template for the annual manager campaign.
created:
type: string
description: Creation date of Campaign Template
readOnly: true
format: date-time
example: '2020-03-05T22:44:00.364Z'
modified:
type: string
description: Modification date of Campaign Template
readOnly: true
format: date-time
example: '2020-03-05T22:52:09.969Z'
scheduled:
type: boolean
readOnly: true
description: Indicates if this campaign template has been scheduled.
example: false
default: false
ownerRef:
type: object
description: 'The owner of this template, and the owner of campaigns generated from this template via a schedule. This field is automatically populated at creation time with the current user.'
properties:
id:
type: string
description: Id of the owner
example: 2c918086676d3e0601677611dbde220f
type:
type: string
enum:
- IDENTITY
description: Type of the owner
example: IDENTITY
name:
type: string
description: Name of the owner
example: Mister Manager
email:
type: string
description: Email of the owner
example: mr.manager@example.com
deadlineDuration:
type: string
description: 'The time period during which the campaign should be completed, formatted as an ISO-8601 Duration. When this template generates a campaign, the campaign''s deadline will be the current date plus this duration. For example, if generation occurred on 2020-01-01 and this field was "P2W" (two weeks), the resulting campaign''s deadline would be 2020-01-15 (the current date plus 14 days).'
example: P2W
campaign:
type: object
description: 'This will hold campaign related information like name, description etc.'
title: Campaign
allOf:
- type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
name:
description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
type: string
example: Manager Campaign
description:
type: string
description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
example: Everyone needs to be reviewed by their manager
deadline:
type: string
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
- type: object
properties:
modified:
type: string
readOnly: true
format: date-time
description: Modified time of the campaign
example: '2020-03-03T22:20:12.674Z'
correlatedStatus:
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
filter:
type: object
description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.
properties:
id:
type: string
description: The ID of whatever type of filter is being used.
example: 0fbe863c063c4c88a35fd7f17e8a3df5
type:
type: string
description: Type of the filter
enum:
- CAMPAIGN_FILTER
- RULE
example: CAMPAIGN_FILTER
name:
type: string
description: Name of the filter
example: Test Filter
sunsetCommentsRequired:
type: boolean
description: Determines if comments on sunset date changes are required.
default: true
example: true
sourceOwnerCampaignInfo:
type: object
description: Must be set only if the campaign type is SOURCE_OWNER.
properties:
sourceIds:
type: array
description: The list of sources to be included in the campaign.
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
searchCampaignInfo:
type: object
description: Must be set only if the campaign type is SEARCH.
properties:
type:
type: string
description: The type of search campaign represented.
enum:
- IDENTITY
- ACCESS
example: ACCESS
description:
type: string
description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.'
example: Search Campaign description
reviewer:
type: object
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
query:
type: string
description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set.
example: Search Campaign query description
identityIds:
type: array
description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set.
items:
type: string
maxItems: 1000
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
accessConstraints:
type: array
description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
- ACCESS_PROFILE
- ROLE
description: Type of Access
example: ENTITLEMENT
ids:
description: Must be set only if operator is SELECTED.
type: array
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
operator:
type: string
enum:
- ALL
- SELECTED
description: Used to determine whether the scope of the campaign should be reduced for selected ids or all.
example: SELECTED
required:
- type
- operator
maxItems: 1000
required:
- type
roleCompositionCampaignInfo:
type: object
description: Optional configuration options for role composition campaigns.
properties:
reviewer:
type: object
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
roleIds:
type: array
description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
remediatorRef:
type: object
description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.'
properties:
type:
type: string
enum:
- IDENTITY
description: Legal Remediator Type
example: IDENTITY
id:
type: string
description: The ID of the remediator.
example: 2c90ad2a70ace7d50170acf22ca90010
name:
type: string
description: The name of the remediator.
readOnly: true
example: Role Admin
required:
- type
- id
query:
type: string
description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
example: Search Query
description:
type: string
description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.'
example: Role Composition Description
required:
- remediatorRef
sourcesWithOrphanEntitlements:
type: array
description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).
readOnly: true
items:
type: object
properties:
id:
type: string
description: Id of the source
example: 2c90ad2a70ace7d50170acf22ca90010
type:
type: string
enum:
- SOURCE
description: Type
example: SOURCE
name:
type: string
description: Name of the source
example: Source with orphan entitlements
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
required:
- name
- description
- created
- modified
- campaign
examples:
Manager:
value:
id: e7dbec99d49349c8951bd84f58a05120
name: Manager Review
created: 2022-08-02T19:16:42.632Z
modified: null
description: A review of everyone's access by their manager.
deadlineDuration: P14D
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Manager Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Manager Review
description: Review everyone's access.
deadline: null
type: MANAGER
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
Search:
value:
id: b7e6459eed5247ac8b98a5fed81fe27f
name: Reporting Access Review
created: 2022-07-28T19:19:40.035Z
modified: null
description: A review of everyone's access to the reporting system.
deadlineDuration: P14D
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Search Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo:
type: ACCESS
description: Identities with reporting abilities
reviewerId: null
reviewer: null
query: '@access(name: ("reporter"))'
identityIds: null
accessConstraints: []
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Search Campaign Review
description: Review everyone's access to the reporting system.
deadline: null
type: SEARCH
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
Source Owner:
value:
id: b9f41bc69e7a4291b9de0630396d030d
name: AD Source Review
created: 2022-08-02T13:40:36.857Z
modified: null
description: A review of our AD source.
deadlineDuration: P1M
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Source Owner Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo:
sourceIds:
- 2c918084707deba501709d45ce4e5569
searchCampaignInfo: null
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: AD Source Review
description: Review everyone's access.
deadline: null
type: SOURCE_OWNER
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
RoleComposition:
value:
id: b9f41bc69e7a4291b9de0630396d030d
name: Campaign With Admin Role
created: 2022-08-02T13:40:36.857Z
modified: null
description: Campaign With Admin Role
deadlineDuration: null
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter: null
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo:
remediatorRef:
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
reviewerId: null
reviewer: null
roleIds:
- b15d609fc5c8434b865fe552315fda8f
query: null
description: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Campaign With Admin Role
description: Campaign With Admin Role
deadline: null
type: ROLE_COMPOSITION
status: null
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
operationId: getCampaignTemplate
tags:
- Certification Campaigns
summary: Get a Campaign Template
description: Fetches a campaign template by ID.
security:
- UserContextAuth:
- 'idn:campaign-template:read'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The desired campaign template's ID.
example: 2c9180835d191a86015d28455b4a2329
responses:
'200':
description: The data for the campaign matching the given ID.
content:
application/json:
schema:
type: object
description: Campaign Template
properties:
id:
type: string
description: Id of the campaign template
example: 2c9079b270a266a60170a277bb960008
name:
type: string
description: This template's name. Has no bearing on generated campaigns' names.
example: Manager Campaign Template
description:
type: string
description: This template's description. Has no bearing on generated campaigns' descriptions.
example: Template for the annual manager campaign.
created:
type: string
description: Creation date of Campaign Template
readOnly: true
format: date-time
example: '2020-03-05T22:44:00.364Z'
modified:
type: string
description: Modification date of Campaign Template
readOnly: true
format: date-time
example: '2020-03-05T22:52:09.969Z'
scheduled:
type: boolean
readOnly: true
description: Indicates if this campaign template has been scheduled.
example: false
default: false
ownerRef:
type: object
description: 'The owner of this template, and the owner of campaigns generated from this template via a schedule. This field is automatically populated at creation time with the current user.'
properties:
id:
type: string
description: Id of the owner
example: 2c918086676d3e0601677611dbde220f
type:
type: string
enum:
- IDENTITY
description: Type of the owner
example: IDENTITY
name:
type: string
description: Name of the owner
example: Mister Manager
email:
type: string
description: Email of the owner
example: mr.manager@example.com
deadlineDuration:
type: string
description: 'The time period during which the campaign should be completed, formatted as an ISO-8601 Duration. When this template generates a campaign, the campaign''s deadline will be the current date plus this duration. For example, if generation occurred on 2020-01-01 and this field was "P2W" (two weeks), the resulting campaign''s deadline would be 2020-01-15 (the current date plus 14 days).'
example: P2W
campaign:
type: object
description: 'This will hold campaign related information like name, description etc.'
title: Campaign
allOf:
- type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
name:
description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
type: string
example: Manager Campaign
description:
type: string
description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.'
example: Everyone needs to be reviewed by their manager
deadline:
type: string
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
- type: object
properties:
modified:
type: string
readOnly: true
format: date-time
description: Modified time of the campaign
example: '2020-03-03T22:20:12.674Z'
correlatedStatus:
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
filter:
type: object
description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.
properties:
id:
type: string
description: The ID of whatever type of filter is being used.
example: 0fbe863c063c4c88a35fd7f17e8a3df5
type:
type: string
description: Type of the filter
enum:
- CAMPAIGN_FILTER
- RULE
example: CAMPAIGN_FILTER
name:
type: string
description: Name of the filter
example: Test Filter
sunsetCommentsRequired:
type: boolean
description: Determines if comments on sunset date changes are required.
default: true
example: true
sourceOwnerCampaignInfo:
type: object
description: Must be set only if the campaign type is SOURCE_OWNER.
properties:
sourceIds:
type: array
description: The list of sources to be included in the campaign.
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
searchCampaignInfo:
type: object
description: Must be set only if the campaign type is SEARCH.
properties:
type:
type: string
description: The type of search campaign represented.
enum:
- IDENTITY
- ACCESS
example: ACCESS
description:
type: string
description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.'
example: Search Campaign description
reviewer:
type: object
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
query:
type: string
description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set.
example: Search Campaign query description
identityIds:
type: array
description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set.
items:
type: string
maxItems: 1000
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
accessConstraints:
type: array
description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
- ACCESS_PROFILE
- ROLE
description: Type of Access
example: ENTITLEMENT
ids:
description: Must be set only if operator is SELECTED.
type: array
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
operator:
type: string
enum:
- ALL
- SELECTED
description: Used to determine whether the scope of the campaign should be reduced for selected ids or all.
example: SELECTED
required:
- type
- operator
maxItems: 1000
required:
- type
roleCompositionCampaignInfo:
type: object
description: Optional configuration options for role composition campaigns.
properties:
reviewer:
type: object
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
roleIds:
type: array
description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
remediatorRef:
type: object
description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.'
properties:
type:
type: string
enum:
- IDENTITY
description: Legal Remediator Type
example: IDENTITY
id:
type: string
description: The ID of the remediator.
example: 2c90ad2a70ace7d50170acf22ca90010
name:
type: string
description: The name of the remediator.
readOnly: true
example: Role Admin
required:
- type
- id
query:
type: string
description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
example: Search Query
description:
type: string
description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.'
example: Role Composition Description
required:
- remediatorRef
sourcesWithOrphanEntitlements:
type: array
description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).
readOnly: true
items:
type: object
properties:
id:
type: string
description: Id of the source
example: 2c90ad2a70ace7d50170acf22ca90010
type:
type: string
enum:
- SOURCE
description: Type
example: SOURCE
name:
type: string
description: Name of the source
example: Source with orphan entitlements
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
required:
- name
- description
- created
- modified
- campaign
examples:
Manager:
value:
id: e7dbec99d49349c8951bd84f58a05120
name: Manager Review
created: 2022-08-02T19:16:42.632Z
modified: null
description: A review of everyone's access by their manager.
deadlineDuration: P14D
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Manager Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Manager Review
description: Review everyone's access.
deadline: null
type: MANAGER
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
Search:
value:
id: b7e6459eed5247ac8b98a5fed81fe27f
name: Reporting Access Review
created: 2022-07-28T19:19:40.035Z
modified: null
description: A review of everyone's access to the reporting system.
deadlineDuration: P14D
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Search Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo:
type: ACCESS
description: Identities with reporting abilities
reviewerId: null
reviewer: null
query: '@access(name: ("reporter"))'
identityIds: null
accessConstraints: []
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Search Campaign Review
description: Review everyone's access to the reporting system.
deadline: null
type: SEARCH
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
Source Owner:
value:
id: b9f41bc69e7a4291b9de0630396d030d
name: AD Source Review
created: 2022-08-02T13:40:36.857Z
modified: null
description: A review of our AD source.
deadlineDuration: P1M
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Source Owner Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo:
sourceIds:
- 2c918084707deba501709d45ce4e5569
searchCampaignInfo: null
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: AD Source Review
description: Review everyone's access.
deadline: null
type: SOURCE_OWNER
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
RoleComposition:
value:
id: b9f41bc69e7a4291b9de0630396d030d
name: Campaign With Admin Role
created: 2022-08-02T13:40:36.857Z
modified: null
description: Campaign With Admin Role
deadlineDuration: null
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter: null
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo:
remediatorRef:
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
reviewerId: null
reviewer: null
roleIds:
- b15d609fc5c8434b865fe552315fda8f
query: null
description: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Campaign With Admin Role
description: Campaign With Admin Role
deadline: null
type: ROLE_COMPOSITION
status: null
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteCampaignTemplate
tags:
- Certification Campaigns
summary: Delete a Campaign Template
description: Deletes a campaign template by ID.
security:
- UserContextAuth:
- 'idn:campaign-template:delete'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the campaign template being deleted.
example: 2c9180835d191a86015d28455b4a2329
responses:
'204':
description: The campaign template was successfully deleted.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/campaign-templates/{id}/schedule':
get:
operationId: getCampaignTemplateSchedule
tags:
- Certification Campaigns
summary: Gets a Campaign Template's Schedule
description: Gets the schedule for a campaign template. Returns a 404 if there is no schedule set.
security:
- UserContextAuth:
- 'idn:campaign-template:read'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the campaign template whose schedule is being fetched.
example: 04bedce387bd47b2ae1f86eb0bb36dee
responses:
'200':
description: The current schedule for the campaign template. See the PUT endpoint documentation for more examples.
content:
application/json:
schema:
type: object
properties:
type:
type: string
description: 'Determines the overall schedule cadence. In general, all time period fields smaller than the chosen type can be configured. For example, a DAILY schedule can have ''hours'' set, but not ''days''; a WEEKLY schedule can have both ''hours'' and ''days'' set.'
enum:
- WEEKLY
- MONTHLY
- ANNUALLY
- CALENDAR
example: WEEKLY
months:
type: object
description: |
Specifies which months of a schedule are active. Only valid for ANNUALLY schedule types. Examples:
On February and March:
* type LIST
* values "2", "3"
Every 3 months, starting in January (quarterly):
* type LIST
* values "1"
* interval 3
Every two months between July and December:
* type RANGE
* values "7", "12"
* interval 2
properties:
type:
type: string
description: Enum type to specify months value
enum:
- LIST
- RANGE
example: LIST
values:
type: array
description: Values of the months based on the enum type mentioned above
items:
type: string
example:
- '1'
interval:
type: integer
example: 2
format: int64
description: Interval between the cert generations
required:
- type
- values
days:
type: object
description: |
Specifies which day(s) a schedule is active for. This is required for all schedule types.
The "values" field holds different data depending on the type of schedule:
* WEEKLY: days of the week (1-7)
* MONTHLY: days of the month (1-31, L, L-1...)
* ANNUALLY: if the "months" field is also set: days of the month (1-31, L, L-1...); otherwise: ISO-8601 dates without year ("--12-31")
* CALENDAR: ISO-8601 dates ("2020-12-31")
Note that CALENDAR only supports the LIST type, and ANNUALLY does not support the RANGE type when provided
with ISO-8601 dates without year.
Examples:
On Sundays:
* type LIST
* values "1"
The second to last day of the month:
* type LIST
* values "L-1"
From the 20th to the last day of the month:
* type RANGE
* values "20", "L"
Every March 2nd:
* type LIST
* values "--03-02"
On March 2nd, 2021:
* type: LIST
* values "2021-03-02"
properties:
type:
type: string
description: Enum type to specify days value
enum:
- LIST
- RANGE
example: LIST
values:
type: array
description: Values of the days based on the enum type mentioned above
items:
type: string
example:
- '1'
interval:
type: integer
example: 2
format: int64
description: Interval between the cert generations
required:
- type
- values
hours:
type: object
description: |
Specifies which hour(s) a schedule is active for. Examples:
Every three hours starting from 8AM, inclusive:
* type LIST
* values "8"
* interval 3
During business hours:
* type RANGE
* values "9", "5"
At 5AM, noon, and 5PM:
* type LIST
* values "5", "12", "17"
properties:
type:
type: string
description: Enum type to specify hours value
enum:
- LIST
- RANGE
example: LIST
values:
type: array
description: Values of the days based on the enum type mentioned above
items:
type: string
example:
- '1'
interval:
type: integer
format: int64
example: 2
description: Interval between the cert generations
required:
- type
- values
expiration:
type: string
format: date-time
description: Specifies the time after which this schedule will no longer occur.
example: '2022-09-19 13:55:26'
timeZoneId:
type: string
description: 'The time zone to use when running the schedule. For instance, if the schedule is scheduled to run at 1AM, and this field is set to "CST", the schedule will run at 1AM CST.'
example: CST
required:
- type
- hours
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: setCampaignTemplateSchedule
tags:
- Certification Campaigns
summary: Sets a Campaign Template's Schedule
description: 'Sets the schedule for a campaign template. If a schedule already exists, it will be overwritten with the new one.'
security:
- UserContextAuth:
- 'idn:campaign-template:run'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the campaign template being scheduled.
example: 04bedce387bd47b2ae1f86eb0bb36dee
requestBody:
content:
application/json:
schema:
type: object
properties:
type:
type: string
description: 'Determines the overall schedule cadence. In general, all time period fields smaller than the chosen type can be configured. For example, a DAILY schedule can have ''hours'' set, but not ''days''; a WEEKLY schedule can have both ''hours'' and ''days'' set.'
enum:
- WEEKLY
- MONTHLY
- ANNUALLY
- CALENDAR
example: WEEKLY
months:
type: object
description: |
Specifies which months of a schedule are active. Only valid for ANNUALLY schedule types. Examples:
On February and March:
* type LIST
* values "2", "3"
Every 3 months, starting in January (quarterly):
* type LIST
* values "1"
* interval 3
Every two months between July and December:
* type RANGE
* values "7", "12"
* interval 2
properties:
type:
type: string
description: Enum type to specify months value
enum:
- LIST
- RANGE
example: LIST
values:
type: array
description: Values of the months based on the enum type mentioned above
items:
type: string
example:
- '1'
interval:
type: integer
example: 2
format: int64
description: Interval between the cert generations
required:
- type
- values
days:
type: object
description: |
Specifies which day(s) a schedule is active for. This is required for all schedule types.
The "values" field holds different data depending on the type of schedule:
* WEEKLY: days of the week (1-7)
* MONTHLY: days of the month (1-31, L, L-1...)
* ANNUALLY: if the "months" field is also set: days of the month (1-31, L, L-1...); otherwise: ISO-8601 dates without year ("--12-31")
* CALENDAR: ISO-8601 dates ("2020-12-31")
Note that CALENDAR only supports the LIST type, and ANNUALLY does not support the RANGE type when provided
with ISO-8601 dates without year.
Examples:
On Sundays:
* type LIST
* values "1"
The second to last day of the month:
* type LIST
* values "L-1"
From the 20th to the last day of the month:
* type RANGE
* values "20", "L"
Every March 2nd:
* type LIST
* values "--03-02"
On March 2nd, 2021:
* type: LIST
* values "2021-03-02"
properties:
type:
type: string
description: Enum type to specify days value
enum:
- LIST
- RANGE
example: LIST
values:
type: array
description: Values of the days based on the enum type mentioned above
items:
type: string
example:
- '1'
interval:
type: integer
example: 2
format: int64
description: Interval between the cert generations
required:
- type
- values
hours:
type: object
description: |
Specifies which hour(s) a schedule is active for. Examples:
Every three hours starting from 8AM, inclusive:
* type LIST
* values "8"
* interval 3
During business hours:
* type RANGE
* values "9", "5"
At 5AM, noon, and 5PM:
* type LIST
* values "5", "12", "17"
properties:
type:
type: string
description: Enum type to specify hours value
enum:
- LIST
- RANGE
example: LIST
values:
type: array
description: Values of the days based on the enum type mentioned above
items:
type: string
example:
- '1'
interval:
type: integer
format: int64
example: 2
description: Interval between the cert generations
required:
- type
- values
expiration:
type: string
format: date-time
description: Specifies the time after which this schedule will no longer occur.
example: '2022-09-19 13:55:26'
timeZoneId:
type: string
description: 'The time zone to use when running the schedule. For instance, if the schedule is scheduled to run at 1AM, and this field is set to "CST", the schedule will run at 1AM CST.'
example: CST
required:
- type
- hours
examples:
Monthly:
description: 'Runs on the 15th and last day of the month, at 5PM.'
value:
type: MONTHLY
hours:
type: LIST
values:
- '17'
days:
type: LIST
values:
- '15'
Once a year:
description: Runs every January 1st at midnight.
value:
type: ANNUALLY
hours:
type: LIST
values:
- '0'
days:
type: LIST
values:
- '--01-01'
Quarterly:
description: Runs once a quarter (every 3 months) on the first of the month at 1AM.
value:
type: ANNUALLY
hours:
type: LIST
values:
- '1'
days:
type: LIST
values:
- '1'
months:
type: LIST
values:
- '1'
interval: 3
Yearly on Specific Days:
description: 'Runs on March 12 and December 5 at 1AM, every year.'
value:
type: ANNUALLY
hours:
type: LIST
values:
- '1'
days:
type: LIST
values:
- '--03-12'
- '--12-05'
On a Specific Date:
description: 'Runs at 1AM on February 18th, 2020'
value:
type: CALENDAR
hours:
type: LIST
values:
- '1'
days:
type: LIST
values:
- '2020-02-18'
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteCampaignTemplateSchedule
tags:
- Certification Campaigns
summary: Deletes a Campaign Template's Schedule
description: Deletes the schedule for a campaign template. Returns a 404 if there is no schedule set.
security:
- UserContextAuth:
- 'idn:campaign-template:run'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the campaign template whose schedule is being deleted.
example: 04bedce387bd47b2ae1f86eb0bb36dee
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/campaign-templates/{id}/generate':
post:
operationId: startGenerateCampaignTemplate
tags:
- Certification Campaigns
summary: Generate a Campaign from Template
security:
- UserContextAuth:
- 'idn:campaign-template:run'
description: |-
Generates a new campaign from a campaign template.
The campaign object contained in the template has special formatting applied to its name and description fields in order to determine the generated campaign's name/description. Placeholders in those fields are formatted with the current date and time upon generation.
Placeholders consist of a percent sign followed by a letter indicating what should be inserted; for example, "%Y" will insert the current year; a campaign template named "Campaign for %y" would generate a campaign called "Campaign for 2020" (assuming the year at generation time is 2020).
Valid placeholders are the date/time conversion suffix characters supported by [java.util.Formatter](https://docs.oracle.com/javase/8/docs/api/java/util/Formatter.html).
Requires roles ORG_ADMIN.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the campaign template to use for generation.
example: 2c9180835d191a86015d28455b4a2329
responses:
'200':
description: 'Indicates a campaign was successfully generated from this template, and returns a reference to the new campaign.'
content:
application/json:
schema:
type: object
required:
- id
- name
- type
- campaignType
- description
- correlatedStatus
- mandatoryCommentRequirement
properties:
id:
type: string
description: The unique ID of the campaign.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the campaign.
example: Campaign Name
type:
type: string
enum:
- CAMPAIGN
description: The type of object that is being referenced.
example: CAMPAIGN
campaignType:
type: string
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
description: The type of the campaign.
example: MANAGER
description:
type: string
description: The description of the campaign set by the admin who created it.
nullable: true
example: A description of the campaign
correlatedStatus:
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/certifications:
get:
operationId: listIdentityCertifications
tags:
- Certifications
summary: Identity Campaign Certifications by IDs
description: 'This API returns a list of identity campaign certifications that satisfy the given query parameters. Any authenticated token can call this API, but only certifications you are authorized to review will be returned. This API does not support requests for certifications assigned to Governance Groups.'
parameters:
- in: query
name: reviewer-identity
schema:
type: string
example: me
description: The ID of reviewer identity. *me* indicates the current user.
required: false
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
required: false
schema:
type: string
example: id eq "ef38f94347e94562b5bb8424a56397d8"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**campaign.id**: *eq, in*
**phase**: *eq*
**completed**: *eq, ne*
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
example: 'name,due'
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, due, signed**
responses:
'200':
description: List of identity campaign certifications
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
example: 2c9180835d2e5168015d32f890ca1581
type: string
description: id of the certification
name:
example: 'Source Owner Access Review for Employees [source]'
type: string
description: name of the certification
campaign:
type: object
required:
- id
- name
- type
- campaignType
- description
- correlatedStatus
- mandatoryCommentRequirement
properties:
id:
type: string
description: The unique ID of the campaign.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the campaign.
example: Campaign Name
type:
type: string
enum:
- CAMPAIGN
description: The type of object that is being referenced.
example: CAMPAIGN
campaignType:
type: string
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
description: The type of the campaign.
example: MANAGER
description:
type: string
description: The description of the campaign set by the admin who created it.
nullable: true
example: A description of the campaign
correlatedStatus:
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
completed:
type: boolean
description: Have all decisions been made?
example: true
identitiesCompleted:
type: integer
description: The number of identities for whom all decisions have been made and are complete.
example: 5
format: int32
identitiesTotal:
type: integer
description: 'The total number of identities in the Certification, both complete and incomplete.'
example: 10
format: int32
created:
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: created date
modified:
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: modified date
decisionsMade:
type: integer
description: The number of approve/revoke/acknowledge decisions that have been made.
example: 20
format: int32
decisionsTotal:
type: integer
description: The total number of approve/revoke/acknowledge decisions.
example: 40
format: int32
due:
type: string
format: date-time
description: The due date of the certification.
example: '2018-10-19T13:49:37.385Z'
signed:
type: string
format: date-time
nullable: true
description: The date the reviewer signed off on the Certification.
example: '2018-10-19T13:49:37.385Z'
reviewer:
type: object
properties:
id:
type: string
description: The id of the reviewer.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the reviewer.
example: Reviewer Name
email:
type: string
description: The email of the reviewing identity.
example: reviewer@test.com
type:
type: string
enum:
- IDENTITY
description: The type of the reviewing identity.
example: IDENTITY
created:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The created date of the reviewing identity.
modified:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The modified date of the reviewing identity.
reassignment:
type: object
nullable: true
properties:
from:
type: object
properties:
id:
type: string
description: The id of the certification.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the certification.
example: Certification Name
type:
type: string
enum:
- CERTIFICATION
example: CERTIFICATION
reviewer:
type: object
properties:
id:
type: string
description: The id of the reviewer.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the reviewer.
example: Reviewer Name
email:
type: string
description: The email of the reviewing identity.
example: reviewer@test.com
type:
type: string
enum:
- IDENTITY
description: The type of the reviewing identity.
example: IDENTITY
created:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The created date of the reviewing identity.
modified:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The modified date of the reviewing identity.
comment:
type: string
description: The comment entered when the Certification was reassigned
example: Reassigned for a reason
hasErrors:
description: Identifies if the certification has an error
type: boolean
example: false
errorMessage:
description: Description of the certification error
nullable: true
type: string
example: The certification has an error
phase:
type: string
description: |
The current phase of the campaign.
* `STAGED`: The campaign is waiting to be activated.
* `ACTIVE`: The campaign is active.
* `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete.
enum:
- STAGED
- ACTIVE
- SIGNED
example: ACTIVE
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/certifications/{id}':
get:
operationId: getIdentityCertification
tags:
- Certifications
summary: Identity Certification by ID
description: This API returns a single identity campaign certification by its ID. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The certification id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: An identity campaign certification object
content:
application/json:
schema:
type: object
properties:
id:
example: 2c9180835d2e5168015d32f890ca1581
type: string
description: id of the certification
name:
example: 'Source Owner Access Review for Employees [source]'
type: string
description: name of the certification
campaign:
type: object
required:
- id
- name
- type
- campaignType
- description
- correlatedStatus
- mandatoryCommentRequirement
properties:
id:
type: string
description: The unique ID of the campaign.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the campaign.
example: Campaign Name
type:
type: string
enum:
- CAMPAIGN
description: The type of object that is being referenced.
example: CAMPAIGN
campaignType:
type: string
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
description: The type of the campaign.
example: MANAGER
description:
type: string
description: The description of the campaign set by the admin who created it.
nullable: true
example: A description of the campaign
correlatedStatus:
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
completed:
type: boolean
description: Have all decisions been made?
example: true
identitiesCompleted:
type: integer
description: The number of identities for whom all decisions have been made and are complete.
example: 5
format: int32
identitiesTotal:
type: integer
description: 'The total number of identities in the Certification, both complete and incomplete.'
example: 10
format: int32
created:
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: created date
modified:
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: modified date
decisionsMade:
type: integer
description: The number of approve/revoke/acknowledge decisions that have been made.
example: 20
format: int32
decisionsTotal:
type: integer
description: The total number of approve/revoke/acknowledge decisions.
example: 40
format: int32
due:
type: string
format: date-time
description: The due date of the certification.
example: '2018-10-19T13:49:37.385Z'
signed:
type: string
format: date-time
nullable: true
description: The date the reviewer signed off on the Certification.
example: '2018-10-19T13:49:37.385Z'
reviewer:
type: object
properties:
id:
type: string
description: The id of the reviewer.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the reviewer.
example: Reviewer Name
email:
type: string
description: The email of the reviewing identity.
example: reviewer@test.com
type:
type: string
enum:
- IDENTITY
description: The type of the reviewing identity.
example: IDENTITY
created:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The created date of the reviewing identity.
modified:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The modified date of the reviewing identity.
reassignment:
type: object
nullable: true
properties:
from:
type: object
properties:
id:
type: string
description: The id of the certification.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the certification.
example: Certification Name
type:
type: string
enum:
- CERTIFICATION
example: CERTIFICATION
reviewer:
type: object
properties:
id:
type: string
description: The id of the reviewer.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the reviewer.
example: Reviewer Name
email:
type: string
description: The email of the reviewing identity.
example: reviewer@test.com
type:
type: string
enum:
- IDENTITY
description: The type of the reviewing identity.
example: IDENTITY
created:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The created date of the reviewing identity.
modified:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The modified date of the reviewing identity.
comment:
type: string
description: The comment entered when the Certification was reassigned
example: Reassigned for a reason
hasErrors:
description: Identifies if the certification has an error
type: boolean
example: false
errorMessage:
description: Description of the certification error
nullable: true
type: string
example: The certification has an error
phase:
type: string
description: |
The current phase of the campaign.
* `STAGED`: The campaign is waiting to be activated.
* `ACTIVE`: The campaign is active.
* `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete.
enum:
- STAGED
- ACTIVE
- SIGNED
example: ACTIVE
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/certifications/{id}/access-review-items':
get:
operationId: listIdentityAccessReviewItems
tags:
- Certifications
summary: List of Access Review Items
description: This API returns a list of access review items for an identity campaign certification. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The identity campaign certification ID
example: ef38f94347e94562b5bb8424a56397d8
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
required: false
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**type**: *eq*
**access.type**: *eq*
**completed**: *eq, ne*
**identitySummary.id**: *eq, in*
**identitySummary.name**: *eq, sw*
**access.id**: *eq, in*
**access.name**: *eq, sw*
**entitlement.sourceName**: *eq, sw*
**accessProfile.sourceName**: *eq, sw*
example: id eq "ef38f94347e94562b5bb8424a56397d8"
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
example: 'access.name,-accessProfile.sourceName'
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **identitySummary.name, access.name, access.type, entitlement.sourceName, accessProfile.sourceName**
- in: query
name: entitlements
required: false
schema:
type: string
example: identityEntitlement
description: |-
Filter results to view access review items that pertain to any of the specified comma-separated entitlement IDs.
An error will occur if this param is used with **access-profiles** or **roles** as only one of these query params can be used at a time.
- in: query
name: access-profiles
required: false
schema:
type: string
example: accessProfile1
description: |-
Filter results to view access review items that pertain to any of the specified comma-separated access-profle IDs.
An error will occur if this param is used with **entitlements** or **roles** as only one of these query params can be used at a time.
- in: query
name: roles
required: false
schema:
type: string
example: userRole
description: |-
Filter results to view access review items that pertain to any of the specified comma-separated role IDs.
An error will occur if this param is used with **entitlements** or **access-profiles** as only one of these query params can be used at a time.
responses:
'200':
description: A list of access review items
content:
application/json:
schema:
type: array
items:
type: object
properties:
accessSummary:
type: object
description: An object holding the access that is being reviewed
properties:
access:
type: object
properties:
type:
description: The type of item being certified
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: The ID of the item being certified
example: 2c9180867160846801719932c5153fb7
name:
type: string
description: The name of the item being certified
example: Entitlement for Company Database
entitlement:
type: object
nullable: true
properties:
id:
type: string
description: The id for the entitlement
example: 2c918085718230600171993742c63558
name:
type: string
description: The name of the entitlement
example: CN=entitlement.bbb7c650
description:
nullable: true
type: string
description: Information about the entitlement
example: Gives read/write access to the company database
privileged:
type: boolean
example: false
default: false
description: Indicates if the entitlement is a privileged entitlement
owner:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only
example: IDENTITY
id:
type: string
description: Identity id.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Human-readable display name of identity. This is read-only
example: Alison Ferguso
email:
type: string
description: Email address of identity. This is read-only
example: alison.ferguso@identitysoon.com
attributeName:
type: string
description: The name of the attribute on the source
example: memberOf
attributeValue:
type: string
description: The value of the attribute on the source
example: CN=entitlement.bbb7c650
sourceSchemaObjectType:
type: string
description: The schema object type on the source used to represent the entitlement and its attributes
example: groups
sourceName:
type: string
description: The name of the source for which this entitlement belongs
example: ODS-AD-Source
sourceType:
type: string
description: The type of the source for which the entitlement belongs
example: Active Directory - Direct
sourceId:
type: string
description: The ID of the source for which the entitlement belongs
example: 78ca6be511cb41fbb86dba2fcca7780c
hasPermissions:
type: boolean
default: false
description: Indicates if the entitlement has permissions
example: false
isPermission:
type: boolean
default: false
description: Indicates if the entitlement is a representation of an account permission
example: false
revocable:
type: boolean
default: false
description: Indicates whether the entitlement can be revoked
example: true
cloudGoverned:
type: boolean
default: false
description: True if the entitlement is cloud governed
example: false
containsDataAccess:
type: boolean
description: True if the entitlement has DAS data
default: false
example: true
dataAccess:
type: object
description: DAS data for the entitlement
nullable: true
properties:
policies:
type: array
description: List of classification policies that apply to resources the entitlement \ groups has access to
items:
type: object
properties:
value:
type: string
description: Value of the policy
example: GDPR-20
categories:
type: array
description: List of classification categories that apply to resources the entitlement \ groups has access to
items:
type: object
properties:
value:
type: string
description: Value of the category
example: email-7
matchCount:
type: integer
description: Number of matched for each category
example: 10
impactScore:
type: object
properties:
value:
type: string
description: Impact Score for this data
example: Medium
account:
type: object
nullable: true
description: Information about the status of the entitlement
properties:
nativeIdentity:
type: string
description: The native identity for this account
example: CN=Alison Ferguso
disabled:
type: boolean
default: false
example: false
description: Indicates whether this account is currently disabled
locked:
type: boolean
default: false
example: false
description: Indicates whether this account is currently locked
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
nullable: true
type: string
description: The id associated with the account
example: 2c9180857182305e0171993737eb29e6
name:
nullable: true
type: string
description: The account name
example: Alison Ferguso
created:
nullable: true
type: string
format: date-time
description: When the account was created
example: '2020-04-20T20:11:05.067Z'
modified:
nullable: true
type: string
format: date-time
description: When the account was last modified
example: '2020-05-20T18:57:16.987Z'
activityInsights:
type: object
description: Insights into account activity
properties:
accountID:
type: string
description: UUID of the account
example: c4ddd5421d8549f0abd309162cafd3b1
usageDays:
type: integer
format: int32
minimum: 0
maximum: 90
description: The number of days of activity
example: 45
usageDaysState:
type: string
enum:
- COMPLETE
- UNKNOWN
description: Status indicating if the activity is complete or unknown
example: COMPLETE
accessProfile:
type: object
properties:
id:
type: string
description: The id of the Access Profile
example: 2c91808a7190d06e01719938fcd20792
name:
type: string
description: Name of the Access Profile
example: Employee-database-read-write
description:
type: string
description: Information about the Access Profile
example: Collection of entitlements to read/write the employee database
privileged:
type: boolean
description: Indicates if the entitlement is a privileged entitlement
example: false
cloudGoverned:
type: boolean
description: True if the entitlement is cloud governed
example: false
endDate:
nullable: true
type: string
format: date-time
description: The date at which a user's access expires
example: '2021-12-25T00:00:00.000Z'
owner:
description: Owner of the Access Profile
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only
example: IDENTITY
id:
type: string
description: Identity id.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Human-readable display name of identity. This is read-only
example: Alison Ferguso
email:
type: string
description: Email address of identity. This is read-only
example: alison.ferguso@identitysoon.com
entitlements:
type: array
description: A list of entitlements associated with this Access Profile
items:
type: object
nullable: true
properties:
id:
type: string
description: The id for the entitlement
example: 2c918085718230600171993742c63558
name:
type: string
description: The name of the entitlement
example: CN=entitlement.bbb7c650
description:
nullable: true
type: string
description: Information about the entitlement
example: Gives read/write access to the company database
privileged:
type: boolean
example: false
default: false
description: Indicates if the entitlement is a privileged entitlement
owner:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only
example: IDENTITY
id:
type: string
description: Identity id.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Human-readable display name of identity. This is read-only
example: Alison Ferguso
email:
type: string
description: Email address of identity. This is read-only
example: alison.ferguso@identitysoon.com
attributeName:
type: string
description: The name of the attribute on the source
example: memberOf
attributeValue:
type: string
description: The value of the attribute on the source
example: CN=entitlement.bbb7c650
sourceSchemaObjectType:
type: string
description: The schema object type on the source used to represent the entitlement and its attributes
example: groups
sourceName:
type: string
description: The name of the source for which this entitlement belongs
example: ODS-AD-Source
sourceType:
type: string
description: The type of the source for which the entitlement belongs
example: Active Directory - Direct
sourceId:
type: string
description: The ID of the source for which the entitlement belongs
example: 78ca6be511cb41fbb86dba2fcca7780c
hasPermissions:
type: boolean
default: false
description: Indicates if the entitlement has permissions
example: false
isPermission:
type: boolean
default: false
description: Indicates if the entitlement is a representation of an account permission
example: false
revocable:
type: boolean
default: false
description: Indicates whether the entitlement can be revoked
example: true
cloudGoverned:
type: boolean
default: false
description: True if the entitlement is cloud governed
example: false
containsDataAccess:
type: boolean
description: True if the entitlement has DAS data
default: false
example: true
dataAccess:
type: object
description: DAS data for the entitlement
nullable: true
properties:
policies:
type: array
description: List of classification policies that apply to resources the entitlement \ groups has access to
items:
type: object
properties:
value:
type: string
description: Value of the policy
example: GDPR-20
categories:
type: array
description: List of classification categories that apply to resources the entitlement \ groups has access to
items:
type: object
properties:
value:
type: string
description: Value of the category
example: email-7
matchCount:
type: integer
description: Number of matched for each category
example: 10
impactScore:
type: object
properties:
value:
type: string
description: Impact Score for this data
example: Medium
account:
type: object
nullable: true
description: Information about the status of the entitlement
properties:
nativeIdentity:
type: string
description: The native identity for this account
example: CN=Alison Ferguso
disabled:
type: boolean
default: false
example: false
description: Indicates whether this account is currently disabled
locked:
type: boolean
default: false
example: false
description: Indicates whether this account is currently locked
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
nullable: true
type: string
description: The id associated with the account
example: 2c9180857182305e0171993737eb29e6
name:
nullable: true
type: string
description: The account name
example: Alison Ferguso
created:
nullable: true
type: string
format: date-time
description: When the account was created
example: '2020-04-20T20:11:05.067Z'
modified:
nullable: true
type: string
format: date-time
description: When the account was last modified
example: '2020-05-20T18:57:16.987Z'
activityInsights:
type: object
description: Insights into account activity
properties:
accountID:
type: string
description: UUID of the account
example: c4ddd5421d8549f0abd309162cafd3b1
usageDays:
type: integer
format: int32
minimum: 0
maximum: 90
description: The number of days of activity
example: 45
usageDaysState:
type: string
enum:
- COMPLETE
- UNKNOWN
description: Status indicating if the activity is complete or unknown
example: COMPLETE
created:
type: string
description: Date the Access Profile was created.
format: date-time
example: '2021-01-01T22:32:58.104Z'
modified:
type: string
description: Date the Access Profile was last modified.
format: date-time
example: '2021-02-01T22:32:58.104Z'
role:
type: object
nullable: true
properties:
id:
type: string
description: The id for the Role
example: 2c91808a7190d06e0171993907fd0794
name:
type: string
description: The name of the Role
example: Accounting-Employees
description:
type: string
description: Information about the Role
example: Role for members of the accounting department with the necessary Access Profiles
privileged:
type: boolean
description: Indicates if the entitlement is a privileged entitlement
example: false
owner:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only
example: IDENTITY
id:
type: string
description: Identity id.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Human-readable display name of identity. This is read-only
example: Alison Ferguso
email:
type: string
description: Email address of identity. This is read-only
example: alison.ferguso@identitysoon.com
revocable:
type: boolean
description: Indicates whether the Role can be revoked or requested
example: false
endDate:
type: string
format: date-time
description: The date when a user's access expires.
example: '2021-12-25T00:00:00.000Z'
accessProfiles:
type: array
description: The list of Access Profiles associated with this Role
items:
type: object
properties:
id:
type: string
description: The id of the Access Profile
example: 2c91808a7190d06e01719938fcd20792
name:
type: string
description: Name of the Access Profile
example: Employee-database-read-write
description:
type: string
description: Information about the Access Profile
example: Collection of entitlements to read/write the employee database
privileged:
type: boolean
description: Indicates if the entitlement is a privileged entitlement
example: false
cloudGoverned:
type: boolean
description: True if the entitlement is cloud governed
example: false
endDate:
nullable: true
type: string
format: date-time
description: The date at which a user's access expires
example: '2021-12-25T00:00:00.000Z'
owner:
description: Owner of the Access Profile
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only
example: IDENTITY
id:
type: string
description: Identity id.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Human-readable display name of identity. This is read-only
example: Alison Ferguso
email:
type: string
description: Email address of identity. This is read-only
example: alison.ferguso@identitysoon.com
entitlements:
type: array
description: A list of entitlements associated with this Access Profile
items:
type: object
nullable: true
properties:
id:
type: string
description: The id for the entitlement
example: 2c918085718230600171993742c63558
name:
type: string
description: The name of the entitlement
example: CN=entitlement.bbb7c650
description:
nullable: true
type: string
description: Information about the entitlement
example: Gives read/write access to the company database
privileged:
type: boolean
example: false
default: false
description: Indicates if the entitlement is a privileged entitlement
owner:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only
example: IDENTITY
id:
type: string
description: Identity id.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Human-readable display name of identity. This is read-only
example: Alison Ferguso
email:
type: string
description: Email address of identity. This is read-only
example: alison.ferguso@identitysoon.com
attributeName:
type: string
description: The name of the attribute on the source
example: memberOf
attributeValue:
type: string
description: The value of the attribute on the source
example: CN=entitlement.bbb7c650
sourceSchemaObjectType:
type: string
description: The schema object type on the source used to represent the entitlement and its attributes
example: groups
sourceName:
type: string
description: The name of the source for which this entitlement belongs
example: ODS-AD-Source
sourceType:
type: string
description: The type of the source for which the entitlement belongs
example: Active Directory - Direct
sourceId:
type: string
description: The ID of the source for which the entitlement belongs
example: 78ca6be511cb41fbb86dba2fcca7780c
hasPermissions:
type: boolean
default: false
description: Indicates if the entitlement has permissions
example: false
isPermission:
type: boolean
default: false
description: Indicates if the entitlement is a representation of an account permission
example: false
revocable:
type: boolean
default: false
description: Indicates whether the entitlement can be revoked
example: true
cloudGoverned:
type: boolean
default: false
description: True if the entitlement is cloud governed
example: false
containsDataAccess:
type: boolean
description: True if the entitlement has DAS data
default: false
example: true
dataAccess:
type: object
description: DAS data for the entitlement
nullable: true
properties:
policies:
type: array
description: List of classification policies that apply to resources the entitlement \ groups has access to
items:
type: object
properties:
value:
type: string
description: Value of the policy
example: GDPR-20
categories:
type: array
description: List of classification categories that apply to resources the entitlement \ groups has access to
items:
type: object
properties:
value:
type: string
description: Value of the category
example: email-7
matchCount:
type: integer
description: Number of matched for each category
example: 10
impactScore:
type: object
properties:
value:
type: string
description: Impact Score for this data
example: Medium
account:
type: object
nullable: true
description: Information about the status of the entitlement
properties:
nativeIdentity:
type: string
description: The native identity for this account
example: CN=Alison Ferguso
disabled:
type: boolean
default: false
example: false
description: Indicates whether this account is currently disabled
locked:
type: boolean
default: false
example: false
description: Indicates whether this account is currently locked
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
nullable: true
type: string
description: The id associated with the account
example: 2c9180857182305e0171993737eb29e6
name:
nullable: true
type: string
description: The account name
example: Alison Ferguso
created:
nullable: true
type: string
format: date-time
description: When the account was created
example: '2020-04-20T20:11:05.067Z'
modified:
nullable: true
type: string
format: date-time
description: When the account was last modified
example: '2020-05-20T18:57:16.987Z'
activityInsights:
type: object
description: Insights into account activity
properties:
accountID:
type: string
description: UUID of the account
example: c4ddd5421d8549f0abd309162cafd3b1
usageDays:
type: integer
format: int32
minimum: 0
maximum: 90
description: The number of days of activity
example: 45
usageDaysState:
type: string
enum:
- COMPLETE
- UNKNOWN
description: Status indicating if the activity is complete or unknown
example: COMPLETE
created:
type: string
description: Date the Access Profile was created.
format: date-time
example: '2021-01-01T22:32:58.104Z'
modified:
type: string
description: Date the Access Profile was last modified.
format: date-time
example: '2021-02-01T22:32:58.104Z'
entitlements:
type: array
description: The list of entitlements associated with this Role
items:
type: object
nullable: true
properties:
id:
type: string
description: The id for the entitlement
example: 2c918085718230600171993742c63558
name:
type: string
description: The name of the entitlement
example: CN=entitlement.bbb7c650
description:
nullable: true
type: string
description: Information about the entitlement
example: Gives read/write access to the company database
privileged:
type: boolean
example: false
default: false
description: Indicates if the entitlement is a privileged entitlement
owner:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only
example: IDENTITY
id:
type: string
description: Identity id.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Human-readable display name of identity. This is read-only
example: Alison Ferguso
email:
type: string
description: Email address of identity. This is read-only
example: alison.ferguso@identitysoon.com
attributeName:
type: string
description: The name of the attribute on the source
example: memberOf
attributeValue:
type: string
description: The value of the attribute on the source
example: CN=entitlement.bbb7c650
sourceSchemaObjectType:
type: string
description: The schema object type on the source used to represent the entitlement and its attributes
example: groups
sourceName:
type: string
description: The name of the source for which this entitlement belongs
example: ODS-AD-Source
sourceType:
type: string
description: The type of the source for which the entitlement belongs
example: Active Directory - Direct
sourceId:
type: string
description: The ID of the source for which the entitlement belongs
example: 78ca6be511cb41fbb86dba2fcca7780c
hasPermissions:
type: boolean
default: false
description: Indicates if the entitlement has permissions
example: false
isPermission:
type: boolean
default: false
description: Indicates if the entitlement is a representation of an account permission
example: false
revocable:
type: boolean
default: false
description: Indicates whether the entitlement can be revoked
example: true
cloudGoverned:
type: boolean
default: false
description: True if the entitlement is cloud governed
example: false
containsDataAccess:
type: boolean
description: True if the entitlement has DAS data
default: false
example: true
dataAccess:
type: object
description: DAS data for the entitlement
nullable: true
properties:
policies:
type: array
description: List of classification policies that apply to resources the entitlement \ groups has access to
items:
type: object
properties:
value:
type: string
description: Value of the policy
example: GDPR-20
categories:
type: array
description: List of classification categories that apply to resources the entitlement \ groups has access to
items:
type: object
properties:
value:
type: string
description: Value of the category
example: email-7
matchCount:
type: integer
description: Number of matched for each category
example: 10
impactScore:
type: object
properties:
value:
type: string
description: Impact Score for this data
example: Medium
account:
type: object
nullable: true
description: Information about the status of the entitlement
properties:
nativeIdentity:
type: string
description: The native identity for this account
example: CN=Alison Ferguso
disabled:
type: boolean
default: false
example: false
description: Indicates whether this account is currently disabled
locked:
type: boolean
default: false
example: false
description: Indicates whether this account is currently locked
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
nullable: true
type: string
description: The id associated with the account
example: 2c9180857182305e0171993737eb29e6
name:
nullable: true
type: string
description: The account name
example: Alison Ferguso
created:
nullable: true
type: string
format: date-time
description: When the account was created
example: '2020-04-20T20:11:05.067Z'
modified:
nullable: true
type: string
format: date-time
description: When the account was last modified
example: '2020-05-20T18:57:16.987Z'
activityInsights:
type: object
description: Insights into account activity
properties:
accountID:
type: string
description: UUID of the account
example: c4ddd5421d8549f0abd309162cafd3b1
usageDays:
type: integer
format: int32
minimum: 0
maximum: 90
description: The number of days of activity
example: 45
usageDaysState:
type: string
enum:
- COMPLETE
- UNKNOWN
description: Status indicating if the activity is complete or unknown
example: COMPLETE
identitySummary:
type: object
properties:
id:
type: string
description: The ID of the identity summary
example: 2c91808772a504f50172a9540e501ba7
name:
type: string
description: Name of the linked identity
example: Alison Ferguso
identityId:
type: string
description: The ID of the identity being certified
example: 2c9180857182306001719937377a33de
completed:
type: boolean
description: Indicates whether the review items for the linked identity's certification have been completed
example: true
id:
type: string
description: The review item's id
example: ef38f94347e94562b5bb8424a56397d8
completed:
type: boolean
description: Whether the review item is complete
example: false
newAccess:
type: boolean
description: Indicates whether the review item is for new access to a source
example: false
decision:
type: string
description: The decision to approve or revoke the review item
enum:
- APPROVE
- REVOKE
example: APPROVE
comments:
nullable: true
type: string
description: Comments for this review item
example: This user still needs access to this source
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/certifications/{id}/decide':
post:
operationId: makeIdentityDecision
tags:
- Certifications
summary: Decide on a Certification Item
description: The API makes a decision to approve or revoke one or more identity campaign certification items. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the identity campaign certification on which to make decisions
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
description: A non-empty array of decisions to be made.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The id of the review decision
example: ef38f94347e94562b5bb8424a56397d8
decision:
type: string
description: The decision to approve or revoke the review item
enum:
- APPROVE
- REVOKE
example: APPROVE
proposedEndDate:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
description: The date at which a user's access should be taken away. Should only be set for `REVOKE` decisions.
bulk:
type: boolean
description: Indicates whether decision should be marked as part of a larger bulk decision
example: true
recommendation:
nullable: true
type: object
properties:
recommendation:
type: string
description: The recommendation from IAI at the time of the decision. This field will be null if no recommendation was made.
example: null
nullable: true
reasons:
type: array
items:
type: string
description: A list of reasons for the recommendation.
example:
- Reason 1
- Reason 2
timestamp:
type: string
format: date-time
description: The time at which the recommendation was recorded.
example: '2020-06-01T13:49:37.385Z'
comments:
type: string
description: Comments recorded when the decision was made
example: This user no longer needs access to this source
required:
- id
- decision
- bulk
minItems: 1
maxItems: 250
example:
- id: ef38f94347e94562b5bb8424a56396b5
decision: APPROVE
bulk: true
comments: This user still needs access to this source.
- id: ef38f94347e94562b5bb8424a56397d8
decision: APPROVE
bulk: true
comments: This user still needs access to this source too.
responses:
'200':
description: An identity campaign certification object
content:
application/json:
schema:
type: object
properties:
id:
example: 2c9180835d2e5168015d32f890ca1581
type: string
description: id of the certification
name:
example: 'Source Owner Access Review for Employees [source]'
type: string
description: name of the certification
campaign:
type: object
required:
- id
- name
- type
- campaignType
- description
- correlatedStatus
- mandatoryCommentRequirement
properties:
id:
type: string
description: The unique ID of the campaign.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the campaign.
example: Campaign Name
type:
type: string
enum:
- CAMPAIGN
description: The type of object that is being referenced.
example: CAMPAIGN
campaignType:
type: string
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
description: The type of the campaign.
example: MANAGER
description:
type: string
description: The description of the campaign set by the admin who created it.
nullable: true
example: A description of the campaign
correlatedStatus:
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
completed:
type: boolean
description: Have all decisions been made?
example: true
identitiesCompleted:
type: integer
description: The number of identities for whom all decisions have been made and are complete.
example: 5
format: int32
identitiesTotal:
type: integer
description: 'The total number of identities in the Certification, both complete and incomplete.'
example: 10
format: int32
created:
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: created date
modified:
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: modified date
decisionsMade:
type: integer
description: The number of approve/revoke/acknowledge decisions that have been made.
example: 20
format: int32
decisionsTotal:
type: integer
description: The total number of approve/revoke/acknowledge decisions.
example: 40
format: int32
due:
type: string
format: date-time
description: The due date of the certification.
example: '2018-10-19T13:49:37.385Z'
signed:
type: string
format: date-time
nullable: true
description: The date the reviewer signed off on the Certification.
example: '2018-10-19T13:49:37.385Z'
reviewer:
type: object
properties:
id:
type: string
description: The id of the reviewer.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the reviewer.
example: Reviewer Name
email:
type: string
description: The email of the reviewing identity.
example: reviewer@test.com
type:
type: string
enum:
- IDENTITY
description: The type of the reviewing identity.
example: IDENTITY
created:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The created date of the reviewing identity.
modified:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The modified date of the reviewing identity.
reassignment:
type: object
nullable: true
properties:
from:
type: object
properties:
id:
type: string
description: The id of the certification.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the certification.
example: Certification Name
type:
type: string
enum:
- CERTIFICATION
example: CERTIFICATION
reviewer:
type: object
properties:
id:
type: string
description: The id of the reviewer.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the reviewer.
example: Reviewer Name
email:
type: string
description: The email of the reviewing identity.
example: reviewer@test.com
type:
type: string
enum:
- IDENTITY
description: The type of the reviewing identity.
example: IDENTITY
created:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The created date of the reviewing identity.
modified:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The modified date of the reviewing identity.
comment:
type: string
description: The comment entered when the Certification was reassigned
example: Reassigned for a reason
hasErrors:
description: Identifies if the certification has an error
type: boolean
example: false
errorMessage:
description: Description of the certification error
nullable: true
type: string
example: The certification has an error
phase:
type: string
description: |
The current phase of the campaign.
* `STAGED`: The campaign is waiting to be activated.
* `ACTIVE`: The campaign is active.
* `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete.
enum:
- STAGED
- ACTIVE
- SIGNED
example: ACTIVE
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/certifications/{id}/reassign':
post:
operationId: reassignIdentityCertifications
tags:
- Certifications
summary: Reassign Identities or Items
description: This API reassigns up to 50 identities or items in an identity campaign certification to another reviewer. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The identity campaign certification ID
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
reassign:
type: array
items:
type: object
properties:
id:
type: string
description: The ID of item or identity being reassigned.
example: ef38f94347e94562b5bb8424a56397d8
type:
type: string
description: The type of item or identity being reassigned.
enum:
- TARGET_SUMMARY
- ITEM
- IDENTITY_SUMMARY
example: ITEM
required:
- id
- type
reassignTo:
type: string
description: The ID of the identity to which the certification is reassigned
example: ef38f94347e94562b5bb8424a56397d8
reason:
type: string
description: The reason comment for why the reassign was made
example: reassigned for some reason
required:
- reassign
- reassignTo
- reason
responses:
'200':
description: An identity campaign certification details after completing the reassignment.
content:
application/json:
schema:
type: object
properties:
id:
example: 2c9180835d2e5168015d32f890ca1581
type: string
description: id of the certification
name:
example: 'Source Owner Access Review for Employees [source]'
type: string
description: name of the certification
campaign:
type: object
required:
- id
- name
- type
- campaignType
- description
- correlatedStatus
- mandatoryCommentRequirement
properties:
id:
type: string
description: The unique ID of the campaign.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the campaign.
example: Campaign Name
type:
type: string
enum:
- CAMPAIGN
description: The type of object that is being referenced.
example: CAMPAIGN
campaignType:
type: string
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
description: The type of the campaign.
example: MANAGER
description:
type: string
description: The description of the campaign set by the admin who created it.
nullable: true
example: A description of the campaign
correlatedStatus:
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
completed:
type: boolean
description: Have all decisions been made?
example: true
identitiesCompleted:
type: integer
description: The number of identities for whom all decisions have been made and are complete.
example: 5
format: int32
identitiesTotal:
type: integer
description: 'The total number of identities in the Certification, both complete and incomplete.'
example: 10
format: int32
created:
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: created date
modified:
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: modified date
decisionsMade:
type: integer
description: The number of approve/revoke/acknowledge decisions that have been made.
example: 20
format: int32
decisionsTotal:
type: integer
description: The total number of approve/revoke/acknowledge decisions.
example: 40
format: int32
due:
type: string
format: date-time
description: The due date of the certification.
example: '2018-10-19T13:49:37.385Z'
signed:
type: string
format: date-time
nullable: true
description: The date the reviewer signed off on the Certification.
example: '2018-10-19T13:49:37.385Z'
reviewer:
type: object
properties:
id:
type: string
description: The id of the reviewer.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the reviewer.
example: Reviewer Name
email:
type: string
description: The email of the reviewing identity.
example: reviewer@test.com
type:
type: string
enum:
- IDENTITY
description: The type of the reviewing identity.
example: IDENTITY
created:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The created date of the reviewing identity.
modified:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The modified date of the reviewing identity.
reassignment:
type: object
nullable: true
properties:
from:
type: object
properties:
id:
type: string
description: The id of the certification.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the certification.
example: Certification Name
type:
type: string
enum:
- CERTIFICATION
example: CERTIFICATION
reviewer:
type: object
properties:
id:
type: string
description: The id of the reviewer.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the reviewer.
example: Reviewer Name
email:
type: string
description: The email of the reviewing identity.
example: reviewer@test.com
type:
type: string
enum:
- IDENTITY
description: The type of the reviewing identity.
example: IDENTITY
created:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The created date of the reviewing identity.
modified:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The modified date of the reviewing identity.
comment:
type: string
description: The comment entered when the Certification was reassigned
example: Reassigned for a reason
hasErrors:
description: Identifies if the certification has an error
type: boolean
example: false
errorMessage:
description: Description of the certification error
nullable: true
type: string
example: The certification has an error
phase:
type: string
description: |
The current phase of the campaign.
* `STAGED`: The campaign is waiting to be activated.
* `ACTIVE`: The campaign is active.
* `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete.
enum:
- STAGED
- ACTIVE
- SIGNED
example: ACTIVE
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/certifications/{id}/sign-off':
post:
operationId: signOffIdentityCertification
tags:
- Certifications
summary: Finalize Identity Certification Decisions
description: This API finalizes all decisions made on an identity campaign certification and initiates any remediations required. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The identity campaign certification ID
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: An identity campaign certification object
content:
application/json:
schema:
type: object
properties:
id:
example: 2c9180835d2e5168015d32f890ca1581
type: string
description: id of the certification
name:
example: 'Source Owner Access Review for Employees [source]'
type: string
description: name of the certification
campaign:
type: object
required:
- id
- name
- type
- campaignType
- description
- correlatedStatus
- mandatoryCommentRequirement
properties:
id:
type: string
description: The unique ID of the campaign.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the campaign.
example: Campaign Name
type:
type: string
enum:
- CAMPAIGN
description: The type of object that is being referenced.
example: CAMPAIGN
campaignType:
type: string
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
description: The type of the campaign.
example: MANAGER
description:
type: string
description: The description of the campaign set by the admin who created it.
nullable: true
example: A description of the campaign
correlatedStatus:
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
completed:
type: boolean
description: Have all decisions been made?
example: true
identitiesCompleted:
type: integer
description: The number of identities for whom all decisions have been made and are complete.
example: 5
format: int32
identitiesTotal:
type: integer
description: 'The total number of identities in the Certification, both complete and incomplete.'
example: 10
format: int32
created:
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: created date
modified:
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: modified date
decisionsMade:
type: integer
description: The number of approve/revoke/acknowledge decisions that have been made.
example: 20
format: int32
decisionsTotal:
type: integer
description: The total number of approve/revoke/acknowledge decisions.
example: 40
format: int32
due:
type: string
format: date-time
description: The due date of the certification.
example: '2018-10-19T13:49:37.385Z'
signed:
type: string
format: date-time
nullable: true
description: The date the reviewer signed off on the Certification.
example: '2018-10-19T13:49:37.385Z'
reviewer:
type: object
properties:
id:
type: string
description: The id of the reviewer.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the reviewer.
example: Reviewer Name
email:
type: string
description: The email of the reviewing identity.
example: reviewer@test.com
type:
type: string
enum:
- IDENTITY
description: The type of the reviewing identity.
example: IDENTITY
created:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The created date of the reviewing identity.
modified:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The modified date of the reviewing identity.
reassignment:
type: object
nullable: true
properties:
from:
type: object
properties:
id:
type: string
description: The id of the certification.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the certification.
example: Certification Name
type:
type: string
enum:
- CERTIFICATION
example: CERTIFICATION
reviewer:
type: object
properties:
id:
type: string
description: The id of the reviewer.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the reviewer.
example: Reviewer Name
email:
type: string
description: The email of the reviewing identity.
example: reviewer@test.com
type:
type: string
enum:
- IDENTITY
description: The type of the reviewing identity.
example: IDENTITY
created:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The created date of the reviewing identity.
modified:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The modified date of the reviewing identity.
comment:
type: string
description: The comment entered when the Certification was reassigned
example: Reassigned for a reason
hasErrors:
description: Identifies if the certification has an error
type: boolean
example: false
errorMessage:
description: Description of the certification error
nullable: true
type: string
example: The certification has an error
phase:
type: string
description: |
The current phase of the campaign.
* `STAGED`: The campaign is waiting to be activated.
* `ACTIVE`: The campaign is active.
* `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete.
enum:
- STAGED
- ACTIVE
- SIGNED
example: ACTIVE
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/certifications/{id}/decision-summary':
get:
operationId: getIdentityDecisionSummary
tags:
- Certification Summaries
summary: Summary of Certification Decisions
description: This API returns a summary of the decisions made on an identity campaign certification. The decisions are summarized by type. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The certification ID
example: ef38f94347e94562b5bb8424a56397d8
- in: query
name: filters
required: false
schema:
type: string
example: identitySummary.id eq "ef38f94347e94562b5bb8424a56397d8"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**identitySummary.id**: *eq, in*
responses:
'200':
description: Summary of the decisions made
content:
application/json:
schema:
type: object
properties:
entitlementDecisionsMade:
type: integer
description: Number of entitlement decisions that have been made
example: 3
format: int32
accessProfileDecisionsMade:
type: integer
description: Number of access profile decisions that have been made
example: 5
format: int32
roleDecisionsMade:
type: integer
description: Number of role decisions that have been made
example: 2
format: int32
accountDecisionsMade:
type: integer
description: Number of account decisions that have been made
example: 4
format: int32
entitlementDecisionsTotal:
type: integer
description: 'The total number of entitlement decisions on the certification, both complete and incomplete'
example: 6
format: int32
accessProfileDecisionsTotal:
type: integer
description: 'The total number of access profile decisions on the certification, both complete and incomplete'
example: 10
format: int32
roleDecisionsTotal:
type: integer
description: 'The total number of role decisions on the certification, both complete and incomplete'
example: 4
format: int32
accountDecisionsTotal:
type: integer
description: 'The total number of account decisions on the certification, both complete and incomplete'
example: 8
format: int32
entitlementsApproved:
type: integer
description: The number of entitlement decisions that have been made which were approved
example: 2
format: int32
entitlementsRevoked:
type: integer
description: The number of entitlement decisions that have been made which were revoked
example: 1
format: int32
accessProfilesApproved:
type: integer
description: The number of access profile decisions that have been made which were approved
example: 3
format: int32
accessProfilesRevoked:
type: integer
description: The number of access profile decisions that have been made which were revoked
example: 2
format: int32
rolesApproved:
type: integer
description: The number of role decisions that have been made which were approved
example: 2
format: int32
rolesRevoked:
type: integer
description: The number of role decisions that have been made which were revoked
example: 0
format: int32
accountsApproved:
type: integer
description: The number of account decisions that have been made which were approved
example: 1
format: int32
accountsRevoked:
type: integer
description: The number of account decisions that have been made which were revoked
example: 3
format: int32
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/certifications/{id}/identity-summaries':
get:
operationId: getIdentitySummaries
tags:
- Certification Summaries
summary: Identity Summaries for Campaign Certification
description: This API returns a list of the identity summaries for a specific identity campaign certification. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The identity campaign certification ID
example: ef38f94347e94562b5bb8424a56397d8
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
required: false
schema:
type: string
example: id eq "ef38f94347e94562b5bb8424a56397d8"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**completed**: *eq, ne*
**name**: *eq, sw*
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
example: name
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name**
responses:
'200':
description: List of identity summaries
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The ID of the identity summary
example: 2c91808772a504f50172a9540e501ba7
name:
type: string
description: Name of the linked identity
example: Alison Ferguso
identityId:
type: string
description: The ID of the identity being certified
example: 2c9180857182306001719937377a33de
completed:
type: boolean
description: Indicates whether the review items for the linked identity's certification have been completed
example: true
example:
- id: 2c91808772a504f50172a9540e501ba7
name: Aaron Grey
identityId: 2c9180857182306001719937379633e4
completed: false
- id: 2c91808772a504f50172a9540e501ba8
name: Aglae Wilson
identityId: 2c9180857182306001719937377a33de
completed: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/certifications/{id}/access-summaries/{type}':
get:
operationId: getIdentityAccessSummaries
tags:
- Certification Summaries
summary: Access Summaries
description: This API returns a list of access summaries for the specified identity campaign certification and type. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API.
security:
- oauth2:
- 'idn:certification:read'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The identity campaign certification ID
example: ef38f94347e94562b5bb8424a56397d8
- in: path
name: type
schema:
type: string
enum:
- ROLE
- ACCESS_PROFILE
- ENTITLEMENT
required: true
description: The type of access review item to retrieve summaries for
example: ACCESS_PROFILE
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
required: false
schema:
type: string
example: access.id eq "ef38f94347e94562b5bb8424a56397d8"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**completed**: *eq, ne*
**access.id**: *eq, in*
**access.name**: *eq, sw*
**entitlement.sourceName**: *eq, sw*
**accessProfile.sourceName**: *eq, sw*
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
example: access.name
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **access.name**
responses:
'200':
description: List of access summaries
content:
application/json:
schema:
type: array
items:
type: object
description: An object holding the access that is being reviewed
properties:
access:
type: object
properties:
type:
description: The type of item being certified
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: The ID of the item being certified
example: 2c9180867160846801719932c5153fb7
name:
type: string
description: The name of the item being certified
example: Entitlement for Company Database
entitlement:
type: object
nullable: true
properties:
id:
type: string
description: The id for the entitlement
example: 2c918085718230600171993742c63558
name:
type: string
description: The name of the entitlement
example: CN=entitlement.bbb7c650
description:
nullable: true
type: string
description: Information about the entitlement
example: Gives read/write access to the company database
privileged:
type: boolean
example: false
default: false
description: Indicates if the entitlement is a privileged entitlement
owner:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only
example: IDENTITY
id:
type: string
description: Identity id.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Human-readable display name of identity. This is read-only
example: Alison Ferguso
email:
type: string
description: Email address of identity. This is read-only
example: alison.ferguso@identitysoon.com
attributeName:
type: string
description: The name of the attribute on the source
example: memberOf
attributeValue:
type: string
description: The value of the attribute on the source
example: CN=entitlement.bbb7c650
sourceSchemaObjectType:
type: string
description: The schema object type on the source used to represent the entitlement and its attributes
example: groups
sourceName:
type: string
description: The name of the source for which this entitlement belongs
example: ODS-AD-Source
sourceType:
type: string
description: The type of the source for which the entitlement belongs
example: Active Directory - Direct
sourceId:
type: string
description: The ID of the source for which the entitlement belongs
example: 78ca6be511cb41fbb86dba2fcca7780c
hasPermissions:
type: boolean
default: false
description: Indicates if the entitlement has permissions
example: false
isPermission:
type: boolean
default: false
description: Indicates if the entitlement is a representation of an account permission
example: false
revocable:
type: boolean
default: false
description: Indicates whether the entitlement can be revoked
example: true
cloudGoverned:
type: boolean
default: false
description: True if the entitlement is cloud governed
example: false
containsDataAccess:
type: boolean
description: True if the entitlement has DAS data
default: false
example: true
dataAccess:
type: object
description: DAS data for the entitlement
nullable: true
properties:
policies:
type: array
description: List of classification policies that apply to resources the entitlement \ groups has access to
items:
type: object
properties:
value:
type: string
description: Value of the policy
example: GDPR-20
categories:
type: array
description: List of classification categories that apply to resources the entitlement \ groups has access to
items:
type: object
properties:
value:
type: string
description: Value of the category
example: email-7
matchCount:
type: integer
description: Number of matched for each category
example: 10
impactScore:
type: object
properties:
value:
type: string
description: Impact Score for this data
example: Medium
account:
type: object
nullable: true
description: Information about the status of the entitlement
properties:
nativeIdentity:
type: string
description: The native identity for this account
example: CN=Alison Ferguso
disabled:
type: boolean
default: false
example: false
description: Indicates whether this account is currently disabled
locked:
type: boolean
default: false
example: false
description: Indicates whether this account is currently locked
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
nullable: true
type: string
description: The id associated with the account
example: 2c9180857182305e0171993737eb29e6
name:
nullable: true
type: string
description: The account name
example: Alison Ferguso
created:
nullable: true
type: string
format: date-time
description: When the account was created
example: '2020-04-20T20:11:05.067Z'
modified:
nullable: true
type: string
format: date-time
description: When the account was last modified
example: '2020-05-20T18:57:16.987Z'
activityInsights:
type: object
description: Insights into account activity
properties:
accountID:
type: string
description: UUID of the account
example: c4ddd5421d8549f0abd309162cafd3b1
usageDays:
type: integer
format: int32
minimum: 0
maximum: 90
description: The number of days of activity
example: 45
usageDaysState:
type: string
enum:
- COMPLETE
- UNKNOWN
description: Status indicating if the activity is complete or unknown
example: COMPLETE
accessProfile:
type: object
properties:
id:
type: string
description: The id of the Access Profile
example: 2c91808a7190d06e01719938fcd20792
name:
type: string
description: Name of the Access Profile
example: Employee-database-read-write
description:
type: string
description: Information about the Access Profile
example: Collection of entitlements to read/write the employee database
privileged:
type: boolean
description: Indicates if the entitlement is a privileged entitlement
example: false
cloudGoverned:
type: boolean
description: True if the entitlement is cloud governed
example: false
endDate:
nullable: true
type: string
format: date-time
description: The date at which a user's access expires
example: '2021-12-25T00:00:00.000Z'
owner:
description: Owner of the Access Profile
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only
example: IDENTITY
id:
type: string
description: Identity id.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Human-readable display name of identity. This is read-only
example: Alison Ferguso
email:
type: string
description: Email address of identity. This is read-only
example: alison.ferguso@identitysoon.com
entitlements:
type: array
description: A list of entitlements associated with this Access Profile
items:
type: object
nullable: true
properties:
id:
type: string
description: The id for the entitlement
example: 2c918085718230600171993742c63558
name:
type: string
description: The name of the entitlement
example: CN=entitlement.bbb7c650
description:
nullable: true
type: string
description: Information about the entitlement
example: Gives read/write access to the company database
privileged:
type: boolean
example: false
default: false
description: Indicates if the entitlement is a privileged entitlement
owner:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only
example: IDENTITY
id:
type: string
description: Identity id.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Human-readable display name of identity. This is read-only
example: Alison Ferguso
email:
type: string
description: Email address of identity. This is read-only
example: alison.ferguso@identitysoon.com
attributeName:
type: string
description: The name of the attribute on the source
example: memberOf
attributeValue:
type: string
description: The value of the attribute on the source
example: CN=entitlement.bbb7c650
sourceSchemaObjectType:
type: string
description: The schema object type on the source used to represent the entitlement and its attributes
example: groups
sourceName:
type: string
description: The name of the source for which this entitlement belongs
example: ODS-AD-Source
sourceType:
type: string
description: The type of the source for which the entitlement belongs
example: Active Directory - Direct
sourceId:
type: string
description: The ID of the source for which the entitlement belongs
example: 78ca6be511cb41fbb86dba2fcca7780c
hasPermissions:
type: boolean
default: false
description: Indicates if the entitlement has permissions
example: false
isPermission:
type: boolean
default: false
description: Indicates if the entitlement is a representation of an account permission
example: false
revocable:
type: boolean
default: false
description: Indicates whether the entitlement can be revoked
example: true
cloudGoverned:
type: boolean
default: false
description: True if the entitlement is cloud governed
example: false
containsDataAccess:
type: boolean
description: True if the entitlement has DAS data
default: false
example: true
dataAccess:
type: object
description: DAS data for the entitlement
nullable: true
properties:
policies:
type: array
description: List of classification policies that apply to resources the entitlement \ groups has access to
items:
type: object
properties:
value:
type: string
description: Value of the policy
example: GDPR-20
categories:
type: array
description: List of classification categories that apply to resources the entitlement \ groups has access to
items:
type: object
properties:
value:
type: string
description: Value of the category
example: email-7
matchCount:
type: integer
description: Number of matched for each category
example: 10
impactScore:
type: object
properties:
value:
type: string
description: Impact Score for this data
example: Medium
account:
type: object
nullable: true
description: Information about the status of the entitlement
properties:
nativeIdentity:
type: string
description: The native identity for this account
example: CN=Alison Ferguso
disabled:
type: boolean
default: false
example: false
description: Indicates whether this account is currently disabled
locked:
type: boolean
default: false
example: false
description: Indicates whether this account is currently locked
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
nullable: true
type: string
description: The id associated with the account
example: 2c9180857182305e0171993737eb29e6
name:
nullable: true
type: string
description: The account name
example: Alison Ferguso
created:
nullable: true
type: string
format: date-time
description: When the account was created
example: '2020-04-20T20:11:05.067Z'
modified:
nullable: true
type: string
format: date-time
description: When the account was last modified
example: '2020-05-20T18:57:16.987Z'
activityInsights:
type: object
description: Insights into account activity
properties:
accountID:
type: string
description: UUID of the account
example: c4ddd5421d8549f0abd309162cafd3b1
usageDays:
type: integer
format: int32
minimum: 0
maximum: 90
description: The number of days of activity
example: 45
usageDaysState:
type: string
enum:
- COMPLETE
- UNKNOWN
description: Status indicating if the activity is complete or unknown
example: COMPLETE
created:
type: string
description: Date the Access Profile was created.
format: date-time
example: '2021-01-01T22:32:58.104Z'
modified:
type: string
description: Date the Access Profile was last modified.
format: date-time
example: '2021-02-01T22:32:58.104Z'
role:
type: object
nullable: true
properties:
id:
type: string
description: The id for the Role
example: 2c91808a7190d06e0171993907fd0794
name:
type: string
description: The name of the Role
example: Accounting-Employees
description:
type: string
description: Information about the Role
example: Role for members of the accounting department with the necessary Access Profiles
privileged:
type: boolean
description: Indicates if the entitlement is a privileged entitlement
example: false
owner:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only
example: IDENTITY
id:
type: string
description: Identity id.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Human-readable display name of identity. This is read-only
example: Alison Ferguso
email:
type: string
description: Email address of identity. This is read-only
example: alison.ferguso@identitysoon.com
revocable:
type: boolean
description: Indicates whether the Role can be revoked or requested
example: false
endDate:
type: string
format: date-time
description: The date when a user's access expires.
example: '2021-12-25T00:00:00.000Z'
accessProfiles:
type: array
description: The list of Access Profiles associated with this Role
items:
type: object
properties:
id:
type: string
description: The id of the Access Profile
example: 2c91808a7190d06e01719938fcd20792
name:
type: string
description: Name of the Access Profile
example: Employee-database-read-write
description:
type: string
description: Information about the Access Profile
example: Collection of entitlements to read/write the employee database
privileged:
type: boolean
description: Indicates if the entitlement is a privileged entitlement
example: false
cloudGoverned:
type: boolean
description: True if the entitlement is cloud governed
example: false
endDate:
nullable: true
type: string
format: date-time
description: The date at which a user's access expires
example: '2021-12-25T00:00:00.000Z'
owner:
description: Owner of the Access Profile
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only
example: IDENTITY
id:
type: string
description: Identity id.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Human-readable display name of identity. This is read-only
example: Alison Ferguso
email:
type: string
description: Email address of identity. This is read-only
example: alison.ferguso@identitysoon.com
entitlements:
type: array
description: A list of entitlements associated with this Access Profile
items:
type: object
nullable: true
properties:
id:
type: string
description: The id for the entitlement
example: 2c918085718230600171993742c63558
name:
type: string
description: The name of the entitlement
example: CN=entitlement.bbb7c650
description:
nullable: true
type: string
description: Information about the entitlement
example: Gives read/write access to the company database
privileged:
type: boolean
example: false
default: false
description: Indicates if the entitlement is a privileged entitlement
owner:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only
example: IDENTITY
id:
type: string
description: Identity id.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Human-readable display name of identity. This is read-only
example: Alison Ferguso
email:
type: string
description: Email address of identity. This is read-only
example: alison.ferguso@identitysoon.com
attributeName:
type: string
description: The name of the attribute on the source
example: memberOf
attributeValue:
type: string
description: The value of the attribute on the source
example: CN=entitlement.bbb7c650
sourceSchemaObjectType:
type: string
description: The schema object type on the source used to represent the entitlement and its attributes
example: groups
sourceName:
type: string
description: The name of the source for which this entitlement belongs
example: ODS-AD-Source
sourceType:
type: string
description: The type of the source for which the entitlement belongs
example: Active Directory - Direct
sourceId:
type: string
description: The ID of the source for which the entitlement belongs
example: 78ca6be511cb41fbb86dba2fcca7780c
hasPermissions:
type: boolean
default: false
description: Indicates if the entitlement has permissions
example: false
isPermission:
type: boolean
default: false
description: Indicates if the entitlement is a representation of an account permission
example: false
revocable:
type: boolean
default: false
description: Indicates whether the entitlement can be revoked
example: true
cloudGoverned:
type: boolean
default: false
description: True if the entitlement is cloud governed
example: false
containsDataAccess:
type: boolean
description: True if the entitlement has DAS data
default: false
example: true
dataAccess:
type: object
description: DAS data for the entitlement
nullable: true
properties:
policies:
type: array
description: List of classification policies that apply to resources the entitlement \ groups has access to
items:
type: object
properties:
value:
type: string
description: Value of the policy
example: GDPR-20
categories:
type: array
description: List of classification categories that apply to resources the entitlement \ groups has access to
items:
type: object
properties:
value:
type: string
description: Value of the category
example: email-7
matchCount:
type: integer
description: Number of matched for each category
example: 10
impactScore:
type: object
properties:
value:
type: string
description: Impact Score for this data
example: Medium
account:
type: object
nullable: true
description: Information about the status of the entitlement
properties:
nativeIdentity:
type: string
description: The native identity for this account
example: CN=Alison Ferguso
disabled:
type: boolean
default: false
example: false
description: Indicates whether this account is currently disabled
locked:
type: boolean
default: false
example: false
description: Indicates whether this account is currently locked
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
nullable: true
type: string
description: The id associated with the account
example: 2c9180857182305e0171993737eb29e6
name:
nullable: true
type: string
description: The account name
example: Alison Ferguso
created:
nullable: true
type: string
format: date-time
description: When the account was created
example: '2020-04-20T20:11:05.067Z'
modified:
nullable: true
type: string
format: date-time
description: When the account was last modified
example: '2020-05-20T18:57:16.987Z'
activityInsights:
type: object
description: Insights into account activity
properties:
accountID:
type: string
description: UUID of the account
example: c4ddd5421d8549f0abd309162cafd3b1
usageDays:
type: integer
format: int32
minimum: 0
maximum: 90
description: The number of days of activity
example: 45
usageDaysState:
type: string
enum:
- COMPLETE
- UNKNOWN
description: Status indicating if the activity is complete or unknown
example: COMPLETE
created:
type: string
description: Date the Access Profile was created.
format: date-time
example: '2021-01-01T22:32:58.104Z'
modified:
type: string
description: Date the Access Profile was last modified.
format: date-time
example: '2021-02-01T22:32:58.104Z'
entitlements:
type: array
description: The list of entitlements associated with this Role
items:
type: object
nullable: true
properties:
id:
type: string
description: The id for the entitlement
example: 2c918085718230600171993742c63558
name:
type: string
description: The name of the entitlement
example: CN=entitlement.bbb7c650
description:
nullable: true
type: string
description: Information about the entitlement
example: Gives read/write access to the company database
privileged:
type: boolean
example: false
default: false
description: Indicates if the entitlement is a privileged entitlement
owner:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only
example: IDENTITY
id:
type: string
description: Identity id.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Human-readable display name of identity. This is read-only
example: Alison Ferguso
email:
type: string
description: Email address of identity. This is read-only
example: alison.ferguso@identitysoon.com
attributeName:
type: string
description: The name of the attribute on the source
example: memberOf
attributeValue:
type: string
description: The value of the attribute on the source
example: CN=entitlement.bbb7c650
sourceSchemaObjectType:
type: string
description: The schema object type on the source used to represent the entitlement and its attributes
example: groups
sourceName:
type: string
description: The name of the source for which this entitlement belongs
example: ODS-AD-Source
sourceType:
type: string
description: The type of the source for which the entitlement belongs
example: Active Directory - Direct
sourceId:
type: string
description: The ID of the source for which the entitlement belongs
example: 78ca6be511cb41fbb86dba2fcca7780c
hasPermissions:
type: boolean
default: false
description: Indicates if the entitlement has permissions
example: false
isPermission:
type: boolean
default: false
description: Indicates if the entitlement is a representation of an account permission
example: false
revocable:
type: boolean
default: false
description: Indicates whether the entitlement can be revoked
example: true
cloudGoverned:
type: boolean
default: false
description: True if the entitlement is cloud governed
example: false
containsDataAccess:
type: boolean
description: True if the entitlement has DAS data
default: false
example: true
dataAccess:
type: object
description: DAS data for the entitlement
nullable: true
properties:
policies:
type: array
description: List of classification policies that apply to resources the entitlement \ groups has access to
items:
type: object
properties:
value:
type: string
description: Value of the policy
example: GDPR-20
categories:
type: array
description: List of classification categories that apply to resources the entitlement \ groups has access to
items:
type: object
properties:
value:
type: string
description: Value of the category
example: email-7
matchCount:
type: integer
description: Number of matched for each category
example: 10
impactScore:
type: object
properties:
value:
type: string
description: Impact Score for this data
example: Medium
account:
type: object
nullable: true
description: Information about the status of the entitlement
properties:
nativeIdentity:
type: string
description: The native identity for this account
example: CN=Alison Ferguso
disabled:
type: boolean
default: false
example: false
description: Indicates whether this account is currently disabled
locked:
type: boolean
default: false
example: false
description: Indicates whether this account is currently locked
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
nullable: true
type: string
description: The id associated with the account
example: 2c9180857182305e0171993737eb29e6
name:
nullable: true
type: string
description: The account name
example: Alison Ferguso
created:
nullable: true
type: string
format: date-time
description: When the account was created
example: '2020-04-20T20:11:05.067Z'
modified:
nullable: true
type: string
format: date-time
description: When the account was last modified
example: '2020-05-20T18:57:16.987Z'
activityInsights:
type: object
description: Insights into account activity
properties:
accountID:
type: string
description: UUID of the account
example: c4ddd5421d8549f0abd309162cafd3b1
usageDays:
type: integer
format: int32
minimum: 0
maximum: 90
description: The number of days of activity
example: 45
usageDaysState:
type: string
enum:
- COMPLETE
- UNKNOWN
description: Status indicating if the activity is complete or unknown
example: COMPLETE
example:
- access:
type: ENTITLEMENT
id: 2c9180857182305e01719937429e2bad
name: CN=Engineering
entitlement:
id: 2c9180857182305e01719937429e2bad
name: CN=Engineering
description: Access to the engineering database
privileged: false
owner:
email: brandon.gray@acme-solar.com
type: IDENTITY
id: 2c9180867160846801719932c5153fb7
name: Brandon Gray
attributeName: memberOf
attributeValue: CN=Engineering
sourceName: ODS-AD-Source
hasPermissions: true
revocable: true
containsDataAccess: true
dataAccess:
policies:
- value: GDPR-1
- value: GDPR-2
categories:
- value: email-7
matchCount: 74
- value: email-9
matchCount: 30
impactScore:
value: Medium
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/certifications/{id}/identity-summaries/{identitySummaryId}':
get:
operationId: getIdentitySummary
tags:
- Certification Summaries
summary: Summary for Identity
description: This API returns the summary for an identity on a specified identity campaign certification. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The identity campaign certification ID
example: ef38f94347e94562b5bb8424a56397d8
- in: path
name: identitySummaryId
schema:
type: string
required: true
description: The identity summary ID
example: 2c91808772a504f50172a9540e501ba8
responses:
'200':
description: An identity summary
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The ID of the identity summary
example: 2c91808772a504f50172a9540e501ba7
name:
type: string
description: Name of the linked identity
example: Alison Ferguso
identityId:
type: string
description: The ID of the identity being certified
example: 2c9180857182306001719937377a33de
completed:
type: boolean
description: Indicates whether the review items for the linked identity's certification have been completed
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/certifications/{certificationId}/access-review-items/{itemId}/permissions':
get:
operationId: getIdentityCertificationItemPermissions
tags:
- Certifications
summary: Permissions for Entitlement Certification Item
description: This API returns the permissions associated with an entitlement certification item based on the certification item's ID. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API.
security:
- UserContextAuth:
- 'idn:certification:read'
parameters:
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**target**: *eq, sw*
**rights**: *ca*
Supported composite operators: *and, or*
All field values (second filter operands) are case-insensitive for this API.
Only a single *and* or *or* composite filter operator may be used. It must also be used between a target filter and a rights filter, not between 2 filters for the same field.
For example, the following is valid: `?filters=rights+ca+(%22CREATE%22)+and+target+eq+%22SYS.OBJAUTH2%22`
The following is invalid: 1?filters=rights+ca+(%22CREATE%22)+and+rights+ca+(%SELECT%22)1
example: target eq "SYS.OBJAUTH2"
- in: path
name: certificationId
schema:
type: string
required: true
description: The certification ID
example: ef38f94347e94562b5bb8424a56397d8
- in: path
name: itemId
schema:
type: string
required: true
description: The certification item ID
example: 2c91808671bcbab40171bd945d961227
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: A list of permissions associated with the given itemId
content:
application/json:
schema:
type: array
items:
type: object
description: 'Simplified DTO for the Permission objects stored in SailPoint''s database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.'
properties:
rights:
type: array
description: All the rights (e.g. actions) that this permission allows on the target
readOnly: true
items:
type: string
example: SELECT
target:
type: string
description: The target the permission would grants rights on.
readOnly: true
example: SYS.GV_$TRANSACTION
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/certifications/{id}/reviewers':
get:
operationId: listCertificationReviewers
tags:
- Certifications
summary: List of Reviewers for certification
description: This API returns a list of reviewers for the certification. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API.
security:
- UserContextAuth:
- 'idn:certification:read'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The certification ID
example: ef38f94347e94562b5bb8424a56397d8
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, sw*
**email**: *eq, sw*
example: name eq "Bob"
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, email**
example: name
responses:
'200':
description: A list of reviewers
content:
application/json:
schema:
type: array
items:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only
example: IDENTITY
id:
type: string
description: Identity id.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Human-readable display name of identity. This is read-only
example: Alison Ferguso
email:
type: string
description: Email address of identity. This is read-only
example: alison.ferguso@identitysoon.com
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/certifications/{id}/reassign-async':
post:
operationId: submitReassignCertsAsync
tags:
- Certifications
summary: Reassign Certifications Asynchronously
description: This API initiates a task to reassign up to 500 identities or items in an identity campaign certification to another reviewer. The `certification-tasks` API can be used to get an updated status on the task and determine when the reassignment is complete. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API.
security:
- UserContextAuth:
- 'idn:certification:write'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The identity campaign certification ID
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
reassign:
type: array
items:
type: object
properties:
id:
type: string
description: The ID of item or identity being reassigned.
example: ef38f94347e94562b5bb8424a56397d8
type:
type: string
description: The type of item or identity being reassigned.
enum:
- TARGET_SUMMARY
- ITEM
- IDENTITY_SUMMARY
example: ITEM
required:
- id
- type
reassignTo:
type: string
description: The ID of the identity to which the certification is reassigned
example: ef38f94347e94562b5bb8424a56397d8
reason:
type: string
description: The reason comment for why the reassign was made
example: reassigned for some reason
required:
- reassign
- reassignTo
- reason
responses:
'200':
description: A certification task object for the reassignment which can be queried for status.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The ID of the certification task.
example: 2c918086719eec070171a7e3355a360a
type:
type: string
description: The type of the certification task. More values may be added in the future.
enum:
- REASSIGN
- ADMIN_REASSIGN
- COMPLETE_CERTIFICATION
- FINISH_CERTIFICATION
- COMPLETE_CAMPAIGN
- ACTIVATE_CAMPAIGN
- CAMPAIGN_CREATE
- CAMPAIGN_DELETE
example: ADMIN_REASSIGN
targetType:
type: string
description: The type of item that is being operated on by this task whose ID is stored in the targetId field.
enum:
- CERTIFICATION
- CAMPAIGN
example: CAMPAIGN
targetId:
type: string
description: The ID of the item being operated on by this task.
example: 2c918086719eec070171a7e3355a834c
status:
type: string
description: The status of the task.
enum:
- QUEUED
- IN_PROGRESS
- SUCCESS
- ERROR
example: QUEUED
errors:
description: A list of errors that have been encountered by the task.
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
reassignmentTrailDTOs:
description: Reassignment trails that lead to self certification identity
type: array
items:
type: object
properties:
previousOwner:
type: string
description: The ID of previous owner identity.
example: ef38f94347e94562b5bb8424a56397d8
newOwner:
type: string
description: The ID of new owner identity.
example: ef38f94347e94562b5bb8424a56397a3
reassignmentType:
type: string
description: The type of reassignment.
example: AUTOMATIC_REASSIGNMENT
example:
previousOwner: ef38f94347e94562b5bb8424a56397d8
newOwner: ef38f94347e94562b5bb8424a56397a3
reassignmentType: AUTOMATIC_REASSIGNMENT
created:
type: string
description: The date and time on which this task was created.
format: date-time
example: '2020-09-24T18:10:47.693Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/certification-tasks/{id}':
get:
operationId: getCertificationTask
tags:
- Certifications
summary: Certification Task by ID
description: This API returns the certification task for the specified ID. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for the specified certification can also call this API.
security:
- UserContextAuth:
- 'idn:certification:read'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The task ID
example: 63b32151-26c0-42f4-9299-8898dc1c9daa
responses:
'200':
description: A certification task
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The ID of the certification task.
example: 2c918086719eec070171a7e3355a360a
type:
type: string
description: The type of the certification task. More values may be added in the future.
enum:
- REASSIGN
- ADMIN_REASSIGN
- COMPLETE_CERTIFICATION
- FINISH_CERTIFICATION
- COMPLETE_CAMPAIGN
- ACTIVATE_CAMPAIGN
- CAMPAIGN_CREATE
- CAMPAIGN_DELETE
example: ADMIN_REASSIGN
targetType:
type: string
description: The type of item that is being operated on by this task whose ID is stored in the targetId field.
enum:
- CERTIFICATION
- CAMPAIGN
example: CAMPAIGN
targetId:
type: string
description: The ID of the item being operated on by this task.
example: 2c918086719eec070171a7e3355a834c
status:
type: string
description: The status of the task.
enum:
- QUEUED
- IN_PROGRESS
- SUCCESS
- ERROR
example: QUEUED
errors:
description: A list of errors that have been encountered by the task.
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
reassignmentTrailDTOs:
description: Reassignment trails that lead to self certification identity
type: array
items:
type: object
properties:
previousOwner:
type: string
description: The ID of previous owner identity.
example: ef38f94347e94562b5bb8424a56397d8
newOwner:
type: string
description: The ID of new owner identity.
example: ef38f94347e94562b5bb8424a56397a3
reassignmentType:
type: string
description: The type of reassignment.
example: AUTOMATIC_REASSIGNMENT
example:
previousOwner: ef38f94347e94562b5bb8424a56397d8
newOwner: ef38f94347e94562b5bb8424a56397a3
reassignmentType: AUTOMATIC_REASSIGNMENT
created:
type: string
description: The date and time on which this task was created.
format: date-time
example: '2020-09-24T18:10:47.693Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/certification-tasks:
get:
operationId: getPendingCertificationTasks
tags:
- Certifications
summary: List of Pending Certification Tasks
description: 'This API returns a list of pending (`QUEUED` or `IN_PROGRESS`) certification tasks. Any authenticated token can call this API, but only certification tasks you are authorized to review will be returned.'
security:
- UserContextAuth:
- 'idn:certification:read'
parameters:
- in: query
name: reviewer-identity
schema:
type: string
example: Ada.1de82e55078344
description: The ID of reviewer identity. *me* indicates the current user.
required: false
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
example: type eq "ADMIN_REASSIGN"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**targetId**: *eq, in*
**type**: *eq, in*
responses:
'200':
description: A list of pending certification tasks
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The ID of the certification task.
example: 2c918086719eec070171a7e3355a360a
type:
type: string
description: The type of the certification task. More values may be added in the future.
enum:
- REASSIGN
- ADMIN_REASSIGN
- COMPLETE_CERTIFICATION
- FINISH_CERTIFICATION
- COMPLETE_CAMPAIGN
- ACTIVATE_CAMPAIGN
- CAMPAIGN_CREATE
- CAMPAIGN_DELETE
example: ADMIN_REASSIGN
targetType:
type: string
description: The type of item that is being operated on by this task whose ID is stored in the targetId field.
enum:
- CERTIFICATION
- CAMPAIGN
example: CAMPAIGN
targetId:
type: string
description: The ID of the item being operated on by this task.
example: 2c918086719eec070171a7e3355a834c
status:
type: string
description: The status of the task.
enum:
- QUEUED
- IN_PROGRESS
- SUCCESS
- ERROR
example: QUEUED
errors:
description: A list of errors that have been encountered by the task.
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
reassignmentTrailDTOs:
description: Reassignment trails that lead to self certification identity
type: array
items:
type: object
properties:
previousOwner:
type: string
description: The ID of previous owner identity.
example: ef38f94347e94562b5bb8424a56397d8
newOwner:
type: string
description: The ID of new owner identity.
example: ef38f94347e94562b5bb8424a56397a3
reassignmentType:
type: string
description: The type of reassignment.
example: AUTOMATIC_REASSIGNMENT
example:
previousOwner: ef38f94347e94562b5bb8424a56397d8
newOwner: ef38f94347e94562b5bb8424a56397a3
reassignmentType: AUTOMATIC_REASSIGNMENT
created:
type: string
description: The date and time on which this task was created.
format: date-time
example: '2020-09-24T18:10:47.693Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/configuration-hub/object-mappings/{sourceOrg}':
get:
operationId: getObjectMappings
security:
- UserContextAuth:
- 'sp:config-object-mapping:read'
- 'sp:config-object-mapping:manage'
tags:
- Configuration Hub
summary: Gets list of object mappings
description: |-
This gets a list of existing object mappings between current org and source org.
The request will need the following security scope:
- sp:config-object-mapping:read
parameters:
- in: path
name: sourceOrg
schema:
type: string
required: true
description: The name of the source org.
example: source-org
responses:
'200':
description: List of existing object mappings between current org and source org.
content:
application/json:
schema:
type: array
items:
type: object
title: Object Mapping Response
properties:
objectMappingId:
type: string
description: Id of the object mapping
example: 3d6e0144-963f-4bd6-8d8d-d77b4e507ce4
objectType:
type: string
description: Type of the object the mapping value applies to
example: IDENTITY
enum:
- ACCESS_PROFILE
- ACCESS_REQUEST_CONFIG
- ATTR_SYNC_SOURCE_CONFIG
- AUTH_ORG
- CAMPAIGN_FILTER
- ENTITLEMENT
- FORM_DEFINITION
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- LIFECYCLE_STATE
- NOTIFICATION_TEMPLATE
- PASSWORD_POLICY
- PASSWORD_SYNC_GROUP
- PUBLIC_IDENTITIES_CONFIG
- ROLE
- RULE
- SEGMENT
- SERVICE_DESK_INTEGRATION
- SOD_POLICY
- SOURCE
- TAG
- TRANSFORM
- TRIGGER_SUBSCRIPTION
- WORKFLOW
jsonPath:
type: string
description: JSONPath expression denoting the path within the object where the mapping value should be applied
example: $.name
sourceValue:
type: string
description: Original value at the jsonPath location within the object
example: My Governance Group Name
targetValue:
type: string
description: Value to be assigned at the jsonPath location within the object
example: My New Governance Group Name
enabled:
type: boolean
description: Whether or not this object mapping is enabled
default: false
example: false
created:
type: string
description: Object mapping creation timestamp
example: 2024-03-19T23:18:53.732Z
modified:
type: string
description: Object mapping latest update timestamp
example: 2024-03-19T23:18:53.732Z
example:
- objectMappingId: 3d6e0144-963f-4bd6-8d8d-d77b4e507ce4
objectType: GOVERNANCE_GROUP
jsonPath: $.description
sourceValue: Sample Governance Group
targetValue: Sample Governance Group - Updated
enabled: true
created: '2024-03-19T23:18:53.732Z'
modified: '2024-03-19T23:18:53.732Z'
- objectMappingId: e1d5cb80-65e2-4f92-ae2e-9588f61cc4cd
objectType: IDENTITY
jsonPath: $.name
sourceValue: SailPoint Support
targetValue: john.doe
enabled: false
created: '2024-03-19T23:18:06.238Z'
modified: '2024-03-19T23:18:06.238Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createObjectMapping
security:
- UserContextAuth:
- 'sp:config-object-mapping:manage'
tags:
- Configuration Hub
summary: Creates an object mapping
description: |-
This creates an object mapping between current org and source org.
The request will need the following security scope:
- sp:config-object-mapping:manage
parameters:
- in: path
name: sourceOrg
schema:
type: string
required: true
description: The name of the source org.
example: source-org
requestBody:
description: The object mapping request body.
required: true
content:
application/json:
schema:
type: object
title: Object Mapping Request
required:
- objectType
- jsonPath
- sourceValue
- targetValue
properties:
objectType:
type: string
description: 'Type of the object the mapping value applies to, must be one from enum'
example: IDENTITY
enum:
- ACCESS_PROFILE
- ACCESS_REQUEST_CONFIG
- ATTR_SYNC_SOURCE_CONFIG
- AUTH_ORG
- CAMPAIGN_FILTER
- ENTITLEMENT
- FORM_DEFINITION
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- LIFECYCLE_STATE
- NOTIFICATION_TEMPLATE
- PASSWORD_POLICY
- PASSWORD_SYNC_GROUP
- PUBLIC_IDENTITIES_CONFIG
- ROLE
- RULE
- SEGMENT
- SERVICE_DESK_INTEGRATION
- SOD_POLICY
- SOURCE
- TAG
- TRANSFORM
- TRIGGER_SUBSCRIPTION
- WORKFLOW
jsonPath:
type: string
description: JSONPath expression denoting the path within the object where the mapping value should be applied
example: $.name
sourceValue:
type: string
description: Original value at the jsonPath location within the object
example: My Governance Group Name
targetValue:
type: string
description: Value to be assigned at the jsonPath location within the object
example: My New Governance Group Name
enabled:
type: boolean
description: Whether or not this object mapping is enabled
default: false
example: false
example:
objectType: GOVERNANCE_GROUP
jsonPath: $.description
sourceValue: Sample Governance Group
targetValue: Sample Governance Group - Updated
enabled: true
responses:
'200':
description: The created object mapping between current org and source org.
content:
application/json:
schema:
type: object
title: Object Mapping Response
properties:
objectMappingId:
type: string
description: Id of the object mapping
example: 3d6e0144-963f-4bd6-8d8d-d77b4e507ce4
objectType:
type: string
description: Type of the object the mapping value applies to
example: IDENTITY
enum:
- ACCESS_PROFILE
- ACCESS_REQUEST_CONFIG
- ATTR_SYNC_SOURCE_CONFIG
- AUTH_ORG
- CAMPAIGN_FILTER
- ENTITLEMENT
- FORM_DEFINITION
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- LIFECYCLE_STATE
- NOTIFICATION_TEMPLATE
- PASSWORD_POLICY
- PASSWORD_SYNC_GROUP
- PUBLIC_IDENTITIES_CONFIG
- ROLE
- RULE
- SEGMENT
- SERVICE_DESK_INTEGRATION
- SOD_POLICY
- SOURCE
- TAG
- TRANSFORM
- TRIGGER_SUBSCRIPTION
- WORKFLOW
jsonPath:
type: string
description: JSONPath expression denoting the path within the object where the mapping value should be applied
example: $.name
sourceValue:
type: string
description: Original value at the jsonPath location within the object
example: My Governance Group Name
targetValue:
type: string
description: Value to be assigned at the jsonPath location within the object
example: My New Governance Group Name
enabled:
type: boolean
description: Whether or not this object mapping is enabled
default: false
example: false
created:
type: string
description: Object mapping creation timestamp
example: 2024-03-19T23:18:53.732Z
modified:
type: string
description: Object mapping latest update timestamp
example: 2024-03-19T23:18:53.732Z
example:
objectMappingId: 3d6e0144-963f-4bd6-8d8d-d77b4e507ce4
objectType: GOVERNANCE_GROUP
jsonPath: $.description
sourceValue: Sample Governance Group
targetValue: Sample Governance Group - Updated
enabled: true
created: '2024-03-19T23:18:53.732Z'
modified: '2024-03-19T23:18:53.732Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/configuration-hub/object-mappings/{sourceOrg}/{objectMappingId}':
delete:
operationId: deleteObjectMapping
security:
- UserContextAuth:
- 'sp:config-object-mapping:manage'
tags:
- Configuration Hub
summary: Deletes an object mapping
description: |-
This deletes an existing object mapping.
The request will need the following security scope:
- sp:config-object-mapping:manage
parameters:
- in: path
name: sourceOrg
schema:
type: string
required: true
description: The name of the source org.
example: source-org
- in: path
name: objectMappingId
schema:
type: string
required: true
description: The id of the object mapping to be deleted.
example: 3d6e0144-963f-4bd6-8d8d-d77b4e507ce4
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/configuration-hub/object-mappings/{sourceOrg}/bulk-create':
post:
operationId: createObjectMappings
security:
- UserContextAuth:
- 'sp:config-object-mapping:manage'
tags:
- Configuration Hub
summary: Bulk creates object mappings
description: |-
This creates a set of object mappings (Max 25) between current org and source org.
The request will need the following security scope:
- sp:config-object-mapping:manage
parameters:
- in: path
name: sourceOrg
schema:
type: string
required: true
description: The name of the source org.
example: source-org
requestBody:
description: The bulk create object mapping request body.
required: true
content:
application/json:
schema:
type: object
title: Bulk Create Object Mapping Request
required:
- newObjectMappings
properties:
newObjectMappings:
type: array
items:
type: object
title: Object Mapping Request
required:
- objectType
- jsonPath
- sourceValue
- targetValue
properties:
objectType:
type: string
description: 'Type of the object the mapping value applies to, must be one from enum'
example: IDENTITY
enum:
- ACCESS_PROFILE
- ACCESS_REQUEST_CONFIG
- ATTR_SYNC_SOURCE_CONFIG
- AUTH_ORG
- CAMPAIGN_FILTER
- ENTITLEMENT
- FORM_DEFINITION
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- LIFECYCLE_STATE
- NOTIFICATION_TEMPLATE
- PASSWORD_POLICY
- PASSWORD_SYNC_GROUP
- PUBLIC_IDENTITIES_CONFIG
- ROLE
- RULE
- SEGMENT
- SERVICE_DESK_INTEGRATION
- SOD_POLICY
- SOURCE
- TAG
- TRANSFORM
- TRIGGER_SUBSCRIPTION
- WORKFLOW
jsonPath:
type: string
description: JSONPath expression denoting the path within the object where the mapping value should be applied
example: $.name
sourceValue:
type: string
description: Original value at the jsonPath location within the object
example: My Governance Group Name
targetValue:
type: string
description: Value to be assigned at the jsonPath location within the object
example: My New Governance Group Name
enabled:
type: boolean
description: Whether or not this object mapping is enabled
default: false
example: false
example:
newObjectsMappings:
- objectType: SOURCE
jsonPath: $.name
sourceValue: Original SOURCE Name
targetValue: New SOURCE Name
enabled: true
- objectType: IDENTITY
jsonPath: $.name
sourceValue: Original IDENTITY Name
targetValue: 'New IDENTITY Name '
enabled: true
responses:
'200':
description: The created object mapping between current org and source org.
content:
application/json:
schema:
type: object
title: Bulk Create Object Mapping Response
properties:
addedObjects:
type: array
items:
type: object
title: Object Mapping Response
properties:
objectMappingId:
type: string
description: Id of the object mapping
example: 3d6e0144-963f-4bd6-8d8d-d77b4e507ce4
objectType:
type: string
description: Type of the object the mapping value applies to
example: IDENTITY
enum:
- ACCESS_PROFILE
- ACCESS_REQUEST_CONFIG
- ATTR_SYNC_SOURCE_CONFIG
- AUTH_ORG
- CAMPAIGN_FILTER
- ENTITLEMENT
- FORM_DEFINITION
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- LIFECYCLE_STATE
- NOTIFICATION_TEMPLATE
- PASSWORD_POLICY
- PASSWORD_SYNC_GROUP
- PUBLIC_IDENTITIES_CONFIG
- ROLE
- RULE
- SEGMENT
- SERVICE_DESK_INTEGRATION
- SOD_POLICY
- SOURCE
- TAG
- TRANSFORM
- TRIGGER_SUBSCRIPTION
- WORKFLOW
jsonPath:
type: string
description: JSONPath expression denoting the path within the object where the mapping value should be applied
example: $.name
sourceValue:
type: string
description: Original value at the jsonPath location within the object
example: My Governance Group Name
targetValue:
type: string
description: Value to be assigned at the jsonPath location within the object
example: My New Governance Group Name
enabled:
type: boolean
description: Whether or not this object mapping is enabled
default: false
example: false
created:
type: string
description: Object mapping creation timestamp
example: 2024-03-19T23:18:53.732Z
modified:
type: string
description: Object mapping latest update timestamp
example: 2024-03-19T23:18:53.732Z
example:
addedObjects:
- objectMappingId: 603b1a61-d03d-4ed1-864f-a508fbd1995d
objectType: SOURCE
jsonPath: $.name
sourceValue: Original SOURCE Name
targetValue: New SOURCE Name
enabled: true
created: '2024-03-25T15:50:41.314Z'
modified: '2024-03-25T15:50:41.299Z'
- objectMappingId: 00bece34-f50d-4227-8878-76f620b5a971
objectType: IDENTITY
jsonPath: $.name
sourceValue: Original IDENTITY Name
targetValue: 'New IDENTITY Name '
enabled: true
created: '2024-03-25T15:50:41.316Z'
modified: '2024-03-25T15:50:41.316Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/configuration-hub/object-mappings/{sourceOrg}/bulk-patch':
post:
operationId: updateObjectMappings
security:
- UserContextAuth:
- 'sp:config-object-mapping:manage'
tags:
- Configuration Hub
summary: Bulk updates object mappings
description: |-
This updates a set of object mappings, only enabled and targetValue fields can be updated.
The request will need the following security scope:
- sp:config-object-mapping:manage
parameters:
- in: path
name: sourceOrg
schema:
type: string
required: true
description: The name of the source org.
example: source-org
requestBody:
description: The object mapping request body.
required: true
content:
application/json:
schema:
type: object
title: Bulk Update Object Mapping Request
required:
- patches
properties:
patches:
description: Map of id of the object mapping to a JsonPatchOperation describing what to patch on that object mapping.
type: object
additionalProperties:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
603b1a61-d03d-4ed1-864f-a508fbd1995d:
- op: replace
path: /enabled
value: true
00bece34-f50d-4227-8878-76f620b5a971:
- op: replace
path: /targetValue
value: New Target Value
example:
patches:
603b1a61-d03d-4ed1-864f-a508fbd1995d:
- op: replace
path: /enabled
value: true
00bece34-f50d-4227-8878-76f620b5a971:
- op: replace
path: /targetValue
value: New Target Value
responses:
'200':
description: The updated object mappings.
content:
application/json:
schema:
type: object
title: Bulk Update Object Mapping Response
properties:
patchedObjects:
type: array
items:
type: object
title: Object Mapping Response
properties:
objectMappingId:
type: string
description: Id of the object mapping
example: 3d6e0144-963f-4bd6-8d8d-d77b4e507ce4
objectType:
type: string
description: Type of the object the mapping value applies to
example: IDENTITY
enum:
- ACCESS_PROFILE
- ACCESS_REQUEST_CONFIG
- ATTR_SYNC_SOURCE_CONFIG
- AUTH_ORG
- CAMPAIGN_FILTER
- ENTITLEMENT
- FORM_DEFINITION
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- LIFECYCLE_STATE
- NOTIFICATION_TEMPLATE
- PASSWORD_POLICY
- PASSWORD_SYNC_GROUP
- PUBLIC_IDENTITIES_CONFIG
- ROLE
- RULE
- SEGMENT
- SERVICE_DESK_INTEGRATION
- SOD_POLICY
- SOURCE
- TAG
- TRANSFORM
- TRIGGER_SUBSCRIPTION
- WORKFLOW
jsonPath:
type: string
description: JSONPath expression denoting the path within the object where the mapping value should be applied
example: $.name
sourceValue:
type: string
description: Original value at the jsonPath location within the object
example: My Governance Group Name
targetValue:
type: string
description: Value to be assigned at the jsonPath location within the object
example: My New Governance Group Name
enabled:
type: boolean
description: Whether or not this object mapping is enabled
default: false
example: false
created:
type: string
description: Object mapping creation timestamp
example: 2024-03-19T23:18:53.732Z
modified:
type: string
description: Object mapping latest update timestamp
example: 2024-03-19T23:18:53.732Z
example:
patchedObjects:
- objectMappingId: 603b1a61-d03d-4ed1-864f-a508fbd1995d
objectType: SOURCE
jsonPath: $.name
sourceValue: Original SOURCE Name
targetValue: New SOURCE Name
enabled: true
created: '2024-03-25T15:50:41.314Z'
modified: '2024-03-25T15:50:41.299Z'
- objectMappingId: 00bece34-f50d-4227-8878-76f620b5a971
objectType: IDENTITY
jsonPath: $.name
sourceValue: Original IDENTITY Name
targetValue: 'New IDENTITY Name '
enabled: true
created: '2024-03-25T15:50:41.316Z'
modified: '2024-03-25T15:50:41.316Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/configuration-hub/backups/uploads:
post:
operationId: importUploadedBackup
security:
- UserContextAuth:
- 'sp:config-backups:manage'
tags:
- Configuration Hub
summary: Uploads a backup file
description: |-
This post will upload a JSON backup file into a tenant. Configuration files can be managed and deployed via Configuration Hub by uploading a json file which contains configuration data. The JSON file should be the same as the one used by our import endpoints. The object types that currently support by upload file functionality are the same as the ones supported by our regular backup functionality. here: [SaaS Configuration](https://developer.sailpoint.com/idn/docs/saas-configuration/#supported-objects).
The request will need the following security scope:
- sp:config:manage
requestBody:
description: |
The body will consist of "data" which should contain the json file and name wish should be the name you want to assign to the uploaded file"
__Example__
data: "uploaded.json",
name: "A_NEW_UPLOADED_BACKUP"
__Sample Upload File__
{
"version": 1,
"tenant": "a-sample-tenant",
"objects":
[
{
"version": 1,
"self":
{
"id": "0a59c7196d2917f8aa6d29686e6600fb",
"type": "SOURCE",
"name": "Extended Form"
},
"object":
{
"id": "0a59c7196d2917f8aa6d29686e6600fb",
"name": "Extended Form",
"type": "DelimitedFile",
"connectorClass": "sailpoint.connector.DelimitedFileConnector",
"connectorScriptName": "delimited-file-angularsc",
"description": "Migrated app - Extended Form (original ID: 0a59c7196d2917f8aa6d29686e6600fb)",
"deleteThreshold": 10,
"provisionAsCsv": false,
"owner":
{
"type": "IDENTITY",
"id": "0a59c7196d2917f8816d29685fed00c3",
"name": "slpt.services"
},
"connectorAttributes":
{
"beforemoveAccount": "Do Nothing",
"beforemoverAccount": "Do Nothing",
"busApp": "false",
"file": "Empty",
"filetransport": "local",
"filterEmptyRecords": "true",
"group.filetransport": "local",
"group.filterEmptyRecords": "true",
"group.partitionMode": "auto",
"hasHeader": "true",
"indexColumn": "ID",
"isCaseInsensitiveMerge": "false",
"isSortedByIndexColumn": "false",
"loaProcess": "Do Nothing",
"ltdProcess": "Do Nothing",
"mergeRows": "false",
"moverProcess": "Do Nothing",
"moverRevocation": "Do Nothing",
"nativeChangeDetectionAttributeScope": "entitlements",
"nativeChangeDetectionEnabled": "false",
"nativeChangeProcess": "Do Nothing",
"parseType": "delimited",
"partitionMode": "auto",
"policyType": "Do Nothing",
"rehireProcess": "Do Nothing",
"reverseleaverProcess": "Do Nothing",
"rtwloaProcess": "Do Nothing",
"rtwltdProcess": "Do Nothing",
"stopIfLineHasWrongColumnLength": "false",
"templateApplication": "DelimitedFile Template",
"terminationProcess": "Do Nothing"
},
"schemas":
[],
"provisioningPolicies":
[],
"features":
[
"DIRECT_PERMISSIONS",
"NO_RANDOM_ACCESS",
"DISCOVER_SCHEMA"
]
}
}
]
}
required: true
content:
multipart/form-data:
schema:
type: object
properties:
data:
type: string
format: binary
description: JSON file containing the objects to be imported.
name:
type: string
description: Name that will be assigned to the uploaded file.
required:
- data
- name
responses:
'202':
description: Upload job accepted and queued for processing.
content:
application/json:
schema:
type: object
properties:
jobId:
type: string
description: Unique id assigned to this job.
example: 3469b87d-48ca-439a-868f-2160001da8c1
status:
type: string
description: Status of the job.
enum:
- NOT_STARTED
- IN_PROGRESS
- COMPLETE
- CANCELLED
- FAILED
example: COMPLETE
type:
type: string
description: 'Type of the job, either Backup or Draft.'
enum:
- BACKUP
- DRAFT
example: BACKUP
tenant:
type: string
description: The name of the tenant performing the upload
example: uploaderTenant
requesterName:
type: string
description: The name of the requester.
example: support
created:
type: string
format: date-time
description: The time the job was started.
example: '2021-05-11T22:23:16Z'
modified:
type: string
format: date-time
description: The time of the last update to the job.
example: '2021-05-11T22:23:16Z'
name:
type: string
description: The name assigned to the upload file in the request body.
example: A_NEW_UPLOADED_BACKUP
userCanDelete:
type: boolean
default: true
description: 'Is the job a regular backup job, if so is the user allowed to delete the backup file. Since this is an upload job it remains as false.'
example: false
isPartial:
type: boolean
default: false
description: 'Is the job a regular backup job, if so is it partial. Since this is an upload job it remains as false.'
example: false
backupType:
type: string
description: What kind of backup is this being treated as.
enum:
- UPLOADED
- AUTOMATED
- MANUAL
example: UPLOADED
hydrationStatus:
type: string
description: have the objects contained in the upload file been hydrated.
enum:
- HYDRATED
- NOT_HYDRATED
example: NOT_HYDRATED
required:
- jobId
- status
- type
- created
- modified
'400':
description: |
Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
operationId: getUploadedBackups
security:
- UserContextAuth:
- 'sp:config-backups:read'
tags:
- Configuration Hub
summary: Gets list of Uploaded backups
description: |-
Returns a list of the current uploaded backups associated with the current tenant.
A filter "status" can be added to only return the Completed, Failed, or Successful uploads
parameters:
- in: query
name: status
schema:
type: string
required: false
description: Filter listed uploaded backups by status of operation
example: COMPLETE
responses:
'200':
description: List of existing uploaded backups.
content:
application/json:
schema:
type: array
items:
type: object
properties:
jobId:
type: string
description: Unique id assigned to this job.
example: 3469b87d-48ca-439a-868f-2160001da8c1
status:
type: string
description: Status of the job.
enum:
- NOT_STARTED
- IN_PROGRESS
- COMPLETE
- CANCELLED
- FAILED
example: COMPLETE
type:
type: string
description: 'Type of the job, either Backup or Draft.'
enum:
- BACKUP
- DRAFT
example: BACKUP
tenant:
type: string
description: The name of the tenant performing the upload
example: uploaderTenant
requesterName:
type: string
description: The name of the requester.
example: support
created:
type: string
format: date-time
description: The time the job was started.
example: '2021-05-11T22:23:16Z'
modified:
type: string
format: date-time
description: The time of the last update to the job.
example: '2021-05-11T22:23:16Z'
name:
type: string
description: The name assigned to the upload file in the request body.
example: A_NEW_UPLOADED_BACKUP
userCanDelete:
type: boolean
default: true
description: 'Is the job a regular backup job, if so is the user allowed to delete the backup file. Since this is an upload job it remains as false.'
example: false
isPartial:
type: boolean
default: false
description: 'Is the job a regular backup job, if so is it partial. Since this is an upload job it remains as false.'
example: false
backupType:
type: string
description: What kind of backup is this being treated as.
enum:
- UPLOADED
- AUTOMATED
- MANUAL
example: UPLOADED
hydrationStatus:
type: string
description: have the objects contained in the upload file been hydrated.
enum:
- HYDRATED
- NOT_HYDRATED
example: NOT_HYDRATED
required:
- jobId
- status
- type
- created
- modified
example:
- jobId: 3d0fe04b-57df-4a46-a83b-8f04b0f9d10b
status: FAILED
type: BACKUP
tenant: someTenant
message: 'com.sailpoint.sp.config.exception.IncorrectBackupUploadFormatException: Uploaded backup file could not be parsed to correct format.'
requesterName: support
fileExists: false
created: '2024-04-04T17:29:16.904Z'
modified: '2024-04-04T17:29:17.076Z'
name: dfs
userCanDelete: false
isPartial: false
backupType: UPLOADED
hydrationStatus: NOT_HYDRATED
totalObjectCount: 0
- jobId: 281d421c-0643-4004-9fe5-29a95d2f73df
status: COMPLETE
type: BACKUP
tenant: someTenant
requesterName: support
fileExists: true
created: '2024-03-07T21:11:00.375Z'
modified: '2024-03-07T21:11:25.046Z'
completed: '2024-03-07T21:11:00.66Z'
name: test1
userCanDelete: false
isPartial: false
backupType: UPLOADED
hydrationStatus: HYDRATED
totalObjectCount: 64
- jobId: 4831ad5c-f6cf-42a6-a191-8c4abec30006
status: COMPLETE
type: BACKUP
tenant: someTenant
requesterName: support
fileExists: true
created: '2024-02-26T18:19:26.312Z'
modified: '2024-02-26T18:19:40.773Z'
completed: '2024-02-26T18:19:26.545Z'
name: testing Daniel
userCanDelete: false
isPartial: false
backupType: UPLOADED
hydrationStatus: HYDRATED
totalObjectCount: 64
- jobId: 2ea830f3-2b14-4772-8a20-3d006742e419
status: COMPLETE
type: BACKUP
tenant: someTenant
requesterName: support
fileExists: true
created: '2024-02-20T22:08:31.064Z'
modified: '2024-02-20T22:13:15.662Z'
completed: '2024-02-20T22:08:31.689Z'
name: something new
userCanDelete: false
isPartial: false
backupType: UPLOADED
hydrationStatus: HYDRATED
totalObjectCount: 2
- jobId: 473b5cef-90e4-4cb3-ad43-7671c17d3a46
status: COMPLETE
type: BACKUP
tenant: someTenant
requesterName: support
fileExists: true
created: '2024-02-19T21:30:07.947Z'
modified: '2024-02-19T21:31:01.65Z'
completed: '2024-02-19T21:30:08.195Z'
name: test upload
userCanDelete: false
isPartial: false
backupType: UPLOADED
hydrationStatus: HYDRATED
totalObjectCount: 2
- jobId: 09491993-9cb6-49a7-8d37-8bef54d33502
status: COMPLETE
type: BACKUP
tenant: someTenant
requesterName: support
fileExists: true
created: '2024-02-19T19:54:15.373Z'
modified: '2024-02-19T20:39:00.341Z'
completed: '2024-02-19T19:54:15.605Z'
name: Testing Daniel
userCanDelete: false
isPartial: false
backupType: UPLOADED
hydrationStatus: HYDRATED
totalObjectCount: 2
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/configuration-hub/backups/uploads/{id}':
delete:
operationId: deleteUploadedBackup
security:
- UserContextAuth:
- 'sp:config-backups:manage'
- 'sp:config-backups:read'
tags:
- Configuration Hub
summary: Deletes an uploaded backup file
description: |-
This deletes an Uploaded backup based on job ID.
On success, this endpoint will return an empty response.
The job id can be obtained from the response after a successful upload, or the list uploads endpoint.
The following scopes are required to access this endpoint: sp:config:manage
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The id of the uploaded backup.
example: 3d0fe04b-57df-4a46-a83b-8f04b0f9d10b
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
operationId: getUploadedBackup
security:
- UserContextAuth:
- 'sp:config-backups:read'
tags:
- Configuration Hub
summary: Get an uploaded backup's information
description: |-
Returns all the information and status of an upload job.
- sp:config-backups:read
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The id of the uploaded backup.
example: 3d0fe04b-57df-4a46-a83b-8f04b0f9d10b
responses:
'200':
description: List of existing uploaded backups.
content:
application/json:
schema:
type: object
items:
type: object
properties:
jobId:
type: string
description: Unique id assigned to this job.
example: 3469b87d-48ca-439a-868f-2160001da8c1
status:
type: string
description: Status of the job.
enum:
- NOT_STARTED
- IN_PROGRESS
- COMPLETE
- CANCELLED
- FAILED
example: COMPLETE
type:
type: string
description: 'Type of the job, either Backup or Draft.'
enum:
- BACKUP
- DRAFT
example: BACKUP
tenant:
type: string
description: The name of the tenant performing the upload
example: uploaderTenant
requesterName:
type: string
description: The name of the requester.
example: support
created:
type: string
format: date-time
description: The time the job was started.
example: '2021-05-11T22:23:16Z'
modified:
type: string
format: date-time
description: The time of the last update to the job.
example: '2021-05-11T22:23:16Z'
name:
type: string
description: The name assigned to the upload file in the request body.
example: A_NEW_UPLOADED_BACKUP
userCanDelete:
type: boolean
default: true
description: 'Is the job a regular backup job, if so is the user allowed to delete the backup file. Since this is an upload job it remains as false.'
example: false
isPartial:
type: boolean
default: false
description: 'Is the job a regular backup job, if so is it partial. Since this is an upload job it remains as false.'
example: false
backupType:
type: string
description: What kind of backup is this being treated as.
enum:
- UPLOADED
- AUTOMATED
- MANUAL
example: UPLOADED
hydrationStatus:
type: string
description: have the objects contained in the upload file been hydrated.
enum:
- HYDRATED
- NOT_HYDRATED
example: NOT_HYDRATED
required:
- jobId
- status
- type
- created
- modified
example:
jobId: 2ea830f3-2b14-4772-8a20-3d006742e419
status: COMPLETE
type: BACKUP
tenant: someTenant
requesterName: support
fileExists: true
created: '2024-02-20T22:08:31.064Z'
modified: '2024-02-20T22:13:15.662Z'
completed: '2024-02-20T22:08:31.689Z'
name: something new
userCanDelete: false
isPartial: false
backupType: UPLOADED
hydrationStatus: HYDRATED
totalObjectCount: 2
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/connectors/{scriptName}':
get:
tags:
- Connectors
operationId: getConnector
description: |-
Fetches a connector that using its script name.
A token with ORG_ADMIN authority is required to call this API.
parameters:
- name: scriptName
in: path
description: The scriptName value of the connector. Scriptname is the unique id generated at connector creation.
required: true
style: simple
explode: false
schema:
type: string
example: aScriptName
- in: query
name: locale
schema:
type: string
enum:
- de
- 'no'
- fi
- sv
- ru
- pt
- ko
- zh-TW
- en
- it
- fr
- zh-CN
- hu
- es
- cs
- ja
- pl
- da
- nl
example: de
description: 'The locale to apply to the config. If no viable locale is given, it will default to "en"'
responses:
'200':
description: A Connector Dto object
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: The connector name
example: name
type:
type: string
description: The connector type
example: ServiceNow
className:
type: string
description: The connector class name
example: class name
scriptName:
type: string
description: The connector script name
example: servicenow
applicationXml:
type: string
description: The connector application xml
example: |
correlationConfigXml:
type: string
description: The connector correlation config xml
example: "\n\n\n\n\n\n\t\n\t\t\n\t\t\n\t\t\n\t\n\n"
sourceConfigXml:
type: string
description: The connector source config xml
example: |-
sourceConfig:
type: string
description: The connector source config
example: |-
sourceConfigFrom:
type: string
description: The connector source config origin
example: sp-connect
s3Location:
type: string
description: storage path key for this connector
example: custom-connector/scriptname
uploadedFiles:
type: array
description: The list of uploaded files supported by the connector. If there was any executable files uploaded to thee connector. Typically this be empty as the executable be uploaded at source creation.
nullable: true
items:
type: string
example:
- pod/org/connectorFiles/testconnector/test1.jar
fileUpload:
type: boolean
description: true if the source is file upload
example: true
default: false
directConnect:
type: boolean
description: true if the source is a direct connect source
example: true
default: false
translationProperties:
type: object
description: A map containing translation attributes by loacale key
additionalProperties: true
example:
de: |-
# Copyright (C) 2024 SailPoint Technologies, Inc. All rights reserved.
# DO NOT EDIT. This file is generated by "sailpointTranslate" command.
menuLabel_ConnectionSettings=Verbindungseinstellungen
menuLabel_AggregationSettings=Aggregationseinstellungen
sectionLabel_AuthenticationSettings=Verbindungseinstellungen
sectionLabel_AggregationSettings=Aggregationseinstellungen
sectionInfo_AuthenticationSettings=Konfigurieren Sie eine direkte Verbindung zwischen der Quelle Delinea Secret Server On-Premise und IdentityNow.
Geben Sie bei Zeit\u00fcberschreitung bei Verbindung die maximal erlaubte Zeitdauer (in Minuten) f\u00fcr die Verbindung von IdentityNow mit der Quelle ein.
Geben Sie die Host-URL der Delinea-SCIM-Serverquelle ein.
Geben Sie den API-Token der Quelle zur Authentifizierung ein.
sectionInfo_AggregationSettings=Geben Sie die Einstellungen f\u00fcr Ihre Aggregation an.
Geben Sie in das Feld Seitengr\u00f6\u00dfe die Anzahl an Kontoeintr\u00e4gen ein, die auf einer einzelnen Seite aggregiert werden sollen, wenn gro\u00dfe Datens\u00e4tze durchlaufen werden. \n Geben Sie im Kontofilter die Bedingungen f\u00fcr den Kontofilter an. Beispiel: userName sw "S"
Geben Sie im Gruppenfilter die Gruppenfilterbedingungen an. Beispiel: displayName sw "S".
placeHolder_accAggregation=userName sw "S"
placeHolder_grpAggregation=displayName sw "S"
placeHolder_host=https://{Delinea_SCIM_Server_host}/v2
docLinkLabel_AuthenticationSettings=Mehr \u00fcber Verbindungseinstellungen
docLinkLabel_Filters=Mehr \u00fcber Konto- und Gruppenfilter
HostURL=Host-URL
ConnectionTimeout=Zeit\u00fcberschreitung bei Verbindung
API_TOKEN=API-Token
JSONPathMapping=JSON-Path-Attribut-Mapping
FilterConditionForAccounts=Kontofilter
FilterConditionForGroups=Gruppenfilter
Page_Size=Seitengr\u00f6\u00dfe
SchemaAttribute=Schema-Attribut
JSONpath=JSON-Pfad
ShortDesc=Das Integrationsmodul IdentityNow f\u00fcr Delinea Secret Server On-Premise bietet die M\u00f6glichkeit einer tiefen Governance f\u00fcr Konten und Gruppen. Es unterst\u00fctzt au\u00dferdem das End-to-End-Lebenszyklus-Management.
connectorMetadata:
type: object
description: A map containing metadata pertinent to the UI to be used
additionalProperties: true
example:
supportedUI: EXTJS
platform: ccg
shortDesc: connector description
status:
type: string
enum:
- DEPRECATED
- DEVELOPMENT
- DEMO
- RELEASED
description: The connector status
example: RELEASED
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:connector-config:read'
delete:
tags:
- Connectors
operationId: deleteCustomConnector
description: |-
Delete a custom connector that using its script name.
A token with ORG_ADMIN authority is required to call this API.
parameters:
- name: scriptName
in: path
description: The scriptName value of the connector. Scriptname is the unique id generated at connector creation.
required: true
style: simple
explode: false
schema:
type: string
example: aScriptName
responses:
'204':
description: The custom connector was successfully deleted.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:connector-config:delete'
patch:
tags:
- Connectors
operationId: updateConnector
description: |-
Patch a custom connector that using its script name.
A token with ORG_ADMIN authority is required to call this API. The following fields are patchable: * connectorMetadata * applicationXml * correlationConfigXml * sourceConfigXml
parameters:
- name: scriptName
in: path
description: The scriptName value of the connector. Scriptname is the unique id generated at connector creation.
required: true
style: simple
explode: false
schema:
type: string
example: aScriptName
requestBody:
required: true
description: 'A list of connector detail update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.'
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
responses:
'200':
description: A updated Connector Dto object
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: The connector name
example: name
type:
type: string
description: The connector type
example: ServiceNow
className:
type: string
description: The connector class name
example: class name
scriptName:
type: string
description: The connector script name
example: servicenow
applicationXml:
type: string
description: The connector application xml
example: |
correlationConfigXml:
type: string
description: The connector correlation config xml
example: "\n\n\n\n\n\n\t\n\t\t\n\t\t\n\t\t\n\t\n\n"
sourceConfigXml:
type: string
description: The connector source config xml
example: |-
sourceConfig:
type: string
description: The connector source config
example: |-
sourceConfigFrom:
type: string
description: The connector source config origin
example: sp-connect
s3Location:
type: string
description: storage path key for this connector
example: custom-connector/scriptname
uploadedFiles:
type: array
description: The list of uploaded files supported by the connector. If there was any executable files uploaded to thee connector. Typically this be empty as the executable be uploaded at source creation.
nullable: true
items:
type: string
example:
- pod/org/connectorFiles/testconnector/test1.jar
fileUpload:
type: boolean
description: true if the source is file upload
example: true
default: false
directConnect:
type: boolean
description: true if the source is a direct connect source
example: true
default: false
translationProperties:
type: object
description: A map containing translation attributes by loacale key
additionalProperties: true
example:
de: |-
# Copyright (C) 2024 SailPoint Technologies, Inc. All rights reserved.
# DO NOT EDIT. This file is generated by "sailpointTranslate" command.
menuLabel_ConnectionSettings=Verbindungseinstellungen
menuLabel_AggregationSettings=Aggregationseinstellungen
sectionLabel_AuthenticationSettings=Verbindungseinstellungen
sectionLabel_AggregationSettings=Aggregationseinstellungen
sectionInfo_AuthenticationSettings=Konfigurieren Sie eine direkte Verbindung zwischen der Quelle Delinea Secret Server On-Premise und IdentityNow.
Geben Sie bei Zeit\u00fcberschreitung bei Verbindung die maximal erlaubte Zeitdauer (in Minuten) f\u00fcr die Verbindung von IdentityNow mit der Quelle ein.
Geben Sie die Host-URL der Delinea-SCIM-Serverquelle ein.
Geben Sie den API-Token der Quelle zur Authentifizierung ein.
sectionInfo_AggregationSettings=Geben Sie die Einstellungen f\u00fcr Ihre Aggregation an.
Geben Sie in das Feld Seitengr\u00f6\u00dfe die Anzahl an Kontoeintr\u00e4gen ein, die auf einer einzelnen Seite aggregiert werden sollen, wenn gro\u00dfe Datens\u00e4tze durchlaufen werden. \n Geben Sie im Kontofilter die Bedingungen f\u00fcr den Kontofilter an. Beispiel: userName sw "S"
Geben Sie im Gruppenfilter die Gruppenfilterbedingungen an. Beispiel: displayName sw "S".
placeHolder_accAggregation=userName sw "S"
placeHolder_grpAggregation=displayName sw "S"
placeHolder_host=https://{Delinea_SCIM_Server_host}/v2
docLinkLabel_AuthenticationSettings=Mehr \u00fcber Verbindungseinstellungen
docLinkLabel_Filters=Mehr \u00fcber Konto- und Gruppenfilter
HostURL=Host-URL
ConnectionTimeout=Zeit\u00fcberschreitung bei Verbindung
API_TOKEN=API-Token
JSONPathMapping=JSON-Path-Attribut-Mapping
FilterConditionForAccounts=Kontofilter
FilterConditionForGroups=Gruppenfilter
Page_Size=Seitengr\u00f6\u00dfe
SchemaAttribute=Schema-Attribut
JSONpath=JSON-Pfad
ShortDesc=Das Integrationsmodul IdentityNow f\u00fcr Delinea Secret Server On-Premise bietet die M\u00f6glichkeit einer tiefen Governance f\u00fcr Konten und Gruppen. Es unterst\u00fctzt au\u00dferdem das End-to-End-Lebenszyklus-Management.
connectorMetadata:
type: object
description: A map containing metadata pertinent to the UI to be used
additionalProperties: true
example:
supportedUI: EXTJS
platform: ccg
shortDesc: connector description
status:
type: string
enum:
- DEPRECATED
- DEVELOPMENT
- DEMO
- RELEASED
description: The connector status
example: RELEASED
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:connector-config:update'
'/connectors/{scriptName}/source-config':
get:
tags:
- Connectors
operationId: getConnectorSourceConfig
description: |-
Fetches a connector's source config using its script name.
A token with ORG_ADMIN authority is required to call this API.
parameters:
- name: scriptName
in: path
description: The scriptName value of the connector. Scriptname is the unique id generated at connector creation.
required: true
style: simple
explode: false
schema:
type: string
example: aScriptName
responses:
'200':
description: The connector's source template
content:
application/xml:
schema:
type: string
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:connector-config:read'
put:
tags:
- Connectors
operationId: putSourceConfig
description: |-
Update a connector's source config using its script name.
A token with ORG_ADMIN authority is required to call this API.
parameters:
- name: scriptName
in: path
description: The scriptName value of the connector. Scriptname is the unique id generated at connector creation.
required: true
style: simple
explode: false
schema:
type: string
example: aScriptName
requestBody:
required: true
content:
multipart/form-data:
schema:
type: object
required:
- file
properties:
file:
type: string
description: connector source config xml file
format: binary
responses:
'200':
description: The connector's update detail
content:
application/json:
schema:
type: object
properties:
message:
type: string
description: The detailed message for an update. Typically the relevent error message when status is error.
example: 'unsupported xsd version, please ensure latest xsd version http://www.sailpoint.com/xsd/sailpoint_form_2_0.xsd is used for source config'
scriptName:
type: string
description: The connector script name
example: servicenow
updatedFiles:
type: array
description: The list of updated files supported by the connector
nullable: true
items:
type: string
example:
- pod/org/connectorFiles/testconnector/test1.jar
status:
type: string
enum:
- ERROR
- UPDATED
- UNCHANGED
- SKIPPED
description: The connector update status
example: ERROR
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:connector-config:update'
'/connectors/{scriptName}/translations/{locale}':
get:
tags:
- Connectors
operationId: getConnectorTranslations
description: |-
Fetches a connector's translations using its script name.
A token with ORG_ADMIN authority is required to call this API.
parameters:
- name: scriptName
in: path
description: The scriptName value of the connector. Scriptname is the unique id generated at connector creation.
required: true
style: simple
explode: false
schema:
type: string
example: aScriptName
- name: locale
in: path
required: true
schema:
type: string
enum:
- de
- 'no'
- fi
- sv
- ru
- pt
- ko
- zh-TW
- en
- it
- fr
- zh-CN
- hu
- es
- cs
- ja
- pl
- da
- nl
example: de
description: 'The locale to apply to the config. If no viable locale is given, it will default to "en"'
responses:
'200':
description: The connector's translations
content:
text/plain:
schema:
type: string
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:connector-config:read'
put:
tags:
- Connectors
operationId: putTranslations
description: |-
Update a connector's translations using its script name.
A token with ORG_ADMIN authority is required to call this API.
parameters:
- name: scriptName
in: path
description: The scriptName value of the connector. Scriptname is the unique id generated at connector creation.
required: true
style: simple
explode: false
schema:
type: string
example: aScriptName
- name: locale
in: path
required: true
schema:
type: string
enum:
- de
- 'no'
- fi
- sv
- ru
- pt
- ko
- zh-TW
- en
- it
- fr
- zh-CN
- hu
- es
- cs
- ja
- pl
- da
- nl
example: de
description: 'The locale to apply to the config. If no viable locale is given, it will default to "en"'
requestBody:
required: true
content:
multipart/form-data:
schema:
type: object
responses:
'200':
description: The connector's update detail
content:
application/json:
schema:
type: object
properties:
message:
type: string
description: The detailed message for an update. Typically the relevent error message when status is error.
example: 'unsupported xsd version, please ensure latest xsd version http://www.sailpoint.com/xsd/sailpoint_form_2_0.xsd is used for source config'
scriptName:
type: string
description: The connector script name
example: servicenow
updatedFiles:
type: array
description: The list of updated files supported by the connector
nullable: true
items:
type: string
example:
- pod/org/connectorFiles/testconnector/test1.jar
status:
type: string
enum:
- ERROR
- UPDATED
- UNCHANGED
- SKIPPED
description: The connector update status
example: ERROR
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:connector-config:update'
'/connectors/{scriptName}/source-template':
get:
tags:
- Connectors
operationId: getConnectorSourceTemplate
description: |-
Fetches a connector's source template using its script name.
A token with ORG_ADMIN authority is required to call this API.
parameters:
- name: scriptName
in: path
description: The scriptName value of the connector. Scriptname is the unique id generated at connector creation.
required: true
style: simple
explode: false
schema:
type: string
example: aScriptName
responses:
'200':
description: The connector's source template
content:
application/xml:
schema:
type: string
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:connector-config:read'
put:
tags:
- Connectors
operationId: putSourceTemplate
description: |-
Update a connector's source template using its script name.
A token with ORG_ADMIN authority is required to call this API.
parameters:
- name: scriptName
in: path
description: The scriptName value of the connector. Scriptname is the unique id generated at connector creation.
required: true
style: simple
explode: false
schema:
type: string
example: aScriptName
requestBody:
required: true
content:
multipart/form-data:
schema:
type: object
required:
- file
properties:
file:
type: string
description: connector source template xml file
format: binary
responses:
'200':
description: The connector's update detail
content:
application/json:
schema:
type: object
properties:
message:
type: string
description: The detailed message for an update. Typically the relevent error message when status is error.
example: 'unsupported xsd version, please ensure latest xsd version http://www.sailpoint.com/xsd/sailpoint_form_2_0.xsd is used for source config'
scriptName:
type: string
description: The connector script name
example: servicenow
updatedFiles:
type: array
description: The list of updated files supported by the connector
nullable: true
items:
type: string
example:
- pod/org/connectorFiles/testconnector/test1.jar
status:
type: string
enum:
- ERROR
- UPDATED
- UNCHANGED
- SKIPPED
description: The connector update status
example: ERROR
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:connector-config:update'
'/connectors/{scriptName}/correlation-config':
get:
tags:
- Connectors
operationId: getConnectorCorrelationConfig
description: |-
Fetches a connector's correlation config using its script name.
A token with ORG_ADMIN authority is required to call this API.
parameters:
- name: scriptName
in: path
description: The scriptName value of the connector. Scriptname is the unique id generated at connector creation.
required: true
style: simple
explode: false
schema:
type: string
example: aScriptName
responses:
'200':
description: The connector's correlation config
content:
application/xml:
schema:
type: string
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:connector-config:read'
put:
tags:
- Connectors
operationId: putCorrelationConfig
description: |-
Update a connector's correlation config using its script name.
A token with ORG_ADMIN authority is required to call this API.
parameters:
- name: scriptName
in: path
description: The scriptName value of the connector. Scriptname is the unique id generated at connector creation.
required: true
style: simple
explode: false
schema:
type: string
example: aScriptName
requestBody:
required: true
content:
multipart/form-data:
schema:
type: object
required:
- file
properties:
file:
type: string
description: connector correlation config xml file
format: binary
responses:
'200':
description: The connector's update detail
content:
application/json:
schema:
type: object
properties:
message:
type: string
description: The detailed message for an update. Typically the relevent error message when status is error.
example: 'unsupported xsd version, please ensure latest xsd version http://www.sailpoint.com/xsd/sailpoint_form_2_0.xsd is used for source config'
scriptName:
type: string
description: The connector script name
example: servicenow
updatedFiles:
type: array
description: The list of updated files supported by the connector
nullable: true
items:
type: string
example:
- pod/org/connectorFiles/testconnector/test1.jar
status:
type: string
enum:
- ERROR
- UPDATED
- UNCHANGED
- SKIPPED
description: The connector update status
example: ERROR
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:connector-config:update'
/connectors:
post:
tags:
- Connectors
operationId: createCustomConnector
summary: Create custom connector
description: |-
Create custom connector.
A token with ORG_ADMIN authority is required to call this API.
requestBody:
required: true
content:
application/json:
schema:
title: custom connector create request
type: object
required:
- name
- className
properties:
name:
type: string
description: The connector name. Need to be unique per tenant. The name will able be used to derive a url friendly unique scriptname that will be in response. Script name can then be used for all update endpoints
example: custom connector
type:
type: string
description: The connector type. If not specified will be defaulted to 'custom '+name
example: custom connector type
className:
type: string
description: 'The connector class name. If you are implementing openconnector standard (what is recommended), then this need to be set to sailpoint.connector.OpenConnectorAdapter'
example: sailpoint.connector.OpenConnectorAdapter
directConnect:
type: boolean
description: true if the source is a direct connect source
default: true
example: true
status:
type: string
enum:
- DEVELOPMENT
- DEMO
- RELEASED
description: The connector status
example: RELEASED
responses:
'200':
description: A Connector Dto object
content:
application/json:
schema:
title: custom connector response object
type: object
properties:
name:
type: string
description: The connector name
example: name
type:
type: string
description: The connector type
example: ServiceNow
scriptName:
type: string
description: The connector script name
example: servicenow
className:
type: string
description: The connector class name.
example: sailpoint.connector.OpenConnectorAdapter
features:
type: array
description: The list of features supported by the connector
nullable: true
items:
type: string
example:
- PROVISIONING
- SYNC_PROVISIONING
- SEARCH
- UNSTRUCTURED_TARGETS
directConnect:
type: boolean
description: true if the source is a direct connect source
example: true
default: false
connectorMetadata:
type: object
additionalProperties: true
description: A map containing metadata pertinent to the connector
example:
supportedUI: ANGULAR
platform: ccg
shortDesc: connector description
status:
type: string
enum:
- DEPRECATED
- DEVELOPMENT
- DEMO
- RELEASED
description: The connector status
example: RELEASED
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:connector-config:create'
'/identities/{identity-id}/set-lifecycle-state':
post:
operationId: setLifecycleState
tags:
- Lifecycle States
summary: Set Lifecycle State
description: |-
This endpoint will set/update an identity's lifecycle state to the one provided and updates the corresponding identity profile.
A token with ORG_ADMIN or API authority is required to call this API.
security:
- UserContextAuth:
- 'idn:identity-lifecycle-state:update'
parameters:
- in: path
name: identity-id
description: The ID of the identity to update.
required: true
example: 2c9180857893f1290178944561990364
schema:
type: string
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
lifecycleStateId:
type: string
description: The ID of the lifecycle state to set.
example: 2c9180877a86e408017a8c19fefe046c
responses:
'200':
description: The request was successfully accepted into the system.
content:
application/json:
schema:
type: object
properties:
accountActivityId:
type: string
example: 2c9180837ab5b716017ab7c6c9ef1e20
description: 'The ID of the IdentityRequest object that is generated when the workflow launches. To follow the IdentityRequest, you can provide this ID with a [Get Account Activity request](https://developer.sailpoint.com/docs/api/v3/get-account-activity/). The response will contain relevant information about the IdentityRequest, such as its status.'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/identity-profiles/{identity-profile-id}/lifecycle-states':
get:
operationId: listLifecycleStates
tags:
- Lifecycle States
summary: Lists LifecycleStates
description: |-
This end-point lists all the LifecycleStates associated with IdentityProfiles.
A token with API, or ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:identity-profile-lifecycle-state:read'
parameters:
- in: path
name: identity-profile-id
description: The IdentityProfile id
required: true
schema:
type: string
example: ef38f94347e94562b5bb8424a56397d8
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
example: 'created,modified'
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **created, modified**
responses:
'200':
description: List of LifecycleState objects
content:
application/json:
schema:
type: array
items:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
required:
- technicalName
properties:
enabled:
type: boolean
example: true
description: Whether the lifecycle state is enabled or disabled.
technicalName:
type: string
example: Technical Name
description: The technical name for lifecycle state. This is for internal use.
description:
type: string
example: Lifecycle description
description: Lifecycle state description.
identityCount:
type: integer
format: int32
example: 42
readOnly: true
description: Number of identities that have the lifecycle state.
emailNotificationOption:
type: object
description: This is used for representing email configuration for a lifecycle state
properties:
notifyManagers:
type: boolean
example: true
description: 'If true, then the manager is notified of the lifecycle state change.'
notifyAllAdmins:
type: boolean
example: true
description: 'If true, then all the admins are notified of the lifecycle state change.'
notifySpecificUsers:
type: boolean
example: true
description: 'If true, then the users specified in "emailAddressList" below are notified of lifecycle state change.'
emailAddressList:
type: array
example:
- test@test.com
- test2@test.com
items:
type: string
description: 'List of user email addresses. If "notifySpecificUsers" option is true, then these users are notified of lifecycle state change.'
accountActions:
type: array
items:
type: object
description: Object for specifying Actions to be performed on a specified list of sources' account.
properties:
action:
example: ENABLE
type: string
description: Describes if action will be enabled or disabled
enum:
- ENABLE
- DISABLE
sourceIds:
type: array
items:
type: string
uniqueItems: true
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
description: List of unique source IDs. The sources must have the ENABLE feature or flat file source. See "/sources" endpoint for source features.
accessProfileIds:
type: array
items:
type: string
uniqueItems: true
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
description: List of unique access-profile IDs that are associated with the lifecycle state.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createLifecycleState
tags:
- Lifecycle States
summary: Create Lifecycle State
description: |-
This API creates a new Lifecycle State.
A token with ORG_ADMIN or API authority is required to call this API.
security:
- UserContextAuth:
- 'idn:identity-profile-lifecycle-state:manage'
parameters:
- in: path
name: identity-profile-id
description: Identity Profile ID
required: true
schema:
type: string
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
description: Lifecycle State
required: true
content:
application/json:
schema:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
required:
- technicalName
properties:
enabled:
type: boolean
example: true
description: Whether the lifecycle state is enabled or disabled.
technicalName:
type: string
example: Technical Name
description: The technical name for lifecycle state. This is for internal use.
description:
type: string
example: Lifecycle description
description: Lifecycle state description.
identityCount:
type: integer
format: int32
example: 42
readOnly: true
description: Number of identities that have the lifecycle state.
emailNotificationOption:
type: object
description: This is used for representing email configuration for a lifecycle state
properties:
notifyManagers:
type: boolean
example: true
description: 'If true, then the manager is notified of the lifecycle state change.'
notifyAllAdmins:
type: boolean
example: true
description: 'If true, then all the admins are notified of the lifecycle state change.'
notifySpecificUsers:
type: boolean
example: true
description: 'If true, then the users specified in "emailAddressList" below are notified of lifecycle state change.'
emailAddressList:
type: array
example:
- test@test.com
- test2@test.com
items:
type: string
description: 'List of user email addresses. If "notifySpecificUsers" option is true, then these users are notified of lifecycle state change.'
accountActions:
type: array
items:
type: object
description: Object for specifying Actions to be performed on a specified list of sources' account.
properties:
action:
example: ENABLE
type: string
description: Describes if action will be enabled or disabled
enum:
- ENABLE
- DISABLE
sourceIds:
type: array
items:
type: string
uniqueItems: true
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
description: List of unique source IDs. The sources must have the ENABLE feature or flat file source. See "/sources" endpoint for source features.
accessProfileIds:
type: array
items:
type: string
uniqueItems: true
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
description: List of unique access-profile IDs that are associated with the lifecycle state.
responses:
'201':
description: Created LifecycleState object.
content:
application/json:
schema:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
required:
- technicalName
properties:
enabled:
type: boolean
example: true
description: Whether the lifecycle state is enabled or disabled.
technicalName:
type: string
example: Technical Name
description: The technical name for lifecycle state. This is for internal use.
description:
type: string
example: Lifecycle description
description: Lifecycle state description.
identityCount:
type: integer
format: int32
example: 42
readOnly: true
description: Number of identities that have the lifecycle state.
emailNotificationOption:
type: object
description: This is used for representing email configuration for a lifecycle state
properties:
notifyManagers:
type: boolean
example: true
description: 'If true, then the manager is notified of the lifecycle state change.'
notifyAllAdmins:
type: boolean
example: true
description: 'If true, then all the admins are notified of the lifecycle state change.'
notifySpecificUsers:
type: boolean
example: true
description: 'If true, then the users specified in "emailAddressList" below are notified of lifecycle state change.'
emailAddressList:
type: array
example:
- test@test.com
- test2@test.com
items:
type: string
description: 'List of user email addresses. If "notifySpecificUsers" option is true, then these users are notified of lifecycle state change.'
accountActions:
type: array
items:
type: object
description: Object for specifying Actions to be performed on a specified list of sources' account.
properties:
action:
example: ENABLE
type: string
description: Describes if action will be enabled or disabled
enum:
- ENABLE
- DISABLE
sourceIds:
type: array
items:
type: string
uniqueItems: true
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
description: List of unique source IDs. The sources must have the ENABLE feature or flat file source. See "/sources" endpoint for source features.
accessProfileIds:
type: array
items:
type: string
uniqueItems: true
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
description: List of unique access-profile IDs that are associated with the lifecycle state.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/identity-profiles/{identity-profile-id}/lifecycle-states/{lifecycle-state-id}':
get:
operationId: getLifecycleState
tags:
- Lifecycle States
summary: Retrieves Lifecycle State
description: |-
This endpoint retrieves a Lifecycle State.
A token with ORG_ADMIN or API authority is required to call this API.
security:
- UserContextAuth:
- 'idn:identity-profile-lifecycle-state:read'
parameters:
- in: path
name: identity-profile-id
description: Identity Profile ID
required: true
schema:
type: string
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
- in: path
name: lifecycle-state-id
description: Lifecycle State ID
required: true
schema:
type: string
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: The requested LifecycleState was successfully retrieved.
content:
application/json:
schema:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
required:
- technicalName
properties:
enabled:
type: boolean
example: true
description: Whether the lifecycle state is enabled or disabled.
technicalName:
type: string
example: Technical Name
description: The technical name for lifecycle state. This is for internal use.
description:
type: string
example: Lifecycle description
description: Lifecycle state description.
identityCount:
type: integer
format: int32
example: 42
readOnly: true
description: Number of identities that have the lifecycle state.
emailNotificationOption:
type: object
description: This is used for representing email configuration for a lifecycle state
properties:
notifyManagers:
type: boolean
example: true
description: 'If true, then the manager is notified of the lifecycle state change.'
notifyAllAdmins:
type: boolean
example: true
description: 'If true, then all the admins are notified of the lifecycle state change.'
notifySpecificUsers:
type: boolean
example: true
description: 'If true, then the users specified in "emailAddressList" below are notified of lifecycle state change.'
emailAddressList:
type: array
example:
- test@test.com
- test2@test.com
items:
type: string
description: 'List of user email addresses. If "notifySpecificUsers" option is true, then these users are notified of lifecycle state change.'
accountActions:
type: array
items:
type: object
description: Object for specifying Actions to be performed on a specified list of sources' account.
properties:
action:
example: ENABLE
type: string
description: Describes if action will be enabled or disabled
enum:
- ENABLE
- DISABLE
sourceIds:
type: array
items:
type: string
uniqueItems: true
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
description: List of unique source IDs. The sources must have the ENABLE feature or flat file source. See "/sources" endpoint for source features.
accessProfileIds:
type: array
items:
type: string
uniqueItems: true
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
description: List of unique access-profile IDs that are associated with the lifecycle state.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: updateLifecycleStates
tags:
- Lifecycle States
summary: Update Lifecycle State
description: |-
This endpoint updates individual Lifecycle State fields using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
A token with ORG_ADMIN or API authority is required to call this API.
security:
- UserContextAuth:
- 'idn:identity-profile-lifecycle-state:manage'
parameters:
- in: path
name: identity-profile-id
description: Identity Profile ID
required: true
schema:
type: string
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
- in: path
name: lifecycle-state-id
description: Lifecycle State ID
required: true
schema:
type: string
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
description: |
A list of lifecycle state update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
The following fields can be updated:
* enabled
* description
* accountActions
* accessProfileIds
* emailNotificationOption
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /description
value: Updated description!
- op: replace
path: /accessProfileIds
value:
- 2c918087742bab150174407a80f3125e
- 2c918087742bab150174407a80f3124f
- op: replace
path: /accountActions
value:
- action: ENABLE
sourceIds:
- 2c9180846a2f82fb016a481c1b1560c5
- 2c9180846a2f82fb016a481c1b1560cc
- action: DISABLE
sourceIds:
- 2c91808869a0c9980169a207258513fb
- op: replace
path: /emailNotificationOption
value:
notifyManagers: true
notifyAllAdmins: false
notifySpecificUsers: false
emailAddressList: []
responses:
'200':
description: The LifecycleState was successfully updated.
content:
application/json:
schema:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
required:
- technicalName
properties:
enabled:
type: boolean
example: true
description: Whether the lifecycle state is enabled or disabled.
technicalName:
type: string
example: Technical Name
description: The technical name for lifecycle state. This is for internal use.
description:
type: string
example: Lifecycle description
description: Lifecycle state description.
identityCount:
type: integer
format: int32
example: 42
readOnly: true
description: Number of identities that have the lifecycle state.
emailNotificationOption:
type: object
description: This is used for representing email configuration for a lifecycle state
properties:
notifyManagers:
type: boolean
example: true
description: 'If true, then the manager is notified of the lifecycle state change.'
notifyAllAdmins:
type: boolean
example: true
description: 'If true, then all the admins are notified of the lifecycle state change.'
notifySpecificUsers:
type: boolean
example: true
description: 'If true, then the users specified in "emailAddressList" below are notified of lifecycle state change.'
emailAddressList:
type: array
example:
- test@test.com
- test2@test.com
items:
type: string
description: 'List of user email addresses. If "notifySpecificUsers" option is true, then these users are notified of lifecycle state change.'
accountActions:
type: array
items:
type: object
description: Object for specifying Actions to be performed on a specified list of sources' account.
properties:
action:
example: ENABLE
type: string
description: Describes if action will be enabled or disabled
enum:
- ENABLE
- DISABLE
sourceIds:
type: array
items:
type: string
uniqueItems: true
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
description: List of unique source IDs. The sources must have the ENABLE feature or flat file source. See "/sources" endpoint for source features.
accessProfileIds:
type: array
items:
type: string
uniqueItems: true
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
description: List of unique access-profile IDs that are associated with the lifecycle state.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteLifecycleState
tags:
- Lifecycle States
summary: Delete Lifecycle State by ID
description: |-
This endpoint deletes the Lifecycle State using its ID.
A token with API, or ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:identity-profile-lifecycle-state:manage'
parameters:
- in: path
name: identity-profile-id
description: Identity Profile ID
required: true
schema:
type: string
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
- in: path
name: lifecycle-state-id
description: Lifecycle State ID
required: true
schema:
type: string
example: ef38f94347e94562b5bb8424a56397d8
responses:
'202':
description: The request was successfully accepted into the system.
content:
application/json:
schema:
type: object
description: Deleted lifecycle state.
properties:
type:
type: string
description: Deleted lifecycle state's DTO type.
enum:
- LIFECYCLE_STATE
example: LIFECYCLE_STATE
id:
type: string
description: Deleted lifecycle state ID.
example: 12345
name:
type: string
description: Deleted lifecycle state's display name.
example: Contractor Lifecycle
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/identity-profiles:
get:
operationId: listIdentityProfiles
tags:
- Identity Profiles
summary: Identity Profiles List
description: |-
This returns a list of Identity Profiles based on the specified query parameters.
A token with ORG_ADMIN or API authority is required to call this API to get a list of Identity Profiles.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
required: false
schema:
type: string
example: id eq "ef38f94347e94562b5bb8424a56397d8"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, ne, ge, gt, in, le, lt, isnull, sw*
**name**: *eq, ne, in, le, lt, isnull, sw*
**priority**: *eq, ne*
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
example: 'id,name'
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **id, name, priority, created, modified, owner.id, owner.name**
responses:
'200':
description: List of identityProfiles.
content:
application/json:
schema:
type: array
items:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
required:
- authoritativeSource
properties:
description:
type: string
description: The description of the Identity Profile.
example: My custom flat file profile
nullable: true
owner:
type: object
description: The owner of the Identity Profile.
nullable: true
properties:
type:
type: string
enum:
- IDENTITY
description: Type of the object to which this reference applies
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
priority:
type: integer
format: int64
description: The priority for an Identity Profile.
example: 10
authoritativeSource:
type: object
properties:
type:
type: string
enum:
- SOURCE
description: Type of the object to which this reference applies
example: SOURCE
id:
type: string
description: ID of the object to which this reference applies
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: HR Active Directory
identityRefreshRequired:
type: boolean
default: false
description: True if a identity refresh is needed. Typically triggered when a change on the source has been made.
example: true
identityCount:
type: integer
description: The number of identities that belong to the Identity Profile.
format: int32
example: 8
identityAttributeConfig:
type: object
description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process.
properties:
enabled:
description: The backend will only promote values if the profile/mapping is enabled.
type: boolean
default: false
example: true
attributeTransforms:
type: array
items:
type: object
description: Defines a transformation definition for an identity attribute.
properties:
identityAttributeName:
type: string
description: Name of the identity attribute.
example: email
transformDefinition:
description: The seaspray transformation definition.
type: object
properties:
type:
type: string
description: The type of the transform definition.
example: accountAttribute
attributes:
type: object
additionalProperties:
anyOf:
- type: string
- type: object
description: Arbitrary key-value pairs to store any metadata for the object
example:
attributeName: e-mail
sourceName: MySource
sourceId: 2c9180877a826e68017a8c0b03da1a53
identityExceptionReportReference:
type: object
nullable: true
properties:
taskResultId:
type: string
format: uuid
description: The id of the task result.
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
reportName:
type: string
example: My annual report
description: The name of the report.
hasTimeBasedAttr:
description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile.
type: boolean
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:identity-profile:read'
/identity-profiles/bulk-delete:
post:
operationId: deleteIdentityProfiles
tags:
- Identity Profiles
summary: Delete Identity Profiles
description: |-
This deletes multiple Identity Profiles via a list of supplied IDs.
On success, this endpoint will return a reference to the bulk delete task result.
A token with ORG_ADMIN authority is required to call this API.
The following rights are required to access this endpoint: idn:identity-profile:delete
requestBody:
description: Identity Profile bulk delete request body.
required: true
content:
application/json:
schema:
description: List of Identity Profile IDs to delete.
type: array
items:
type: string
example:
- 2c9180867b2a34e0017b3078d60b0699
- 2c9180867b2a34e0017b3078d60b0698
responses:
'202':
description: Accepted - Returns a TaskResult object referencing the bulk delete job created.
content:
application/json:
schema:
description: An object with a TaskResult reference of the bulk delete job
type: object
properties:
id:
type: string
description: Task identifier
example: ff8081814d977c21014da056804a0af3
name:
type: string
description: Task name
example: Background Object Terminator c8f030f2-b1a6-4e33-99e8-6935bc18735d
description:
type: string
description: Task description
example: 'Generic task for terminating data in the overlay, used by the TerminationService.'
launcher:
type: string
description: User or process who launched the task
example: support
completed:
type: string
format: date-time
description: Date time of completion
example: 'Mon Aug 21 14:57:39 CDT 2023'
launched:
type: string
format: date-time
description: Date time when the task was launched
example: 'Mon Aug 21 14:55:39 CDT 2023'
completionStatus:
type: string
enum:
- Success
- Warning
- Error
- Terminated
- TempError
description: Task result status
example: Success
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:identity-profile:delete'
/identity-profiles/export:
get:
operationId: exportIdentityProfiles
tags:
- Identity Profiles
summary: Export Identity Profiles
description: This exports existing identity profiles in the format specified by the sp-config service.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
required: false
schema:
type: string
example: id eq "ef38f94347e94562b5bb8424a56397d8"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, ne*
**name**: *eq, ne*
**priority**: *eq, ne*
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
example: 'id,name'
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **id, name, priority**
responses:
'200':
description: List of export objects with identity profiles.
content:
application/json:
schema:
type: array
items:
type: object
description: Identity profile exported object.
properties:
version:
type: integer
example: 1
description: Version or object from the target service.
format: int32
self:
type: object
description: Self block for exported object.
properties:
type:
type: string
description: Exported object's DTO type.
enum:
- ACCESS_PROFILE
- ACCESS_REQUEST_CONFIG
- ATTR_SYNC_SOURCE_CONFIG
- AUTH_ORG
- CAMPAIGN_FILTER
- FORM_DEFINITION
- GOVERNANCE_GROUP
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- LIFECYCLE_STATE
- NOTIFICATION_TEMPLATE
- PASSWORD_POLICY
- PASSWORD_SYNC_GROUP
- PUBLIC_IDENTITIES_CONFIG
- ROLE
- RULE
- SEGMENT
- SERVICE_DESK_INTEGRATION
- SOD_POLICY
- SOURCE
- TAG
- TRANSFORM
- TRIGGER_SUBSCRIPTION
- WORKFLOW
example: SOURCE
id:
type: string
description: Exported object's ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Exported object's display name.
example: HR Active Directory
object:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
required:
- authoritativeSource
properties:
description:
type: string
description: The description of the Identity Profile.
example: My custom flat file profile
nullable: true
owner:
type: object
description: The owner of the Identity Profile.
nullable: true
properties:
type:
type: string
enum:
- IDENTITY
description: Type of the object to which this reference applies
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
priority:
type: integer
format: int64
description: The priority for an Identity Profile.
example: 10
authoritativeSource:
type: object
properties:
type:
type: string
enum:
- SOURCE
description: Type of the object to which this reference applies
example: SOURCE
id:
type: string
description: ID of the object to which this reference applies
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: HR Active Directory
identityRefreshRequired:
type: boolean
default: false
description: True if a identity refresh is needed. Typically triggered when a change on the source has been made.
example: true
identityCount:
type: integer
description: The number of identities that belong to the Identity Profile.
format: int32
example: 8
identityAttributeConfig:
type: object
description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process.
properties:
enabled:
description: The backend will only promote values if the profile/mapping is enabled.
type: boolean
default: false
example: true
attributeTransforms:
type: array
items:
type: object
description: Defines a transformation definition for an identity attribute.
properties:
identityAttributeName:
type: string
description: Name of the identity attribute.
example: email
transformDefinition:
description: The seaspray transformation definition.
type: object
properties:
type:
type: string
description: The type of the transform definition.
example: accountAttribute
attributes:
type: object
additionalProperties:
anyOf:
- type: string
- type: object
description: Arbitrary key-value pairs to store any metadata for the object
example:
attributeName: e-mail
sourceName: MySource
sourceId: 2c9180877a826e68017a8c0b03da1a53
identityExceptionReportReference:
type: object
nullable: true
properties:
taskResultId:
type: string
format: uuid
description: The id of the task result.
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
reportName:
type: string
example: My annual report
description: The name of the report.
hasTimeBasedAttr:
description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile.
type: boolean
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:identity-profile:read'
/identity-profiles/import:
post:
operationId: importIdentityProfiles
summary: Import Identity Profiles
description: This imports previously exported identity profiles.
tags:
- Identity Profiles
requestBody:
description: Previously exported Identity Profiles.
required: true
content:
application/json:
schema:
type: array
items:
type: object
description: Identity profile exported object.
properties:
version:
type: integer
example: 1
description: Version or object from the target service.
format: int32
self:
type: object
description: Self block for exported object.
properties:
type:
type: string
description: Exported object's DTO type.
enum:
- ACCESS_PROFILE
- ACCESS_REQUEST_CONFIG
- ATTR_SYNC_SOURCE_CONFIG
- AUTH_ORG
- CAMPAIGN_FILTER
- FORM_DEFINITION
- GOVERNANCE_GROUP
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- LIFECYCLE_STATE
- NOTIFICATION_TEMPLATE
- PASSWORD_POLICY
- PASSWORD_SYNC_GROUP
- PUBLIC_IDENTITIES_CONFIG
- ROLE
- RULE
- SEGMENT
- SERVICE_DESK_INTEGRATION
- SOD_POLICY
- SOURCE
- TAG
- TRANSFORM
- TRIGGER_SUBSCRIPTION
- WORKFLOW
example: SOURCE
id:
type: string
description: Exported object's ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Exported object's display name.
example: HR Active Directory
object:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
required:
- authoritativeSource
properties:
description:
type: string
description: The description of the Identity Profile.
example: My custom flat file profile
nullable: true
owner:
type: object
description: The owner of the Identity Profile.
nullable: true
properties:
type:
type: string
enum:
- IDENTITY
description: Type of the object to which this reference applies
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
priority:
type: integer
format: int64
description: The priority for an Identity Profile.
example: 10
authoritativeSource:
type: object
properties:
type:
type: string
enum:
- SOURCE
description: Type of the object to which this reference applies
example: SOURCE
id:
type: string
description: ID of the object to which this reference applies
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: HR Active Directory
identityRefreshRequired:
type: boolean
default: false
description: True if a identity refresh is needed. Typically triggered when a change on the source has been made.
example: true
identityCount:
type: integer
description: The number of identities that belong to the Identity Profile.
format: int32
example: 8
identityAttributeConfig:
type: object
description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process.
properties:
enabled:
description: The backend will only promote values if the profile/mapping is enabled.
type: boolean
default: false
example: true
attributeTransforms:
type: array
items:
type: object
description: Defines a transformation definition for an identity attribute.
properties:
identityAttributeName:
type: string
description: Name of the identity attribute.
example: email
transformDefinition:
description: The seaspray transformation definition.
type: object
properties:
type:
type: string
description: The type of the transform definition.
example: accountAttribute
attributes:
type: object
additionalProperties:
anyOf:
- type: string
- type: object
description: Arbitrary key-value pairs to store any metadata for the object
example:
attributeName: e-mail
sourceName: MySource
sourceId: 2c9180877a826e68017a8c0b03da1a53
identityExceptionReportReference:
type: object
nullable: true
properties:
taskResultId:
type: string
format: uuid
description: The id of the task result.
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
reportName:
type: string
example: My annual report
description: The name of the report.
hasTimeBasedAttr:
description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile.
type: boolean
default: false
example: true
responses:
'200':
description: The result of importing Identity Profiles.
content:
application/json:
schema:
type: object
title: Import Object Response Body
description: Response model for import of a single object.
properties:
infos:
description: Informational messages returned from the target service on import.
type: array
items:
type: object
title: Config Import/Export Message
description: Message model for Config Import/Export.
properties:
key:
type: string
description: Message key.
example: UNKNOWN_REFERENCE_RESOLVER
text:
type: string
description: Message text.
example: 'Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]'
details:
type: object
description: 'Message details if any, in key:value pairs.'
additionalProperties: true
example:
details: message details
required:
- key
- text
- details
warnings:
description: Warning messages returned from the target service on import.
type: array
items:
type: object
title: Config Import/Export Message
description: Message model for Config Import/Export.
properties:
key:
type: string
description: Message key.
example: UNKNOWN_REFERENCE_RESOLVER
text:
type: string
description: Message text.
example: 'Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]'
details:
type: object
description: 'Message details if any, in key:value pairs.'
additionalProperties: true
example:
details: message details
required:
- key
- text
- details
errors:
description: Error messages returned from the target service on import.
type: array
items:
type: object
title: Config Import/Export Message
description: Message model for Config Import/Export.
properties:
key:
type: string
description: Message key.
example: UNKNOWN_REFERENCE_RESOLVER
text:
type: string
description: Message text.
example: 'Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]'
details:
type: object
description: 'Message details if any, in key:value pairs.'
additionalProperties: true
example:
details: message details
required:
- key
- text
- details
importedObjects:
description: References to objects that were created or updated by the import.
type: array
items:
type: object
description: Object created or updated by import.
properties:
type:
type: string
description: DTO type of object created or updated by import.
enum:
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- RULE
- SOURCE
- TRANSFORM
- TRIGGER_SUBSCRIPTION
example: SOURCE
id:
type: string
description: ID of object created or updated by import.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Display name of object created or updated by import.
example: HR Active Directory
required:
- infos
- warnings
- errors
- importedObjects
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:identity-profile:manage'
'/identity-profiles/{identity-profile-id}':
get:
operationId: getIdentityProfile
tags:
- Identity Profiles
summary: Get single Identity Profile
description: |-
This returns a single Identity Profile based on ID.
A token with ORG_ADMIN or API authority is required to call this API.
parameters:
- in: path
name: identity-profile-id
schema:
type: string
format: uuid
required: true
description: The Identity Profile ID.
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
responses:
'200':
description: An Identity Profile object.
content:
application/json:
schema:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
required:
- authoritativeSource
properties:
description:
type: string
description: The description of the Identity Profile.
example: My custom flat file profile
nullable: true
owner:
type: object
description: The owner of the Identity Profile.
nullable: true
properties:
type:
type: string
enum:
- IDENTITY
description: Type of the object to which this reference applies
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
priority:
type: integer
format: int64
description: The priority for an Identity Profile.
example: 10
authoritativeSource:
type: object
properties:
type:
type: string
enum:
- SOURCE
description: Type of the object to which this reference applies
example: SOURCE
id:
type: string
description: ID of the object to which this reference applies
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: HR Active Directory
identityRefreshRequired:
type: boolean
default: false
description: True if a identity refresh is needed. Typically triggered when a change on the source has been made.
example: true
identityCount:
type: integer
description: The number of identities that belong to the Identity Profile.
format: int32
example: 8
identityAttributeConfig:
type: object
description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process.
properties:
enabled:
description: The backend will only promote values if the profile/mapping is enabled.
type: boolean
default: false
example: true
attributeTransforms:
type: array
items:
type: object
description: Defines a transformation definition for an identity attribute.
properties:
identityAttributeName:
type: string
description: Name of the identity attribute.
example: email
transformDefinition:
description: The seaspray transformation definition.
type: object
properties:
type:
type: string
description: The type of the transform definition.
example: accountAttribute
attributes:
type: object
additionalProperties:
anyOf:
- type: string
- type: object
description: Arbitrary key-value pairs to store any metadata for the object
example:
attributeName: e-mail
sourceName: MySource
sourceId: 2c9180877a826e68017a8c0b03da1a53
identityExceptionReportReference:
type: object
nullable: true
properties:
taskResultId:
type: string
format: uuid
description: The id of the task result.
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
reportName:
type: string
example: My annual report
description: The name of the report.
hasTimeBasedAttr:
description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile.
type: boolean
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:identity-profile:read'
delete:
operationId: deleteIdentityProfile
tags:
- Identity Profiles
summary: Delete an Identity Profile
description: |-
This deletes an Identity Profile based on ID.
On success, this endpoint will return a reference to the bulk delete task result.
A token with ORG_ADMIN authority is required to call this API.
The following rights are required to access this endpoint: idn:identity-profile:delete
parameters:
- in: path
name: identity-profile-id
schema:
type: string
format: uuid
required: true
description: The Identity Profile ID.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'202':
description: Accepted - Returns a TaskResult object referencing the bulk delete job created.
content:
application/json:
schema:
description: An object with a TaskResult reference of the delete job.
type: object
properties:
id:
type: string
description: Task identifier
example: ff8081814d977c21014da056804a0af3
name:
type: string
description: Task name
example: Background Object Terminator c8f030f2-b1a6-4e33-99e8-6935bc18735d
description:
type: string
description: Task description
example: 'Generic task for terminating data in the overlay, used by the TerminationService.'
launcher:
type: string
description: User or process who launched the task
example: support
completed:
type: string
format: date-time
description: Date time of completion
example: 'Mon Aug 21 14:57:39 CDT 2023'
launched:
type: string
format: date-time
description: Date time when the task was launched
example: 'Mon Aug 21 14:55:39 CDT 2023'
completionStatus:
type: string
enum:
- Success
- Warning
- Error
- Terminated
- TempError
description: Task result status
example: Success
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:identity-profile:delete'
'/identity-profiles/{identity-profile-id}/default-identity-attribute-config':
get:
operationId: getDefaultIdentityAttributeConfig
tags:
- Identity Profiles
summary: Get default Identity Attribute Config
description: |-
This returns the default identity attribute config.
A token with ORG_ADMIN authority is required to call this API to get the default identity attribute config.
parameters:
- in: path
name: identity-profile-id
schema:
type: string
format: uuid
required: true
description: The Identity Profile ID.
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
responses:
'200':
description: An Identity Attribute Config object.
content:
application/json:
schema:
type: object
description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process.
properties:
enabled:
description: The backend will only promote values if the profile/mapping is enabled.
type: boolean
default: false
example: true
attributeTransforms:
type: array
items:
type: object
description: Defines a transformation definition for an identity attribute.
properties:
identityAttributeName:
type: string
description: Name of the identity attribute.
example: email
transformDefinition:
description: The seaspray transformation definition.
type: object
properties:
type:
type: string
description: The type of the transform definition.
example: accountAttribute
attributes:
type: object
additionalProperties:
anyOf:
- type: string
- type: object
description: Arbitrary key-value pairs to store any metadata for the object
example:
attributeName: e-mail
sourceName: MySource
sourceId: 2c9180877a826e68017a8c0b03da1a53
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:identity-profile:manage'
'/identity-profiles/{identity-profile-id}/process-identities':
post:
operationId: syncIdentityProfile
tags:
- Identity Profiles
summary: Process identities under profile
description: |-
Process identities under the profile
This operation should not be used to schedule your own identity processing or to perform system wide identity refreshes. The system will use a combination of [event-based processing](https://documentation.sailpoint.com/saas/help/setup/identity_processing.html?h=process#event-based-processing) and [scheduled processing](https://documentation.sailpoint.com/saas/help/setup/identity_processing.html?h=process#scheduled-processing) that runs every day at 8:00 AM and 8:00 PM in the tenant's timezone to keep your identities synchronized.
This should only be run on identity profiles that have the `identityRefreshRequired` attribute set to `true`. If `identityRefreshRequired` is false, then there is no benefit to running this operation. Typically, this operation is performed when a change is made to the identity profile or its related lifecycle states that requires a refresh.
This operation will perform the following activities on all identities under the identity profile.
1. Updates identity attribute according to the identity profile mappings. 2. Determines the identity's correct manager through manager correlation. 3. Updates the identity's access according to their assigned lifecycle state. 4. Updates the identity's access based on role assignment criteria.
A token with ORG_ADMIN authority is required to call this API.
externalDocs:
description: Learn more about manually processing identities here
url: 'https://documentation.sailpoint.com/saas/help/setup/identity_processing.html'
parameters:
- in: path
name: identity-profile-id
schema:
type: string
format: uuid
required: true
description: The Identity Profile ID to be processed
example: ef38f94347e94562b5bb8424a56397d8
responses:
'202':
description: Accepted status after refresh has launched
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:identity-profile:refresh'
/managed-clients:
get:
tags:
- Managed Clients
summary: Get Managed Clients
description: Get a list of Managed Clients.
operationId: getManagedClients
parameters:
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq*
**name**: *eq*
**clientId**: *eq*
**clusterId**: *eq*
example: name eq "client name"
responses:
'200':
description: Responds with a list of ManagedClient based on the query params provided
content:
application/json:
schema:
type: array
items:
description: Managed Client
type: object
required:
- clientId
- clusterId
- description
- type
properties:
id:
description: ManagedClient ID
readOnly: true
nullable: true
type: string
example: 2c9180878eaf4204018eb019c3570003
alertKey:
description: ManagedClient alert key
readOnly: true
nullable: true
type: string
example: CLIENT_STATUS_NOT_CONFIGURED
ccId:
description: Previous CC ID to be used in data migration. (This field will be deleted after CC migration!)
nullable: true
type: integer
format: int64
example: 2248
clientId:
description: The client ID used in API management
type: string
example: 00be54a2-bb6d-402f-9159-beb2d5319347
clusterId:
description: Cluster ID that the ManagedClient is linked to
type: string
example: e1ff7bb24c934240bbf55e1aa39e41c5
description:
description: ManagedClient description
type: string
default: ''
example: A short description of the ManagedClient
ipAddress:
description: The public IP address of the ManagedClient
readOnly: true
nullable: true
type: string
example: 123.456.78.90
lastSeen:
description: When the ManagedClient was last seen by the server
readOnly: true
nullable: true
type: string
format: date-time
example: '2020-01-01T00:00:00.000000Z'
name:
description: ManagedClient name
nullable: true
type: string
default: VA-$clientId
example: aName
sinceLastSeen:
description: Milliseconds since the ManagedClient has polled the server
readOnly: true
nullable: true
type: string
example: 15000
status:
description: Status of the ManagedClient
readOnly: true
nullable: true
type: string
enum:
- NORMAL
- UNDEFINED
- NOT_CONFIGURED
- CONFIGURING
- WARNING
- ERROR
- FAILED
- null
example: NORMAL
type:
description: 'Type of the ManagedClient (VA, CCG)'
type: string
example: VA
clusterType:
description: Cluster Type of the ManagedClient
readOnly: true
nullable: true
type: string
enum:
- null
- idn
- iai
- spConnectCluster
- sqsCluster
- das-rc
- das-pc
- das-dc
example: idn
vaDownloadUrl:
description: ManagedClient VA download URL
readOnly: true
nullable: true
type: string
example: aUrl
vaVersion:
description: Version that the ManagedClient's VA is running
readOnly: true
nullable: true
type: string
example: va-megapod-useast1-610-1621372012
secret:
description: Client's apiKey
nullable: true
type: string
example: ef878e15eaa8c8d3e2fa52f41125e2a0eeadadc6a14f931a33ad3e1b62d56381
createdAt:
description: The date/time this ManagedClient was created
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
updatedAt:
description: The date/time this ManagedClient was last updated
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
provisionStatus:
description: The provisioning status of the ManagedClient
readOnly: true
nullable: true
type: string
enum:
- null
- PROVISIONED
- DRAFT
example: PROVISIONED
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:remote-client:read'
- 'idn:remote-client:manage'
post:
tags:
- Managed Clients
summary: Create a new Managed Client
description: |-
Create a new Managed Client.
The API returns a result that includes the Managed Client ID.
operationId: createManagedClient
requestBody:
required: true
content:
application/json:
schema:
description: Managed Client Request
type: object
required:
- clusterId
properties:
clusterId:
description: Cluster ID that the ManagedClient is linked to
type: string
example: aClusterId
description:
description: description for the ManagedClient to create
type: string
nullable: true
example: A short description of the ManagedClient
name:
description: name for the ManagedClient to create
type: string
nullable: true
example: aName
type:
description: 'Type of the ManagedClient (VA, CCG) to create'
type: string
nullable: true
example: VA
responses:
'200':
description: The created ManagedClient
content:
application/json:
schema:
description: Managed Client
type: object
required:
- clientId
- clusterId
- description
- type
properties:
id:
description: ManagedClient ID
readOnly: true
nullable: true
type: string
example: 2c9180878eaf4204018eb019c3570003
alertKey:
description: ManagedClient alert key
readOnly: true
nullable: true
type: string
example: CLIENT_STATUS_NOT_CONFIGURED
ccId:
description: Previous CC ID to be used in data migration. (This field will be deleted after CC migration!)
nullable: true
type: integer
format: int64
example: 2248
clientId:
description: The client ID used in API management
type: string
example: 00be54a2-bb6d-402f-9159-beb2d5319347
clusterId:
description: Cluster ID that the ManagedClient is linked to
type: string
example: e1ff7bb24c934240bbf55e1aa39e41c5
description:
description: ManagedClient description
type: string
default: ''
example: A short description of the ManagedClient
ipAddress:
description: The public IP address of the ManagedClient
readOnly: true
nullable: true
type: string
example: 123.456.78.90
lastSeen:
description: When the ManagedClient was last seen by the server
readOnly: true
nullable: true
type: string
format: date-time
example: '2020-01-01T00:00:00.000000Z'
name:
description: ManagedClient name
nullable: true
type: string
default: VA-$clientId
example: aName
sinceLastSeen:
description: Milliseconds since the ManagedClient has polled the server
readOnly: true
nullable: true
type: string
example: 15000
status:
description: Status of the ManagedClient
readOnly: true
nullable: true
type: string
enum:
- NORMAL
- UNDEFINED
- NOT_CONFIGURED
- CONFIGURING
- WARNING
- ERROR
- FAILED
- null
example: NORMAL
type:
description: 'Type of the ManagedClient (VA, CCG)'
type: string
example: VA
clusterType:
description: Cluster Type of the ManagedClient
readOnly: true
nullable: true
type: string
enum:
- null
- idn
- iai
- spConnectCluster
- sqsCluster
- das-rc
- das-pc
- das-dc
example: idn
vaDownloadUrl:
description: ManagedClient VA download URL
readOnly: true
nullable: true
type: string
example: aUrl
vaVersion:
description: Version that the ManagedClient's VA is running
readOnly: true
nullable: true
type: string
example: va-megapod-useast1-610-1621372012
secret:
description: Client's apiKey
nullable: true
type: string
example: ef878e15eaa8c8d3e2fa52f41125e2a0eeadadc6a14f931a33ad3e1b62d56381
createdAt:
description: The date/time this ManagedClient was created
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
updatedAt:
description: The date/time this ManagedClient was last updated
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
provisionStatus:
description: The provisioning status of the ManagedClient
readOnly: true
nullable: true
type: string
enum:
- null
- PROVISIONED
- DRAFT
example: PROVISIONED
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:remote-client:manage'
'/managed-clients/{id}':
get:
tags:
- Managed Clients
summary: Get a Managed Client
description: Get a Managed Client.
operationId: getManagedClient
parameters:
- name: id
in: path
description: The Managed Client ID
required: true
schema:
type: string
example: aClientId
responses:
'200':
description: Responds with a Managed Client
content:
application/json:
schema:
description: Managed Client
type: object
required:
- clientId
- clusterId
- description
- type
properties:
id:
description: ManagedClient ID
readOnly: true
nullable: true
type: string
example: 2c9180878eaf4204018eb019c3570003
alertKey:
description: ManagedClient alert key
readOnly: true
nullable: true
type: string
example: CLIENT_STATUS_NOT_CONFIGURED
ccId:
description: Previous CC ID to be used in data migration. (This field will be deleted after CC migration!)
nullable: true
type: integer
format: int64
example: 2248
clientId:
description: The client ID used in API management
type: string
example: 00be54a2-bb6d-402f-9159-beb2d5319347
clusterId:
description: Cluster ID that the ManagedClient is linked to
type: string
example: e1ff7bb24c934240bbf55e1aa39e41c5
description:
description: ManagedClient description
type: string
default: ''
example: A short description of the ManagedClient
ipAddress:
description: The public IP address of the ManagedClient
readOnly: true
nullable: true
type: string
example: 123.456.78.90
lastSeen:
description: When the ManagedClient was last seen by the server
readOnly: true
nullable: true
type: string
format: date-time
example: '2020-01-01T00:00:00.000000Z'
name:
description: ManagedClient name
nullable: true
type: string
default: VA-$clientId
example: aName
sinceLastSeen:
description: Milliseconds since the ManagedClient has polled the server
readOnly: true
nullable: true
type: string
example: 15000
status:
description: Status of the ManagedClient
readOnly: true
nullable: true
type: string
enum:
- NORMAL
- UNDEFINED
- NOT_CONFIGURED
- CONFIGURING
- WARNING
- ERROR
- FAILED
- null
example: NORMAL
type:
description: 'Type of the ManagedClient (VA, CCG)'
type: string
example: VA
clusterType:
description: Cluster Type of the ManagedClient
readOnly: true
nullable: true
type: string
enum:
- null
- idn
- iai
- spConnectCluster
- sqsCluster
- das-rc
- das-pc
- das-dc
example: idn
vaDownloadUrl:
description: ManagedClient VA download URL
readOnly: true
nullable: true
type: string
example: aUrl
vaVersion:
description: Version that the ManagedClient's VA is running
readOnly: true
nullable: true
type: string
example: va-megapod-useast1-610-1621372012
secret:
description: Client's apiKey
nullable: true
type: string
example: ef878e15eaa8c8d3e2fa52f41125e2a0eeadadc6a14f931a33ad3e1b62d56381
createdAt:
description: The date/time this ManagedClient was created
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
updatedAt:
description: The date/time this ManagedClient was last updated
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
provisionStatus:
description: The provisioning status of the ManagedClient
readOnly: true
nullable: true
type: string
enum:
- null
- PROVISIONED
- DRAFT
example: PROVISIONED
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:remote-client:read'
- 'idn:remote-client:manage'
- 'idn:managed-client-status:read'
- 'idn:managed-client-status:manage'
patch:
tags:
- Managed Clients
summary: Update a Managed Client
description: Update an existing Managed Client.
operationId: updateManagedClient
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The Managed Client ID
example: aClientId
requestBody:
required: true
description: The JSONPatch payload used to update the schema.
content:
application/json-patch+json:
schema:
type: object
description: 'A JSONPatch document as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
properties:
operations:
description: Operations to be applied
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
responses:
'200':
description: The updated Managed Client
content:
application/json:
schema:
description: Managed Client
type: object
required:
- clientId
- clusterId
- description
- type
properties:
id:
description: ManagedClient ID
readOnly: true
nullable: true
type: string
example: 2c9180878eaf4204018eb019c3570003
alertKey:
description: ManagedClient alert key
readOnly: true
nullable: true
type: string
example: CLIENT_STATUS_NOT_CONFIGURED
ccId:
description: Previous CC ID to be used in data migration. (This field will be deleted after CC migration!)
nullable: true
type: integer
format: int64
example: 2248
clientId:
description: The client ID used in API management
type: string
example: 00be54a2-bb6d-402f-9159-beb2d5319347
clusterId:
description: Cluster ID that the ManagedClient is linked to
type: string
example: e1ff7bb24c934240bbf55e1aa39e41c5
description:
description: ManagedClient description
type: string
default: ''
example: A short description of the ManagedClient
ipAddress:
description: The public IP address of the ManagedClient
readOnly: true
nullable: true
type: string
example: 123.456.78.90
lastSeen:
description: When the ManagedClient was last seen by the server
readOnly: true
nullable: true
type: string
format: date-time
example: '2020-01-01T00:00:00.000000Z'
name:
description: ManagedClient name
nullable: true
type: string
default: VA-$clientId
example: aName
sinceLastSeen:
description: Milliseconds since the ManagedClient has polled the server
readOnly: true
nullable: true
type: string
example: 15000
status:
description: Status of the ManagedClient
readOnly: true
nullable: true
type: string
enum:
- NORMAL
- UNDEFINED
- NOT_CONFIGURED
- CONFIGURING
- WARNING
- ERROR
- FAILED
- null
example: NORMAL
type:
description: 'Type of the ManagedClient (VA, CCG)'
type: string
example: VA
clusterType:
description: Cluster Type of the ManagedClient
readOnly: true
nullable: true
type: string
enum:
- null
- idn
- iai
- spConnectCluster
- sqsCluster
- das-rc
- das-pc
- das-dc
example: idn
vaDownloadUrl:
description: ManagedClient VA download URL
readOnly: true
nullable: true
type: string
example: aUrl
vaVersion:
description: Version that the ManagedClient's VA is running
readOnly: true
nullable: true
type: string
example: va-megapod-useast1-610-1621372012
secret:
description: Client's apiKey
nullable: true
type: string
example: ef878e15eaa8c8d3e2fa52f41125e2a0eeadadc6a14f931a33ad3e1b62d56381
createdAt:
description: The date/time this ManagedClient was created
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
updatedAt:
description: The date/time this ManagedClient was last updated
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
provisionStatus:
description: The provisioning status of the ManagedClient
readOnly: true
nullable: true
type: string
enum:
- null
- PROVISIONED
- DRAFT
example: PROVISIONED
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:remote-client:manage'
delete:
operationId: deleteManagedClient
tags:
- Managed Clients
summary: Delete a Managed Client
description: Delete an existing Managed Client.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The Managed Client ID
example: aClientId
responses:
'204':
description: The Managed Client was successfully deleted.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:remote-client:manage'
'/managed-clients/{id}/status':
get:
tags:
- Managed Clients
summary: Get Managed Client Status.
description: Retrieve the Status of a Managed Client by ID.
operationId: getManagedClientStatus
parameters:
- name: id
in: path
description: ID of the Managed Client to get Status of
required: true
schema:
type: string
example: aClientId
- name: type
in: query
description: Type of the Managed Client to get Status of
required: true
schema:
example: VA
description: Managed Client type
type: string
nullable: true
enum:
- CCG
- VA
- INTERNAL
- IIQ_HARVESTER
- null
responses:
'200':
description: Responds with the Status of the Managed Client with the given ID and Type.
content:
application/json:
schema:
description: Managed Client Status
type: object
required:
- body
- status
- type
- timestamp
properties:
body:
description: ManagedClientStatus body information
type: object
example:
alertKey: ''
id: '5678'
clusterId: '1234'
ccg_etag: ccg_etag123xyz456
ccg_pin: NONE
cookbook_etag: 20210420125956-20210511144538
hostname: megapod-useast1-secret-hostname.sailpoint.com
internal_ip: 127.0.0.1
lastSeen: '1620843964604'
sinceSeen: '14708'
sinceSeenMillis: '14708'
localDev: false
stacktrace: ''
state: null
status: NORMAL
uuid: null
product: idn
va_version: null
platform_version: '2'
os_version: 2345.3.1
os_type: flatcar
hypervisor: unknown
status:
description: status of the Managed Client
example: NORMAL
type: string
enum:
- NORMAL
- UNDEFINED
- NOT_CONFIGURED
- CONFIGURING
- WARNING
- ERROR
- FAILED
type:
description: type of the Managed Client
example: CCG
type: string
nullable: true
enum:
- CCG
- VA
- INTERNAL
- IIQ_HARVESTER
- null
timestamp:
description: timestamp on the Client Status update
type: string
format: date-time
example: '2020-01-01T00:00:00.000000Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:managed-client-status:read'
/managed-clusters:
get:
tags:
- Managed Clusters
summary: Retrieve all Managed Clusters.
description: 'Retrieve all Managed Clusters for the current Org, based on request context.'
operationId: getManagedClusters
parameters:
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**operational**: *eq*
example: operational eq "operation"
responses:
'200':
description: Responds with a list of ManagedCluster.
content:
application/json:
schema:
type: array
items:
description: Managed Cluster
type: object
required:
- id
- clientType
- ccgVersion
properties:
id:
description: ManagedCluster ID
type: string
example: e1ff7bb24c934240bbf55e1aa39e41c5
name:
description: ManagedCluster name
type: string
example: Managed Cluster Name
pod:
description: ManagedCluster pod
type: string
example: megapod-useast1
org:
description: ManagedCluster org
type: string
example: denali
type:
description: The Type of Cluster
example: idn
nullable: false
default: idn
type: string
enum:
- idn
- iai
configuration:
description: ManagedProcess configuration map
type: object
additionalProperties:
type: string
example:
clusterExternalId: e1ff7bb24c934240bbf55e1aa39e41c5
clusterType: sqsCluster
gmtOffset: '-5'
keyPair:
description: key pair for the ManagedCluster
type: object
properties:
publicKey:
nullable: true
description: ManagedCluster publicKey
type: string
example: '-----BEGIN PUBLIC KEY-----******-----END PUBLIC KEY-----'
publicKeyThumbprint:
nullable: true
description: ManagedCluster publicKeyThumbprint
type: string
example: 6CMlaJIV44-xJxcB3CJBjDUUn54
publicKeyCertificate:
nullable: true
description: ManagedCluster publicKeyCertificate
type: string
example: '-----BEGIN CERTIFICATE-----****-----END CERTIFICATE-----'
attributes:
description: Specific Attributes for Configuring a ManagedCluster by Type
type: object
properties:
queue:
description: ManagedCluster keystore for sqsCluster type
type: object
properties:
name:
description: ManagedCluster queue name
type: string
example: megapod-useast1-denali-lwt-cluster-1533
region:
description: ManagedCluster queue aws region
type: string
example: us-east-1
keystore:
nullable: true
description: ManagedCluster keystore for spConnectCluster type
type: string
example: /u3+7QAAAAIAAAABAAAAAQAvL3Byb3h5LWNsdXN0ZXIvMmM5MTgwODc3Yjg3MW
description:
description: ManagedCluster description
type: string
default: q
example: A short description of the managed cluster.
redis:
description: Redis configuration for the ManagedCluster
type: object
properties:
redisHost:
description: ManagedCluster redisHost
type: string
example: megapod-useast1-shared-redis.cloud.sailpoint.com
redisPort:
description: ManagedCluster redisPort
type: integer
format: int32
example: 6379
clientType:
description: type of client for the ManagedCluster
type: string
example: CCG
nullable: true
enum:
- CCG
- VA
- INTERNAL
- IIQ_HARVESTER
- null
ccgVersion:
description: CCG version used by the ManagedCluster
type: string
example: v01
pinnedConfig:
description: boolean flag indiacting whether or not the cluster configuration is pinned
type: boolean
default: false
example: false
logConfiguration:
description: client log configuration for the cluster
example: '{ "rootLevel": "WARN", "logLevels": { "foobar": "WARN" } }'
nullable: true
type: object
required:
- durationMinutes
- rootLevel
properties:
clientId:
description: Log configuration's client ID
type: string
example: aClientId
durationMinutes:
description: Duration in minutes for log configuration to remain in effect before resetting to defaults
type: integer
format: int32
example: 120
minimum: 5
maximum: 1440
expiration:
description: Expiration date-time of the log configuration request
example: '2020-12-15T19:13:36.079Z'
type: string
format: date-time
rootLevel:
description: 'Root log level to apply, the default level for all logs. For more information about logging levels, refer to the "Logging Levels" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).'
default: INFO
example: TRACE
type: string
enum:
- 'OFF'
- FATAL
- ERROR
- WARN
- INFO
- DEBUG
- TRACE
logLevels:
description: 'Map of log level by key. The keys are logging classes, and the values are logging levels. To see the available connectors and their logging classes, refer to the "Logging Classes" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).'
example:
sailpoint.connector.ADLDAPConnector: TRACE
type: object
additionalProperties:
default: INFO
example: TRACE
description: Standard Log4j log level
type: string
enum:
- 'OFF'
- FATAL
- ERROR
- WARN
- INFO
- DEBUG
- TRACE
operational:
description: Whether or not the cluster is operational or not
type: boolean
default: false
example: false
status:
description: Cluster status
type: string
example: NORMAL
publicKeyCertificate:
nullable: true
description: Public key certificate
type: string
example: '-----BEGIN CERTIFICATE-----TCCAb2gAwIBAgIBADANBgkqhkiG9w0BAQsFADAuMQ0wCwYDVQQD-----END CERTIFICATE-----'
publicKeyThumbprint:
nullable: true
description: Public key thumbprint
type: string
example: obc6pLiulGbtZ
publicKey:
nullable: true
description: Public key
type: string
example: '-----BEGIN PUBLIC KEY-----jANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3WgnsxP52MDgBTfHR+5n4-----END PUBLIC KEY-----'
alertKey:
description: Key describing any immediate cluster alerts
type: string
example: LIMITED_RESOURCES
clientIds:
type: array
description: List of clients in a cluster
items:
type: string
example:
- '1244'
- '1245'
serviceCount:
description: Number of services bound to a cluster
type: integer
format: int32
default: 0
example: 6
ccId:
description: 'CC ID only used in calling CC, will be removed without notice when Migration to CEGS is finished'
type: string
default: '0'
example: '1533'
createdAt:
description: The date/time this cluster was created
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
updatedAt:
description: The date/time this cluster was last updated
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:remote-client:read'
- 'idn:remote-client:manage'
post:
tags:
- Managed Clusters
summary: Create a new Managed Cluster
description: |-
Create a new Managed Cluster.
The API returns a result that includes the Managed Cluster ID.
operationId: createManagedCluster
requestBody:
required: true
content:
application/json:
schema:
description: Request to create Managed Cluster
type: object
required:
- name
properties:
name:
description: ManagedCluster name
type: string
nullable: false
example: Managed Cluster Name
type:
description: The Type of Cluster
example: idn
type: string
enum:
- idn
- iai
configuration:
description: ManagedProcess configuration map
type: object
additionalProperties:
type: string
example:
clusterExternalId: externalId
ccgVersion: 77.0.0
description:
description: ManagedCluster description
type: string
nullable: true
example: A short description of the managed cluster.
responses:
'200':
description: The created ManagedClient
content:
application/json:
schema:
description: Managed Cluster
type: object
required:
- id
- clientType
- ccgVersion
properties:
id:
description: ManagedCluster ID
type: string
example: e1ff7bb24c934240bbf55e1aa39e41c5
name:
description: ManagedCluster name
type: string
example: Managed Cluster Name
pod:
description: ManagedCluster pod
type: string
example: megapod-useast1
org:
description: ManagedCluster org
type: string
example: denali
type:
description: The Type of Cluster
example: idn
nullable: false
default: idn
type: string
enum:
- idn
- iai
configuration:
description: ManagedProcess configuration map
type: object
additionalProperties:
type: string
example:
clusterExternalId: e1ff7bb24c934240bbf55e1aa39e41c5
clusterType: sqsCluster
gmtOffset: '-5'
keyPair:
description: key pair for the ManagedCluster
type: object
properties:
publicKey:
nullable: true
description: ManagedCluster publicKey
type: string
example: '-----BEGIN PUBLIC KEY-----******-----END PUBLIC KEY-----'
publicKeyThumbprint:
nullable: true
description: ManagedCluster publicKeyThumbprint
type: string
example: 6CMlaJIV44-xJxcB3CJBjDUUn54
publicKeyCertificate:
nullable: true
description: ManagedCluster publicKeyCertificate
type: string
example: '-----BEGIN CERTIFICATE-----****-----END CERTIFICATE-----'
attributes:
description: Specific Attributes for Configuring a ManagedCluster by Type
type: object
properties:
queue:
description: ManagedCluster keystore for sqsCluster type
type: object
properties:
name:
description: ManagedCluster queue name
type: string
example: megapod-useast1-denali-lwt-cluster-1533
region:
description: ManagedCluster queue aws region
type: string
example: us-east-1
keystore:
nullable: true
description: ManagedCluster keystore for spConnectCluster type
type: string
example: /u3+7QAAAAIAAAABAAAAAQAvL3Byb3h5LWNsdXN0ZXIvMmM5MTgwODc3Yjg3MW
description:
description: ManagedCluster description
type: string
default: q
example: A short description of the managed cluster.
redis:
description: Redis configuration for the ManagedCluster
type: object
properties:
redisHost:
description: ManagedCluster redisHost
type: string
example: megapod-useast1-shared-redis.cloud.sailpoint.com
redisPort:
description: ManagedCluster redisPort
type: integer
format: int32
example: 6379
clientType:
description: type of client for the ManagedCluster
type: string
example: CCG
nullable: true
enum:
- CCG
- VA
- INTERNAL
- IIQ_HARVESTER
- null
ccgVersion:
description: CCG version used by the ManagedCluster
type: string
example: v01
pinnedConfig:
description: boolean flag indiacting whether or not the cluster configuration is pinned
type: boolean
default: false
example: false
logConfiguration:
description: client log configuration for the cluster
example: '{ "rootLevel": "WARN", "logLevels": { "foobar": "WARN" } }'
nullable: true
type: object
required:
- durationMinutes
- rootLevel
properties:
clientId:
description: Log configuration's client ID
type: string
example: aClientId
durationMinutes:
description: Duration in minutes for log configuration to remain in effect before resetting to defaults
type: integer
format: int32
example: 120
minimum: 5
maximum: 1440
expiration:
description: Expiration date-time of the log configuration request
example: '2020-12-15T19:13:36.079Z'
type: string
format: date-time
rootLevel:
description: 'Root log level to apply, the default level for all logs. For more information about logging levels, refer to the "Logging Levels" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).'
default: INFO
example: TRACE
type: string
enum:
- 'OFF'
- FATAL
- ERROR
- WARN
- INFO
- DEBUG
- TRACE
logLevels:
description: 'Map of log level by key. The keys are logging classes, and the values are logging levels. To see the available connectors and their logging classes, refer to the "Logging Classes" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).'
example:
sailpoint.connector.ADLDAPConnector: TRACE
type: object
additionalProperties:
default: INFO
example: TRACE
description: Standard Log4j log level
type: string
enum:
- 'OFF'
- FATAL
- ERROR
- WARN
- INFO
- DEBUG
- TRACE
operational:
description: Whether or not the cluster is operational or not
type: boolean
default: false
example: false
status:
description: Cluster status
type: string
example: NORMAL
publicKeyCertificate:
nullable: true
description: Public key certificate
type: string
example: '-----BEGIN CERTIFICATE-----TCCAb2gAwIBAgIBADANBgkqhkiG9w0BAQsFADAuMQ0wCwYDVQQD-----END CERTIFICATE-----'
publicKeyThumbprint:
nullable: true
description: Public key thumbprint
type: string
example: obc6pLiulGbtZ
publicKey:
nullable: true
description: Public key
type: string
example: '-----BEGIN PUBLIC KEY-----jANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3WgnsxP52MDgBTfHR+5n4-----END PUBLIC KEY-----'
alertKey:
description: Key describing any immediate cluster alerts
type: string
example: LIMITED_RESOURCES
clientIds:
type: array
description: List of clients in a cluster
items:
type: string
example:
- '1244'
- '1245'
serviceCount:
description: Number of services bound to a cluster
type: integer
format: int32
default: 0
example: 6
ccId:
description: 'CC ID only used in calling CC, will be removed without notice when Migration to CEGS is finished'
type: string
default: '0'
example: '1533'
createdAt:
description: The date/time this cluster was created
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
updatedAt:
description: The date/time this cluster was last updated
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:remote-client:manage'
'/managed-clusters/{id}':
get:
tags:
- Managed Clusters
summary: Get a specified Managed Cluster.
description: Retrieve a ManagedCluster by ID.
operationId: getManagedCluster
parameters:
- name: id
in: path
description: ID of the ManagedCluster to get
required: true
style: simple
explode: false
schema:
type: string
example: aClusterId
responses:
'200':
description: Responds with ManagedCluster having the given ID.
content:
application/json:
schema:
description: Managed Cluster
type: object
required:
- id
- clientType
- ccgVersion
properties:
id:
description: ManagedCluster ID
type: string
example: e1ff7bb24c934240bbf55e1aa39e41c5
name:
description: ManagedCluster name
type: string
example: Managed Cluster Name
pod:
description: ManagedCluster pod
type: string
example: megapod-useast1
org:
description: ManagedCluster org
type: string
example: denali
type:
description: The Type of Cluster
example: idn
nullable: false
default: idn
type: string
enum:
- idn
- iai
configuration:
description: ManagedProcess configuration map
type: object
additionalProperties:
type: string
example:
clusterExternalId: e1ff7bb24c934240bbf55e1aa39e41c5
clusterType: sqsCluster
gmtOffset: '-5'
keyPair:
description: key pair for the ManagedCluster
type: object
properties:
publicKey:
nullable: true
description: ManagedCluster publicKey
type: string
example: '-----BEGIN PUBLIC KEY-----******-----END PUBLIC KEY-----'
publicKeyThumbprint:
nullable: true
description: ManagedCluster publicKeyThumbprint
type: string
example: 6CMlaJIV44-xJxcB3CJBjDUUn54
publicKeyCertificate:
nullable: true
description: ManagedCluster publicKeyCertificate
type: string
example: '-----BEGIN CERTIFICATE-----****-----END CERTIFICATE-----'
attributes:
description: Specific Attributes for Configuring a ManagedCluster by Type
type: object
properties:
queue:
description: ManagedCluster keystore for sqsCluster type
type: object
properties:
name:
description: ManagedCluster queue name
type: string
example: megapod-useast1-denali-lwt-cluster-1533
region:
description: ManagedCluster queue aws region
type: string
example: us-east-1
keystore:
nullable: true
description: ManagedCluster keystore for spConnectCluster type
type: string
example: /u3+7QAAAAIAAAABAAAAAQAvL3Byb3h5LWNsdXN0ZXIvMmM5MTgwODc3Yjg3MW
description:
description: ManagedCluster description
type: string
default: q
example: A short description of the managed cluster.
redis:
description: Redis configuration for the ManagedCluster
type: object
properties:
redisHost:
description: ManagedCluster redisHost
type: string
example: megapod-useast1-shared-redis.cloud.sailpoint.com
redisPort:
description: ManagedCluster redisPort
type: integer
format: int32
example: 6379
clientType:
description: type of client for the ManagedCluster
type: string
example: CCG
nullable: true
enum:
- CCG
- VA
- INTERNAL
- IIQ_HARVESTER
- null
ccgVersion:
description: CCG version used by the ManagedCluster
type: string
example: v01
pinnedConfig:
description: boolean flag indiacting whether or not the cluster configuration is pinned
type: boolean
default: false
example: false
logConfiguration:
description: client log configuration for the cluster
example: '{ "rootLevel": "WARN", "logLevels": { "foobar": "WARN" } }'
nullable: true
type: object
required:
- durationMinutes
- rootLevel
properties:
clientId:
description: Log configuration's client ID
type: string
example: aClientId
durationMinutes:
description: Duration in minutes for log configuration to remain in effect before resetting to defaults
type: integer
format: int32
example: 120
minimum: 5
maximum: 1440
expiration:
description: Expiration date-time of the log configuration request
example: '2020-12-15T19:13:36.079Z'
type: string
format: date-time
rootLevel:
description: 'Root log level to apply, the default level for all logs. For more information about logging levels, refer to the "Logging Levels" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).'
default: INFO
example: TRACE
type: string
enum:
- 'OFF'
- FATAL
- ERROR
- WARN
- INFO
- DEBUG
- TRACE
logLevels:
description: 'Map of log level by key. The keys are logging classes, and the values are logging levels. To see the available connectors and their logging classes, refer to the "Logging Classes" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).'
example:
sailpoint.connector.ADLDAPConnector: TRACE
type: object
additionalProperties:
default: INFO
example: TRACE
description: Standard Log4j log level
type: string
enum:
- 'OFF'
- FATAL
- ERROR
- WARN
- INFO
- DEBUG
- TRACE
operational:
description: Whether or not the cluster is operational or not
type: boolean
default: false
example: false
status:
description: Cluster status
type: string
example: NORMAL
publicKeyCertificate:
nullable: true
description: Public key certificate
type: string
example: '-----BEGIN CERTIFICATE-----TCCAb2gAwIBAgIBADANBgkqhkiG9w0BAQsFADAuMQ0wCwYDVQQD-----END CERTIFICATE-----'
publicKeyThumbprint:
nullable: true
description: Public key thumbprint
type: string
example: obc6pLiulGbtZ
publicKey:
nullable: true
description: Public key
type: string
example: '-----BEGIN PUBLIC KEY-----jANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3WgnsxP52MDgBTfHR+5n4-----END PUBLIC KEY-----'
alertKey:
description: Key describing any immediate cluster alerts
type: string
example: LIMITED_RESOURCES
clientIds:
type: array
description: List of clients in a cluster
items:
type: string
example:
- '1244'
- '1245'
serviceCount:
description: Number of services bound to a cluster
type: integer
format: int32
default: 0
example: 6
ccId:
description: 'CC ID only used in calling CC, will be removed without notice when Migration to CEGS is finished'
type: string
default: '0'
example: '1533'
createdAt:
description: The date/time this cluster was created
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
updatedAt:
description: The date/time this cluster was last updated
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:remote-client:read'
- 'idn:remote-client:manage'
patch:
tags:
- Managed Clusters
summary: Update a Managed Cluster
description: Update an existing Managed Cluster.
operationId: updateManagedCluster
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The Managed Cluster ID
example: aClusterId
requestBody:
required: true
description: The JSONPatch payload used to update the schema.
content:
application/json-patch+json:
schema:
type: object
description: 'A JSONPatch document as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
properties:
operations:
description: Operations to be applied
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
responses:
'200':
description: The updated Managed Cluster
content:
application/json:
schema:
description: Managed Cluster
type: object
required:
- id
- clientType
- ccgVersion
properties:
id:
description: ManagedCluster ID
type: string
example: e1ff7bb24c934240bbf55e1aa39e41c5
name:
description: ManagedCluster name
type: string
example: Managed Cluster Name
pod:
description: ManagedCluster pod
type: string
example: megapod-useast1
org:
description: ManagedCluster org
type: string
example: denali
type:
description: The Type of Cluster
example: idn
nullable: false
default: idn
type: string
enum:
- idn
- iai
configuration:
description: ManagedProcess configuration map
type: object
additionalProperties:
type: string
example:
clusterExternalId: e1ff7bb24c934240bbf55e1aa39e41c5
clusterType: sqsCluster
gmtOffset: '-5'
keyPair:
description: key pair for the ManagedCluster
type: object
properties:
publicKey:
nullable: true
description: ManagedCluster publicKey
type: string
example: '-----BEGIN PUBLIC KEY-----******-----END PUBLIC KEY-----'
publicKeyThumbprint:
nullable: true
description: ManagedCluster publicKeyThumbprint
type: string
example: 6CMlaJIV44-xJxcB3CJBjDUUn54
publicKeyCertificate:
nullable: true
description: ManagedCluster publicKeyCertificate
type: string
example: '-----BEGIN CERTIFICATE-----****-----END CERTIFICATE-----'
attributes:
description: Specific Attributes for Configuring a ManagedCluster by Type
type: object
properties:
queue:
description: ManagedCluster keystore for sqsCluster type
type: object
properties:
name:
description: ManagedCluster queue name
type: string
example: megapod-useast1-denali-lwt-cluster-1533
region:
description: ManagedCluster queue aws region
type: string
example: us-east-1
keystore:
nullable: true
description: ManagedCluster keystore for spConnectCluster type
type: string
example: /u3+7QAAAAIAAAABAAAAAQAvL3Byb3h5LWNsdXN0ZXIvMmM5MTgwODc3Yjg3MW
description:
description: ManagedCluster description
type: string
default: q
example: A short description of the managed cluster.
redis:
description: Redis configuration for the ManagedCluster
type: object
properties:
redisHost:
description: ManagedCluster redisHost
type: string
example: megapod-useast1-shared-redis.cloud.sailpoint.com
redisPort:
description: ManagedCluster redisPort
type: integer
format: int32
example: 6379
clientType:
description: type of client for the ManagedCluster
type: string
example: CCG
nullable: true
enum:
- CCG
- VA
- INTERNAL
- IIQ_HARVESTER
- null
ccgVersion:
description: CCG version used by the ManagedCluster
type: string
example: v01
pinnedConfig:
description: boolean flag indiacting whether or not the cluster configuration is pinned
type: boolean
default: false
example: false
logConfiguration:
description: client log configuration for the cluster
example: '{ "rootLevel": "WARN", "logLevels": { "foobar": "WARN" } }'
nullable: true
type: object
required:
- durationMinutes
- rootLevel
properties:
clientId:
description: Log configuration's client ID
type: string
example: aClientId
durationMinutes:
description: Duration in minutes for log configuration to remain in effect before resetting to defaults
type: integer
format: int32
example: 120
minimum: 5
maximum: 1440
expiration:
description: Expiration date-time of the log configuration request
example: '2020-12-15T19:13:36.079Z'
type: string
format: date-time
rootLevel:
description: 'Root log level to apply, the default level for all logs. For more information about logging levels, refer to the "Logging Levels" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).'
default: INFO
example: TRACE
type: string
enum:
- 'OFF'
- FATAL
- ERROR
- WARN
- INFO
- DEBUG
- TRACE
logLevels:
description: 'Map of log level by key. The keys are logging classes, and the values are logging levels. To see the available connectors and their logging classes, refer to the "Logging Classes" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).'
example:
sailpoint.connector.ADLDAPConnector: TRACE
type: object
additionalProperties:
default: INFO
example: TRACE
description: Standard Log4j log level
type: string
enum:
- 'OFF'
- FATAL
- ERROR
- WARN
- INFO
- DEBUG
- TRACE
operational:
description: Whether or not the cluster is operational or not
type: boolean
default: false
example: false
status:
description: Cluster status
type: string
example: NORMAL
publicKeyCertificate:
nullable: true
description: Public key certificate
type: string
example: '-----BEGIN CERTIFICATE-----TCCAb2gAwIBAgIBADANBgkqhkiG9w0BAQsFADAuMQ0wCwYDVQQD-----END CERTIFICATE-----'
publicKeyThumbprint:
nullable: true
description: Public key thumbprint
type: string
example: obc6pLiulGbtZ
publicKey:
nullable: true
description: Public key
type: string
example: '-----BEGIN PUBLIC KEY-----jANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3WgnsxP52MDgBTfHR+5n4-----END PUBLIC KEY-----'
alertKey:
description: Key describing any immediate cluster alerts
type: string
example: LIMITED_RESOURCES
clientIds:
type: array
description: List of clients in a cluster
items:
type: string
example:
- '1244'
- '1245'
serviceCount:
description: Number of services bound to a cluster
type: integer
format: int32
default: 0
example: 6
ccId:
description: 'CC ID only used in calling CC, will be removed without notice when Migration to CEGS is finished'
type: string
default: '0'
example: '1533'
createdAt:
description: The date/time this cluster was created
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
updatedAt:
description: The date/time this cluster was last updated
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:remote-client:manage'
delete:
operationId: deleteManagedCluster
tags:
- Managed Clusters
summary: Delete a Managed Cluster
description: Delete an existing Managed Cluster.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The Managed Cluster ID
example: aClusterId
- in: query
name: removeClients
schema:
type: boolean
default: false
required: false
description: Flag to determine the need to delete a cluster with clients
example: false
responses:
'204':
description: The Managed Cluster was successfully deleted.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:remote-client:manage'
/non-employee-records:
post:
operationId: createNonEmployeeRecord
tags:
- Non-Employee Lifecycle Management
summary: Create Non-Employee Record
description: |-
This request will create a non-employee record.
Requires role context of `idn:nesr:create`
requestBody:
description: Non-Employee record creation request body.
required: true
content:
application/json:
schema:
type: object
properties:
accountName:
type: string
description: Requested identity account name.
example: william.smith
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5555555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
sourceId:
type: string
description: Non-Employee's source id.
example: 2c91808568c529c60168cca6f90c1313
data:
type: object
additionalProperties:
type: string
description: 'Attribute blob/bag for a non-employee, 10 attributes is the maximum size supported.'
example:
description: Auditing
startDate:
type: string
format: date-time
description: Non-Employee employment start date.
example: '2020-03-24T00:00:00-05:00'
endDate:
type: string
format: date-time
description: Non-Employee employment end date.
example: '2021-03-25T00:00:00-05:00'
required:
- accountName
- firstName
- lastName
- email
- phone
- manager
- sourceId
- startDate
- endDate
responses:
'200':
description: Created non-employee record.
content:
application/json:
schema:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee record id.
example: ef38f94347e94562b5bb8424a56397d8
accountName:
type: string
description: Requested identity account name.
example: Abby.Smith
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5555555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
sourceId:
type: string
description: Non-Employee's source id.
example: 2c91808568c529c60168cca6f90c1313
data:
type: object
additionalProperties:
type: string
description: Attribute blob/bag for a non-employee.
example:
description: Auditing
startDate:
type: string
format: date-time
description: Non-Employee employment start date.
example: '2019-08-23T18:52:59.162Z'
endDate:
type: string
format: date-time
description: Non-Employee employment end date.
example: '2020-08-23T18:52:59.162Z'
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
operationId: listNonEmployeeRecords
security:
- UserContextAuth: []
tags:
- Non-Employee Lifecycle Management
summary: List Non-Employee Records
description: |-
This gets a list of non-employee records. There are two contextual uses for this endpoint:
1. The user has the role context of `idn:nesr:read`, in which case they can get a list of all of the non-employees.
2. The user is an account manager, in which case they can get a list of the non-employees that they manage.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
example: 'accountName,sourceId'
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **id, accountName, sourceId, manager, firstName, lastName, email, phone, startDate, endDate, created, modified**
- in: query
name: filters
required: false
schema:
type: string
example: sourceId eq "2c91808568c529c60168cca6f90c1313"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**sourceId**: *eq*
responses:
'200':
description: Non-Employee record objects
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee record id.
example: ef38f94347e94562b5bb8424a56397d8
accountName:
type: string
description: Requested identity account name.
example: Abby.Smith
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5555555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
sourceId:
type: string
description: Non-Employee's source id.
example: 2c91808568c529c60168cca6f90c1313
data:
type: object
additionalProperties:
type: string
description: Attribute blob/bag for a non-employee.
example:
description: Auditing
startDate:
type: string
format: date-time
description: Non-Employee employment start date.
example: '2019-08-23T18:52:59.162Z'
endDate:
type: string
format: date-time
description: Non-Employee employment end date.
example: '2020-08-23T18:52:59.162Z'
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-records/{id}':
get:
operationId: getNonEmployeeRecord
tags:
- Non-Employee Lifecycle Management
summary: Get a Non-Employee Record
description: |-
This gets a non-employee record.
Requires role context of `idn:nesr:read`
parameters:
- in: path
name: id
description: Non-Employee record id (UUID)
required: true
example: ef38f94347e94562b5bb8424a56397d8
schema:
type: string
responses:
'200':
description: Non-Employee record object
content:
application/json:
schema:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee record id.
example: ef38f94347e94562b5bb8424a56397d8
accountName:
type: string
description: Requested identity account name.
example: Abby.Smith
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5555555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
sourceId:
type: string
description: Non-Employee's source id.
example: 2c91808568c529c60168cca6f90c1313
data:
type: object
additionalProperties:
type: string
description: Attribute blob/bag for a non-employee.
example:
description: Auditing
startDate:
type: string
format: date-time
description: Non-Employee employment start date.
example: '2019-08-23T18:52:59.162Z'
endDate:
type: string
format: date-time
description: Non-Employee employment end date.
example: '2020-08-23T18:52:59.162Z'
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: updateNonEmployeeRecord
security:
- UserContextAuth: []
tags:
- Non-Employee Lifecycle Management
summary: Update Non-Employee Record
description: |-
This request will update a non-employee record. There are two contextual uses for this endpoint:
1. The user has the role context of `idn:nesr:update`, in which case they
update all available fields.
2. The user is owner of the source, in this case they can only update the
end date.
parameters:
- in: path
name: id
description: Non-employee record id (UUID)
example: ef38f94347e94562b5bb8424a56397d8
required: true
schema:
type: string
requestBody:
description: Non-employee record creation request body. Attributes are restricted by user type. Owner of source can update end date. Organization admins can update all available fields.
required: true
content:
application/json:
schema:
type: object
properties:
accountName:
type: string
description: Requested identity account name.
example: william.smith
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5555555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
sourceId:
type: string
description: Non-Employee's source id.
example: 2c91808568c529c60168cca6f90c1313
data:
type: object
additionalProperties:
type: string
description: 'Attribute blob/bag for a non-employee, 10 attributes is the maximum size supported.'
example:
description: Auditing
startDate:
type: string
format: date-time
description: Non-Employee employment start date.
example: '2020-03-24T00:00:00-05:00'
endDate:
type: string
format: date-time
description: Non-Employee employment end date.
example: '2021-03-25T00:00:00-05:00'
required:
- accountName
- firstName
- lastName
- email
- phone
- manager
- sourceId
- startDate
- endDate
responses:
'200':
description: An updated non-employee record.
content:
application/json:
schema:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee record id.
example: ef38f94347e94562b5bb8424a56397d8
accountName:
type: string
description: Requested identity account name.
example: Abby.Smith
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5555555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
sourceId:
type: string
description: Non-Employee's source id.
example: 2c91808568c529c60168cca6f90c1313
data:
type: object
additionalProperties:
type: string
description: Attribute blob/bag for a non-employee.
example:
description: Auditing
startDate:
type: string
format: date-time
description: Non-Employee employment start date.
example: '2019-08-23T18:52:59.162Z'
endDate:
type: string
format: date-time
description: Non-Employee employment end date.
example: '2020-08-23T18:52:59.162Z'
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchNonEmployeeRecord
security:
- UserContextAuth: []
tags:
- Non-Employee Lifecycle Management
summary: Patch Non-Employee Record
description: |-
This request will patch a non-employee record. There are two contextual uses for this endpoint:
1. The user has the role context of `idn:nesr:update`, in which case they
update all available fields.
2. The user is owner of the source, in this case they can only update the
end date.
parameters:
- in: path
name: id
description: Non-employee record id (UUID)
example: ef38f94347e94562b5bb8424a56397d8
required: true
schema:
type: string
requestBody:
description: 'A list of non-employee update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Attributes are restricted by user type. Owner of source can update end date. Organization admins can update all available fields.'
required: true
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /endDate
value: '2019-08-23T18:40:35.772Z'
responses:
'200':
description: A patched non-employee record.
content:
application/json:
schema:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee record id.
example: ef38f94347e94562b5bb8424a56397d8
accountName:
type: string
description: Requested identity account name.
example: Abby.Smith
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5555555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
sourceId:
type: string
description: Non-Employee's source id.
example: 2c91808568c529c60168cca6f90c1313
data:
type: object
additionalProperties:
type: string
description: Attribute blob/bag for a non-employee.
example:
description: Auditing
startDate:
type: string
format: date-time
description: Non-Employee employment start date.
example: '2019-08-23T18:52:59.162Z'
endDate:
type: string
format: date-time
description: Non-Employee employment end date.
example: '2020-08-23T18:52:59.162Z'
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteNonEmployeeRecord
tags:
- Non-Employee Lifecycle Management
summary: Delete Non-Employee Record
description: |-
This request will delete a non-employee record.
Requires role context of `idn:nesr:delete`
parameters:
- in: path
name: id
description: Non-Employee record id (UUID)
example: ef38f94347e94562b5bb8424a56397d8
required: true
schema:
type: string
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/non-employee-records/bulk-delete:
post:
operationId: deleteNonEmployeeRecordsInBulk
tags:
- Non-Employee Lifecycle Management
summary: Delete Multiple Non-Employee Records
description: 'This request will delete multiple non-employee records based on the non-employee ids provided. Requires role context of `idn:nesr:delete`'
requestBody:
description: Non-Employee bulk delete request body.
required: true
content:
application/json:
schema:
type: object
properties:
ids:
description: List of non-employee ids.
type: array
items:
type: string
format: uuid
example:
- 2b838de9-db9b-abcf-e646-d4f274ad4238
- 2d838de9-db9b-abcf-e646-d4f274ad4238
required:
- ids
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/non-employee-requests:
post:
operationId: createNonEmployeeRequest
security:
- UserContextAuth: []
tags:
- Non-Employee Lifecycle Management
summary: Create Non-Employee Request
description: 'This request will create a non-employee request and notify the approver. Requires role context of `idn:nesr:create` or the user must own the source.'
requestBody:
description: Non-Employee creation request body
required: true
content:
application/json:
schema:
type: object
properties:
accountName:
type: string
description: Requested identity account name.
example: william.smith
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5555555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
sourceId:
type: string
description: Non-Employee's source id.
example: 2c91808568c529c60168cca6f90c1313
data:
type: object
additionalProperties:
type: string
description: 'Attribute blob/bag for a non-employee, 10 attributes is the maximum size supported.'
example:
description: Auditing
startDate:
type: string
format: date-time
description: Non-Employee employment start date.
example: '2020-03-24T00:00:00-05:00'
endDate:
type: string
format: date-time
description: Non-Employee employment end date.
example: '2021-03-25T00:00:00-05:00'
required:
- accountName
- firstName
- lastName
- email
- phone
- manager
- sourceId
- startDate
- endDate
responses:
'200':
description: Non-Employee request creation object
content:
application/json:
schema:
allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee source id.
example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
sourceId:
type: string
description: Source Id associated with this non-employee source.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Source name associated with this non-employee source.
example: Retail
description:
type: string
description: Source description associated with this non-employee source.
example: Source description
- type: object
properties:
accountName:
type: string
description: Requested identity account name.
example: william.smith
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5555555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
nonEmployeeSource:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee source id.
example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
sourceId:
type: string
description: Source Id associated with this non-employee source.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Source name associated with this non-employee source.
example: Retail
description:
type: string
description: Source description associated with this non-employee source.
example: Source description
data:
type: object
additionalProperties:
type: string
description: Attribute blob/bag for a non-employee.
example:
description: Auditing
approvalItems:
description: List of approval item for the request
type: array
items:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee approval item id
example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c
approver:
description: Reference to the associated Identity
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
accountName:
type: string
description: Requested identity account name
example: test.account
approvalStatus:
type: string
enum:
- APPROVED
- REJECTED
- PENDING
- NOT_READY
- CANCELLED
description: Enum representing the non-employee request approval status
example: APPROVED
approvalOrder:
type: number
description: Approval order
example: 1
format: float
comment:
type: string
description: comment of approver
example: I approve
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
approvalStatus:
type: string
enum:
- APPROVED
- REJECTED
- PENDING
- NOT_READY
- CANCELLED
description: Enum representing the non-employee request approval status
example: APPROVED
comment:
type: string
description: comment of requester
example: approved
completionDate:
type: string
format: date-time
description: When the request was completely approved.
example: '2020-03-24T11:11:41.139-05:00'
startDate:
type: string
format: date-time
description: Non-Employee employment start date.
example: '2020-03-24T00:00:00-05:00'
endDate:
type: string
format: date-time
description: Non-Employee employment end date.
example: '2021-03-25T00:00:00-05:00'
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2020-03-24T11:11:41.139-05:00'
created:
type: string
format: date-time
description: When the request was created.
example: '2020-03-24T11:11:41.139-05:00'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
400.1 Bad Request Content:
description: Response for bad request content
value:
detailCode: 400.1 Bad Request Content
trackingId: e7eab60924f64aa284175b9fa3309599
messages:
- locale: en
localeOrigin: REQUEST
text: firstName is required; accountName is required;
400.1.409 Reference conflict:
description: Response for reference conflict
value:
detailCode: 400.1.409 Reference conflict
trackingId: e7eab60924f64aa284175b9fa3309599
messages:
- locale: en
localeOrigin: REQUEST
text: Unable to create Non-Employee because the accountName "existed" is already being used.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
operationId: listNonEmployeeRequests
security:
- UserContextAuth: []
tags:
- Non-Employee Lifecycle Management
summary: List Non-Employee Requests
description: |-
This gets a list of non-employee requests. There are two contextual uses for the `requested-for` path parameter:
1. The user has the role context of `idn:nesr:read`, in which case he or
she may request a list non-employee requests assigned to a particular account manager by passing in that manager's id.
2. The current user is an account manager, in which case "me" should be
provided as the `requested-for` value. This will provide the user with a list of the non-employee requests in the source(s) he or she manages.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: requested-for
required: true
schema:
type: string
example: e136567de87e4d029e60b3c3c55db56d
description: The identity for whom the request was made. *me* indicates the current user.
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
example: 'created,approvalStatus'
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **created, approvalStatus, firstName, lastName, email, phone, accountName, startDate, endDate**
- in: query
name: filters
required: false
schema:
type: string
example: sourceId eq "2c91808568c529c60168cca6f90c1313"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**sourceId**: *eq*
responses:
'200':
description: List of non-employee request objects.
content:
application/json:
schema:
type: array
items:
allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee source id.
example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
sourceId:
type: string
description: Source Id associated with this non-employee source.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Source name associated with this non-employee source.
example: Retail
description:
type: string
description: Source description associated with this non-employee source.
example: Source description
- type: object
properties:
accountName:
type: string
description: Requested identity account name.
example: william.smith
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5555555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
nonEmployeeSource:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee source id.
example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
sourceId:
type: string
description: Source Id associated with this non-employee source.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Source name associated with this non-employee source.
example: Retail
description:
type: string
description: Source description associated with this non-employee source.
example: Source description
data:
type: object
additionalProperties:
type: string
description: Attribute blob/bag for a non-employee.
example:
description: Auditing
approvalItems:
description: List of approval item for the request
type: array
items:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee approval item id
example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c
approver:
description: Reference to the associated Identity
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
accountName:
type: string
description: Requested identity account name
example: test.account
approvalStatus:
type: string
enum:
- APPROVED
- REJECTED
- PENDING
- NOT_READY
- CANCELLED
description: Enum representing the non-employee request approval status
example: APPROVED
approvalOrder:
type: number
description: Approval order
example: 1
format: float
comment:
type: string
description: comment of approver
example: I approve
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
approvalStatus:
type: string
enum:
- APPROVED
- REJECTED
- PENDING
- NOT_READY
- CANCELLED
description: Enum representing the non-employee request approval status
example: APPROVED
comment:
type: string
description: comment of requester
example: approved
completionDate:
type: string
format: date-time
description: When the request was completely approved.
example: '2020-03-24T11:11:41.139-05:00'
startDate:
type: string
format: date-time
description: Non-Employee employment start date.
example: '2020-03-24T00:00:00-05:00'
endDate:
type: string
format: date-time
description: Non-Employee employment end date.
example: '2021-03-25T00:00:00-05:00'
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2020-03-24T11:11:41.139-05:00'
created:
type: string
format: date-time
description: When the request was created.
example: '2020-03-24T11:11:41.139-05:00'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-requests/{id}':
get:
operationId: getNonEmployeeRequest
security:
- UserContextAuth: []
tags:
- Non-Employee Lifecycle Management
summary: Get a Non-Employee Request
description: |-
This gets a non-employee request.
There are two contextual uses for this endpoint:
1. The user has the role context of `idn:nesr:read`, in this case the user
can get the non-employee request for any user.
2. The user must be the owner of the non-employee request.
parameters:
- in: path
name: id
description: Non-Employee request id (UUID)
example: ac110005-7156-1150-8171-5b292e3e0084
required: true
schema:
type: string
responses:
'200':
description: Non-Employee request object.
content:
application/json:
schema:
allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee source id.
example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
sourceId:
type: string
description: Source Id associated with this non-employee source.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Source name associated with this non-employee source.
example: Retail
description:
type: string
description: Source description associated with this non-employee source.
example: Source description
- type: object
properties:
accountName:
type: string
description: Requested identity account name.
example: william.smith
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5555555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
nonEmployeeSource:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee source id.
example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
sourceId:
type: string
description: Source Id associated with this non-employee source.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Source name associated with this non-employee source.
example: Retail
description:
type: string
description: Source description associated with this non-employee source.
example: Source description
data:
type: object
additionalProperties:
type: string
description: Attribute blob/bag for a non-employee.
example:
description: Auditing
approvalItems:
description: List of approval item for the request
type: array
items:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee approval item id
example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c
approver:
description: Reference to the associated Identity
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
accountName:
type: string
description: Requested identity account name
example: test.account
approvalStatus:
type: string
enum:
- APPROVED
- REJECTED
- PENDING
- NOT_READY
- CANCELLED
description: Enum representing the non-employee request approval status
example: APPROVED
approvalOrder:
type: number
description: Approval order
example: 1
format: float
comment:
type: string
description: comment of approver
example: I approve
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
approvalStatus:
type: string
enum:
- APPROVED
- REJECTED
- PENDING
- NOT_READY
- CANCELLED
description: Enum representing the non-employee request approval status
example: APPROVED
comment:
type: string
description: comment of requester
example: approved
completionDate:
type: string
format: date-time
description: When the request was completely approved.
example: '2020-03-24T11:11:41.139-05:00'
startDate:
type: string
format: date-time
description: Non-Employee employment start date.
example: '2020-03-24T00:00:00-05:00'
endDate:
type: string
format: date-time
description: Non-Employee employment end date.
example: '2021-03-25T00:00:00-05:00'
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2020-03-24T11:11:41.139-05:00'
created:
type: string
format: date-time
description: When the request was created.
example: '2020-03-24T11:11:41.139-05:00'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteNonEmployeeRequest
tags:
- Non-Employee Lifecycle Management
summary: Delete Non-Employee Request
description: |-
This request will delete a non-employee request.
Requires role context of `idn:nesr:delete`
parameters:
- in: path
name: id
description: Non-Employee request id in the UUID format
required: true
schema:
type: string
format: uuid
example: ac110005-7156-1150-8171-5b292e3e0084
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-requests/summary/{requested-for}':
get:
operationId: getNonEmployeeRequestSummary
security:
- UserContextAuth: []
tags:
- Non-Employee Lifecycle Management
summary: Get Summary of Non-Employee Requests
description: |-
This request will retrieve a summary of non-employee requests. There are two contextual uses for the `requested-for` path parameter:
1. The user has the role context of `idn:nesr:read`, in which case he or
she may request a summary of all non-employee approval requests assigned to a particular account manager by passing in that manager's id.
2. The current user is an account manager, in which case "me" should be
provided as the `requested-for` value. This will provide the user with a summary of the non-employee requests in the source(s) he or she manages.
parameters:
- in: path
name: requested-for
description: The identity (UUID) of the non-employee account manager for whom the summary is being retrieved. Use "me" instead to indicate the current user.
required: true
schema:
type: string
format: uuid (if user is Org Admin)
example: 2c91808280430dfb0180431a59440460
responses:
'200':
description: Non-Employee request summary object.
content:
application/json:
schema:
type: object
properties:
approved:
type: integer
description: The number of approved non-employee requests on all sources that *requested-for* user manages.
example: 2
format: int32
rejected:
type: integer
description: The number of rejected non-employee requests on all sources that *requested-for* user manages.
example: 2
format: int32
pending:
type: integer
description: The number of pending non-employee requests on all sources that *requested-for* user manages.
example: 2
format: int32
nonEmployeeCount:
type: integer
description: The number of non-employee records on all sources that *requested-for* user manages.
example: 2
format: int32
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/non-employee-sources:
post:
operationId: createNonEmployeeSource
tags:
- Non-Employee Lifecycle Management
summary: Create Non-Employee Source
description: 'This request will create a non-employee source. Requires role context of `idn:nesr:create`'
requestBody:
description: Non-Employee source creation request body.
required: true
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: Name of non-employee source.
example: Retail
description:
type: string
description: Description of non-employee source.
example: Source description
owner:
description: Owner of non-employee source.
type: object
properties:
id:
type: string
format: UUID
description: Identity id.
example: 2c91808570313110017040b06f344ec9
required:
- id
managementWorkgroup:
type: string
description: The ID for the management workgroup that contains source sub-admins
example: '123299'
approvers:
description: List of approvers.
type: array
items:
type: object
properties:
id:
type: string
format: UUID
description: Identity id.
example: 2c91808570313110017040b06f344ec9
required:
- id
maxItems: 3
accountManagers:
description: List of account managers.
type: array
items:
type: object
properties:
id:
type: string
format: UUID
description: Identity id.
example: 2c91808570313110017040b06f344ec9
required:
- id
maxItems: 10
required:
- owner
- name
- description
responses:
'200':
description: Created non-employee source.
content:
application/json:
schema:
allOf:
- allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee source id.
example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
sourceId:
type: string
description: Source Id associated with this non-employee source.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Source name associated with this non-employee source.
example: Retail
description:
type: string
description: Source description associated with this non-employee source.
example: Source description
- type: object
properties:
approvers:
description: List of approvers
type: array
items:
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
accountManagers:
description: List of account managers
type: array
items:
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
- type: object
properties:
cloudExternalId:
type: string
description: Legacy ID used for sources from the V1 API. This attribute will be removed from a future version of the API and will not be considered a breaking change. No clients should rely on this ID always being present.
example: '99999'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
operationId: listNonEmployeeSources
security:
- UserContextAuth: []
tags:
- Non-Employee Lifecycle Management
summary: List Non-Employee Sources
description: |-
This gets a list of non-employee sources. There are two contextual uses for the requested-for path parameter:
1. The user has the role context of `idn:nesr:read`, in which case he or
she may request a list sources assigned to a particular account manager by passing in that manager's id.
2. The current user is an account manager, in which case "me" should be
provided as the `requested-for` value. This will provide the user with a list of the sources that he or she owns.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: requested-for
required: true
schema:
type: string
example: me
description: The identity for whom the request was made. *me* indicates the current user.
- in: query
name: non-employee-count
required: false
example: true
schema:
type: boolean
description: The flag to determine whether return a non-employee count associate with source.
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
example: 'name,created'
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, created, sourceId**
responses:
'200':
description: List of non-employee sources objects.
content:
application/json:
schema:
type: array
items:
allOf:
- allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee source id.
example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
sourceId:
type: string
description: Source Id associated with this non-employee source.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Source name associated with this non-employee source.
example: Retail
description:
type: string
description: Source description associated with this non-employee source.
example: Source description
- type: object
properties:
approvers:
description: List of approvers
type: array
items:
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
accountManagers:
description: List of account managers
type: array
items:
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
- type: object
properties:
nonEmployeeCount:
type: integer
description: Number of non-employee records associated with this source.
format: int32
example: 120
nullable: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-sources/{sourceId}':
get:
operationId: getNonEmployeeSource
security:
- UserContextAuth: []
tags:
- Non-Employee Lifecycle Management
summary: Get a Non-Employee Source
description: |-
This gets a non-employee source. There are two contextual uses for the requested-for path parameter:
1. The user has the role context of `idn:nesr:read`, in which case he or
she may request any source.
2. The current user is an account manager, in which case the user can only
request sources that they own.
parameters:
- in: path
name: sourceId
description: Source Id
example: 2c91808b7c28b350017c2a2ec5790aa1
required: true
schema:
type: string
responses:
'200':
description: Non-Employee source object.
content:
application/json:
schema:
allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee source id.
example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
sourceId:
type: string
description: Source Id associated with this non-employee source.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Source name associated with this non-employee source.
example: Retail
description:
type: string
description: Source description associated with this non-employee source.
example: Source description
- type: object
properties:
approvers:
description: List of approvers
type: array
items:
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
accountManagers:
description: List of account managers
type: array
items:
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchNonEmployeeSource
tags:
- Non-Employee Lifecycle Management
summary: Patch a Non-Employee Source
description: 'patch a non-employee source. (partial update) Patchable field: **name, description, approvers, accountManagers** Requires role context of `idn:nesr:update`.'
parameters:
- in: path
name: sourceId
description: Source Id
required: true
schema:
type: string
example: e136567de87e4d029e60b3c3c55db56d
requestBody:
description: 'A list of non-employee source update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.'
required: true
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /name
value:
new name: null
- op: replace
path: /approvers
value:
- 2c91809f703bb37a017040a2fe8748c7
- 48b1f463c9e8427db5a5071bd81914b8
responses:
'200':
description: A patched non-employee source object.
content:
application/json:
schema:
allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee source id.
example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
sourceId:
type: string
description: Source Id associated with this non-employee source.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Source name associated with this non-employee source.
example: Retail
description:
type: string
description: Source description associated with this non-employee source.
example: Source description
- type: object
properties:
approvers:
description: List of approvers
type: array
items:
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
accountManagers:
description: List of account managers
type: array
items:
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteNonEmployeeSource
tags:
- Non-Employee Lifecycle Management
summary: Delete Non-Employee Source
description: 'This request will delete a non-employee source. Requires role context of `idn:nesr:delete`.'
parameters:
- in: path
name: sourceId
description: Source Id
required: true
schema:
type: string
example: e136567de87e4d029e60b3c3c55db56d
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-sources/{id}/non-employees/download':
get:
operationId: exportNonEmployeeRecords
tags:
- Non-Employee Lifecycle Management
summary: Exports Non-Employee Records to CSV
description: 'This requests a CSV download for all non-employees from a provided source. Requires role context of `idn:nesr:read`'
parameters:
- in: path
name: id
description: Source Id (UUID)
required: true
schema:
type: string
example: e136567de87e4d029e60b3c3c55db56d
responses:
'200':
description: Exported CSV
content:
text/csv:
example: |
accountName,firstName,lastName,phone,email,manager,startDate,endDate
Jon.Smith, Jon, Smith, 555-555-5555, jon@jon.doe.nope.com, Jim Smith, 2020-04-05T08:00:00-10:00,2020-08-07T19:00:00-10:00
William.Chaffin, William, Chaffin, 555-555-5555, william@chaffins.nope.com, Bertram Chaffin, 2020-04-05T08:00:00-10:00,2020-08-07T19:00:00-10:00
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-sources/{id}/non-employee-bulk-upload':
post:
operationId: importNonEmployeeRecordsInBulk
security:
- UserContextAuth:
- 'idn:nelm:manage'
tags:
- Non-Employee Lifecycle Management
summary: 'Imports, or Updates, Non-Employee Records'
description: 'This post will import, or update, Non-Employee records found in the CSV. Requires role context of `idn:nesr:create`'
parameters:
- in: path
name: id
description: Source Id (UUID)
required: true
schema:
type: string
example: e136567de87e4d029e60b3c3c55db56d
requestBody:
content:
multipart/form-data:
schema:
type: object
properties:
data:
type: string
format: binary
required:
- data
responses:
'202':
description: The CSV was accepted to be bulk inserted now or at a later time.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The bulk upload job's ID. (UUID)
example: 2c91808568c529c60168cca6f90cffff
sourceId:
type: string
description: The ID of the source to bulk-upload non-employees to. (UUID)
example: 2c91808568c529c60168cca6f90c1313
created:
type: string
format: date-time
description: The date-time the job was submitted.
example: '2019-08-23T18:52:59.162Z'
modified:
type: string
format: date-time
description: The date-time that the job was last updated.
example: '2019-08-23T18:52:59.162Z'
status:
type: string
enum:
- PENDING
- IN_PROGRESS
- COMPLETED
- ERROR
description: |
Returns the following values indicating the progress or result of the bulk upload job.
"PENDING" means the job is queued and waiting to be processed.
"IN_PROGRESS" means the job is currently being processed.
"COMPLETED" means the job has been completed without any errors.
"ERROR" means the job failed to process with errors.
example: PENDING
'400':
description: |
Client Error - Returned if the request body is invalid.
The response body will contain the list of specific errors with one on each line.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-sources/{id}/non-employee-bulk-upload/status':
get:
operationId: getNonEmployeeBulkUploadStatus
tags:
- Non-Employee Lifecycle Management
summary: Obtain the status of bulk upload on the source
description: |
The nonEmployeeBulkUploadStatus API returns the status of the newest bulk upload job for the specified source.
Requires role context of `idn:nesr:read`
parameters:
- in: path
name: id
description: Source ID (UUID)
required: true
schema:
type: string
example: e136567de87e4d029e60b3c3c55db56d
responses:
'200':
description: 'Status of the newest bulk-upload job, if any.'
content:
application/json:
schema:
type: object
properties:
status:
type: string
enum:
- PENDING
- IN_PROGRESS
- COMPLETED
- ERROR
description: |
Returns the following values indicating the progress or result of the bulk upload job.
"PENDING" means the job is queued and waiting to be processed.
"IN_PROGRESS" means the job is currently being processed.
"COMPLETED" means the job has been completed without any errors.
"ERROR" means the job failed to process with errors.
null means job has been submitted to the source.
example: PENDING
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-sources/{id}/schema-attributes-template/download':
get:
operationId: exportNonEmployeeSourceSchemaTemplate
tags:
- Non-Employee Lifecycle Management
summary: Exports Source Schema Template
description: 'This requests a download for the Source Schema Template for a provided source. Requires role context of `idn:nesr:read`'
parameters:
- in: path
name: id
description: Source Id (UUID)
required: true
example: ef38f94347e94562b5bb8424a56397d8
schema:
type: string
responses:
'200':
description: Exported Source Schema Template
content:
text/csv:
example: |
accountName,firstName,lastName,phone,email,manager,startDate,endDate
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/non-employee-approvals:
get:
operationId: listNonEmployeeApprovals
security:
- UserContextAuth: []
tags:
- Non-Employee Lifecycle Management
summary: Get List of Non-Employee Approval Requests
description: |-
This gets a list of non-employee approval requests.
There are two contextual uses for this endpoint:
1. The user has the role context of `idn:nesr:read`, in which case they
can list the approvals for any approver.
2. The user owns the requested approval.
parameters:
- in: query
name: requested-for
schema:
type: string
description: The identity for whom the request was made. *me* indicates the current user.
required: false
example: 2c91808280430dfb0180431a59440460
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**approvalStatus**: *eq*
example: approvalStatus eq "Pending"
required: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **created, modified**
required: false
example: created
responses:
'200':
description: List of approval items.
content:
application/json:
schema:
type: array
items:
allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee approval item id
example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c
approver:
description: Reference to the associated Identity
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
accountName:
type: string
description: Requested identity account name
example: test.account
approvalStatus:
type: string
enum:
- APPROVED
- REJECTED
- PENDING
- NOT_READY
- CANCELLED
description: Enum representing the non-employee request approval status
example: APPROVED
approvalOrder:
type: number
description: Approval order
example: 1
format: float
comment:
type: string
description: comment of approver
example: I approve
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
- type: object
properties:
nonEmployeeRequest:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee request id.
example: ac110005-7156-1150-8171-5b292e3e0084
requester:
example:
type: IDENTITY
id: 2c9180866166b5b0016167c32ef31a66
name: William Smith
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-approvals/{id}':
get:
operationId: getNonEmployeeApproval
security:
- UserContextAuth: []
tags:
- Non-Employee Lifecycle Management
summary: Get a non-employee approval item detail
description: |-
Gets a non-employee approval item detail. There are two contextual uses for this endpoint:
1. The user has the role context of `idn:nesr:read`, in which case they
can get any approval.
2. The user owns the requested approval.
parameters:
- in: path
name: id
description: Non-Employee approval item id (UUID)
required: true
schema:
type: string
example: e136567de87e4d029e60b3c3c55db56d
- in: query
name: include-detail
description: The object nonEmployeeRequest will not be included detail when set to false. *Default value is true*
required: false
schema:
type: boolean
example: true
responses:
'200':
description: Non-Employee approval item object.
content:
application/json:
schema:
allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee approval item id
example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c
approver:
description: Reference to the associated Identity
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
accountName:
type: string
description: Requested identity account name
example: test.account
approvalStatus:
type: string
enum:
- APPROVED
- REJECTED
- PENDING
- NOT_READY
- CANCELLED
description: Enum representing the non-employee request approval status
example: APPROVED
approvalOrder:
type: number
description: Approval order
example: 1
format: float
comment:
type: string
description: comment of approver
example: I approve
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
- type: object
properties:
nonEmployeeRequest:
description: Non-Employee request associated to this approval
allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee request id.
example: ac110005-7156-1150-8171-5b292e3e0084
requester:
example:
type: IDENTITY
id: 2c9180866166b5b0016167c32ef31a66
name: William Smith
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
- type: object
properties:
accountName:
type: string
description: Requested identity account name.
example: william.smith
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5555555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
nonEmployeeSource:
allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee source id.
example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
sourceId:
type: string
description: Source Id associated with this non-employee source.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Source name associated with this non-employee source.
example: Retail
description:
type: string
description: Source description associated with this non-employee source.
example: Source description
- type: object
properties:
schemaAttributes:
description: List of schema attributes associated with this non-employee source.
type: array
items:
type: object
properties:
id:
type: string
format: UUID
example: ac110005-7156-1150-8171-5b292e3e0084
description: Schema Attribute Id
system:
type: boolean
description: True if this schema attribute is mandatory on all non-employees sources.
example: true
modified:
type: string
format: date-time
description: When the schema attribute was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the schema attribute was created.
example: '2019-08-23T18:40:35.772Z'
type:
type: string
enum:
- TEXT
- DATE
- IDENTITY
description: Enum representing the type of data a schema attribute accepts.
example: TEXT
label:
type: string
description: Label displayed on the UI for this schema attribute.
example: Account Name
technicalName:
type: string
description: The technical name of the attribute. Must be unique per source.
example: account.name
helpText:
type: string
description: help text displayed by UI.
example: The unique identifier for the account
placeholder:
type: string
description: Hint text that fills UI box.
example: Enter a unique user name for this account.
required:
type: boolean
description: 'If true, the schema attribute is required for all non-employees in the source'
example: true
required:
- type
- technicalName
- label
data:
type: object
additionalProperties:
type: string
description: Attribute blob/bag for a non-employee.
example:
description: Auditing
approvalStatus:
type: string
enum:
- APPROVED
- REJECTED
- PENDING
- NOT_READY
- CANCELLED
description: Enum representing the non-employee request approval status
example: APPROVED
comment:
type: string
description: comment of requester
example: approved
completionDate:
type: string
format: date-time
description: When the request was completely approved.
example: '2020-03-24T11:11:41.139-05:00'
startDate:
type: string
format: date
description: Non-Employee employment start date.
example: '2020-03-24'
endDate:
type: string
format: date
description: Non-Employee employment end date.
example: '2021-03-25'
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2020-03-24T11:11:41.139-05:00'
created:
type: string
format: date-time
description: When the request was created.
example: '2020-03-24T11:11:41.139-05:00'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-approvals/{id}/approve':
post:
operationId: approveNonEmployeeRequest
security:
- UserContextAuth: []
tags:
- Non-Employee Lifecycle Management
summary: Approve a Non-Employee Request
description: Approves a non-employee approval request and notifies the next approver. The current user must be the requested approver.
parameters:
- in: path
name: id
description: Non-Employee approval item id (UUID)
required: true
schema:
type: string
example: e136567de87e4d029e60b3c3c55db56d
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
comment:
type: string
description: Comment on the approval item.
maxLength: 4000
example: Approved by manager
responses:
'200':
description: Non-Employee approval item object.
content:
application/json:
schema:
allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee approval item id
example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c
approver:
description: Reference to the associated Identity
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
accountName:
type: string
description: Requested identity account name
example: test.account
approvalStatus:
type: string
enum:
- APPROVED
- REJECTED
- PENDING
- NOT_READY
- CANCELLED
description: Enum representing the non-employee request approval status
example: APPROVED
approvalOrder:
type: number
description: Approval order
example: 1
format: float
comment:
type: string
description: comment of approver
example: I approve
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
- type: object
properties:
nonEmployeeRequest:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee request id.
example: ac110005-7156-1150-8171-5b292e3e0084
requester:
example:
type: IDENTITY
id: 2c9180866166b5b0016167c32ef31a66
name: William Smith
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-approvals/{id}/reject':
post:
operationId: rejectNonEmployeeRequest
security:
- UserContextAuth: []
tags:
- Non-Employee Lifecycle Management
summary: Reject a Non-Employee Request
description: This endpoint will reject an approval item request and notify user. The current user must be the requested approver.
parameters:
- in: path
name: id
description: Non-Employee approval item id (UUID)
required: true
schema:
type: string
example: e136567de87e4d029e60b3c3c55db56d
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
comment:
type: string
description: Comment on the approval item.
maxLength: 4000
example: approved
required:
- comment
responses:
'200':
description: Non-Employee approval item object.
content:
application/json:
schema:
allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee approval item id
example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c
approver:
description: Reference to the associated Identity
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
accountName:
type: string
description: Requested identity account name
example: test.account
approvalStatus:
type: string
enum:
- APPROVED
- REJECTED
- PENDING
- NOT_READY
- CANCELLED
description: Enum representing the non-employee request approval status
example: APPROVED
approvalOrder:
type: number
description: Approval order
example: 1
format: float
comment:
type: string
description: comment of approver
example: I approve
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
- type: object
properties:
nonEmployeeRequest:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee request id.
example: ac110005-7156-1150-8171-5b292e3e0084
requester:
example:
type: IDENTITY
id: 2c9180866166b5b0016167c32ef31a66
name: William Smith
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-approvals/summary/{requested-for}':
get:
operationId: getNonEmployeeApprovalSummary
security:
- UserContextAuth: []
tags:
- Non-Employee Lifecycle Management
summary: Get Summary of Non-Employee Approval Requests
description: |-
This request will retrieve a summary of non-employee approval requests. There are two contextual uses for the `requested-for` path parameter:
1. The user has the role context of `idn:nesr:read`, in which case he or
she may request a summary of all non-employee approval requests assigned to a particular approver by passing in that approver's id.
2. The current user is an approver, in which case "me" should be provided
as the `requested-for` value. This will provide the approver with a summary of the approval items assigned to him or her.
parameters:
- in: path
name: requested-for
schema:
type: string
description: The identity (UUID) of the approver for whom for whom the summary is being retrieved. Use "me" instead to indicate the current user.
required: true
example: 2c91808280430dfb0180431a59440460
responses:
'200':
description: summary of non-employee approval requests
content:
application/json:
schema:
type: object
properties:
approved:
type: integer
description: The number of approved non-employee approval requests.
format: int32
example: 2
pending:
type: integer
description: The number of pending non-employee approval requests.
format: int32
example: 2
rejected:
type: integer
description: The number of rejected non-employee approval requests.
format: int32
example: 2
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-sources/{sourceId}/schema-attributes':
get:
operationId: getNonEmployeeSourceSchemaAttributes
security:
- UserContextAuth: []
tags:
- Non-Employee Lifecycle Management
summary: List Schema Attributes Non-Employee Source
description: |-
This API gets the list of schema attributes for the specified Non-Employee SourceId. There are 8 mandatory attributes added to each new Non-Employee Source automatically. Additionaly, user can add up to 10 custom attributes. This interface returns all the mandatory attributes followed by any custom attributes. At most, a total of 18 attributes will be returned.
Requires role context of `idn:nesr:read` or the user must be an account manager of the source.
parameters:
- in: path
name: sourceId
schema:
type: string
required: true
example: ef38f94347e94562b5bb8424a56397d8
description: The Source id
responses:
'200':
description: A list of Schema Attributes
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
format: UUID
example: ac110005-7156-1150-8171-5b292e3e0084
description: Schema Attribute Id
system:
type: boolean
description: True if this schema attribute is mandatory on all non-employees sources.
example: true
modified:
type: string
format: date-time
description: When the schema attribute was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the schema attribute was created.
example: '2019-08-23T18:40:35.772Z'
type:
type: string
enum:
- TEXT
- DATE
- IDENTITY
description: Enum representing the type of data a schema attribute accepts.
example: TEXT
label:
type: string
description: Label displayed on the UI for this schema attribute.
example: Account Name
technicalName:
type: string
description: The technical name of the attribute. Must be unique per source.
example: account.name
helpText:
type: string
description: help text displayed by UI.
example: The unique identifier for the account
placeholder:
type: string
description: Hint text that fills UI box.
example: Enter a unique user name for this account.
required:
type: boolean
description: 'If true, the schema attribute is required for all non-employees in the source'
example: true
required:
- type
- technicalName
- label
maxItems: 18
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createNonEmployeeSourceSchemaAttributes
tags:
- Non-Employee Lifecycle Management
summary: Create a new Schema Attribute for Non-Employee Source
description: |-
This API creates a new schema attribute for Non-Employee Source. The schema technical name must be unique in the source. Attempts to create a schema attribute with an existing name will result in a "400.1.409 Reference conflict" response. At most, 10 custom attributes can be created per schema. Attempts to create more than 10 will result in a "400.1.4 Limit violation" response.
Requires role context of `idn:nesr:create`
parameters:
- in: path
name: sourceId
schema:
type: string
required: true
description: The Source id
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
type:
type: string
description: Type of the attribute. Only type 'TEXT' is supported for custom attributes.
example: TEXT
label:
type: string
description: Label displayed on the UI for this schema attribute.
example: Account Name
technicalName:
type: string
description: The technical name of the attribute. Must be unique per source.
example: account.name
helpText:
type: string
description: help text displayed by UI.
example: The unique identifier for the account
placeholder:
type: string
description: Hint text that fills UI box.
example: Enter a unique user name for this account.
required:
type: boolean
description: 'If true, the schema attribute is required for all non-employees in the source'
example: true
required:
- type
- technicalName
- label
responses:
'200':
description: Schema Attribute created.
content:
application/json:
schema:
type: object
properties:
id:
type: string
format: UUID
example: ac110005-7156-1150-8171-5b292e3e0084
description: Schema Attribute Id
system:
type: boolean
description: True if this schema attribute is mandatory on all non-employees sources.
example: true
modified:
type: string
format: date-time
description: When the schema attribute was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the schema attribute was created.
example: '2019-08-23T18:40:35.772Z'
type:
type: string
enum:
- TEXT
- DATE
- IDENTITY
description: Enum representing the type of data a schema attribute accepts.
example: TEXT
label:
type: string
description: Label displayed on the UI for this schema attribute.
example: Account Name
technicalName:
type: string
description: The technical name of the attribute. Must be unique per source.
example: account.name
helpText:
type: string
description: help text displayed by UI.
example: The unique identifier for the account
placeholder:
type: string
description: Hint text that fills UI box.
example: Enter a unique user name for this account.
required:
type: boolean
description: 'If true, the schema attribute is required for all non-employees in the source'
example: true
required:
- type
- technicalName
- label
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteNonEmployeeSourceSchemaAttributes
tags:
- Non-Employee Lifecycle Management
summary: Delete all custom schema attributes for Non-Employee Source
description: 'This end-point deletes all custom schema attributes for a non-employee source. Requires role context of `idn:nesr:delete`'
parameters:
- in: path
name: sourceId
schema:
type: string
required: true
description: The Source id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'204':
description: All custon Schema Attributes were successfully deleted.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-sources/{sourceId}/schema-attributes/{attributeId}':
get:
operationId: getNonEmployeeSchemaAttribute
security:
- UserContextAuth: []
tags:
- Non-Employee Lifecycle Management
summary: Get Schema Attribute Non-Employee Source
description: 'This API gets a schema attribute by Id for the specified Non-Employee SourceId. Requires role context of `idn:nesr:read` or the user must be an account manager of the source.'
parameters:
- in: path
name: attributeId
schema:
type: string
required: true
example: ef38f94347e94562b5bb8424a56397d8
description: The Schema Attribute Id (UUID)
- in: path
name: sourceId
schema:
type: string
required: true
example: ef38f94347e94562b5bb8424a56397d8
description: The Source id
responses:
'200':
description: The Schema Attribute
content:
application/json:
schema:
type: object
properties:
id:
type: string
format: UUID
example: ac110005-7156-1150-8171-5b292e3e0084
description: Schema Attribute Id
system:
type: boolean
description: True if this schema attribute is mandatory on all non-employees sources.
example: true
modified:
type: string
format: date-time
description: When the schema attribute was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the schema attribute was created.
example: '2019-08-23T18:40:35.772Z'
type:
type: string
enum:
- TEXT
- DATE
- IDENTITY
description: Enum representing the type of data a schema attribute accepts.
example: TEXT
label:
type: string
description: Label displayed on the UI for this schema attribute.
example: Account Name
technicalName:
type: string
description: The technical name of the attribute. Must be unique per source.
example: account.name
helpText:
type: string
description: help text displayed by UI.
example: The unique identifier for the account
placeholder:
type: string
description: Hint text that fills UI box.
example: Enter a unique user name for this account.
required:
type: boolean
description: 'If true, the schema attribute is required for all non-employees in the source'
example: true
required:
- type
- technicalName
- label
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchNonEmployeeSchemaAttribute
tags:
- Non-Employee Lifecycle Management
summary: Patch a Schema Attribute for Non-Employee Source
description: |
This end-point patches a specific schema attribute for a non-employee SourceId.
Requires role context of `idn:nesr:update`
parameters:
- in: path
name: attributeId
schema:
type: string
required: true
description: The Schema Attribute Id (UUID)
example: ef38f94347e94562b5bb8424a56397d8
- in: path
name: sourceId
schema:
type: string
required: true
description: The Source id
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
description: 'A list of schema attribute update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The following properties are allowed for update '':'' ''label'', ''helpText'', ''placeholder'', ''required''.'
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /label
value:
new attribute label: null
required: true
responses:
'200':
description: The Schema Attribute was successfully patched.
content:
application/json:
schema:
type: object
properties:
id:
type: string
format: UUID
example: ac110005-7156-1150-8171-5b292e3e0084
description: Schema Attribute Id
system:
type: boolean
description: True if this schema attribute is mandatory on all non-employees sources.
example: true
modified:
type: string
format: date-time
description: When the schema attribute was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the schema attribute was created.
example: '2019-08-23T18:40:35.772Z'
type:
type: string
enum:
- TEXT
- DATE
- IDENTITY
description: Enum representing the type of data a schema attribute accepts.
example: TEXT
label:
type: string
description: Label displayed on the UI for this schema attribute.
example: Account Name
technicalName:
type: string
description: The technical name of the attribute. Must be unique per source.
example: account.name
helpText:
type: string
description: help text displayed by UI.
example: The unique identifier for the account
placeholder:
type: string
description: Hint text that fills UI box.
example: Enter a unique user name for this account.
required:
type: boolean
description: 'If true, the schema attribute is required for all non-employees in the source'
example: true
required:
- type
- technicalName
- label
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteNonEmployeeSchemaAttribute
tags:
- Non-Employee Lifecycle Management
summary: Delete a Schema Attribute for Non-Employee Source
description: |
This end-point deletes a specific schema attribute for a non-employee source.
Requires role context of `idn:nesr:delete`
parameters:
- in: path
name: attributeId
schema:
type: string
required: true
description: The Schema Attribute Id (UUID)
example: ef38f94347e94562b5bb8424a56397d8
- in: path
name: sourceId
schema:
type: string
required: true
description: The Source id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'204':
description: The Schema Attribute was successfully deleted.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/oauth-clients:
get:
operationId: listOauthClients
security:
- UserContextAuth:
- 'sp:oauth-client:manage'
tags:
- OAuth Clients
summary: List OAuth Clients
description: This gets a list of OAuth clients.
parameters:
- in: query
name: filters
required: false
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**lastUsed**: *le, isnull*
example: 'lastUsed le 2023-02-05T10:59:27.214Z'
responses:
'200':
description: List of OAuth clients.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the OAuth client
example: 2c9180835d2e5168015d32f890ca1581
businessName:
type: string
nullable: true
description: The name of the business the API Client should belong to
example: Acme-Solar
homepageUrl:
type: string
nullable: true
description: The homepage URL associated with the owner of the API Client
example: 'http://localhost:12345'
name:
type: string
description: A human-readable name for the API Client
example: Demo API Client
description:
type: string
nullable: true
description: A description of the API Client
example: 'An API client used for the authorization_code, refresh_token, and client_credentials flows'
accessTokenValiditySeconds:
type: integer
format: int32
description: The number of seconds an access token generated for this API Client is valid for
example: 750
refreshTokenValiditySeconds:
type: integer
format: int32
description: The number of seconds a refresh token generated for this API Client is valid for
example: 86400
redirectUris:
type: array
nullable: true
items:
type: string
description: A list of the approved redirect URIs used with the authorization_code flow
example:
- 'http://localhost:12345'
grantTypes:
type: array
items:
description: OAuth2 Grant Type
type: string
example: CLIENT_CREDENTIALS
enum:
- CLIENT_CREDENTIALS
- AUTHORIZATION_CODE
- REFRESH_TOKEN
description: A list of OAuth 2.0 grant types this API Client can be used with
example:
- AUTHORIZATION_CODE
- CLIENT_CREDENTIALS
- REFRESH_TOKEN
accessType:
description: The access type (online or offline) of this API Client
example: OFFLINE
type: string
enum:
- ONLINE
- OFFLINE
type:
description: The type of the API Client (public or confidential)
example: CONFIDENTIAL
type: string
enum:
- CONFIDENTIAL
- PUBLIC
internal:
type: boolean
description: An indicator of whether the API Client can be used for requests internal to IDN
example: false
enabled:
type: boolean
description: An indicator of whether the API Client is enabled for use
example: true
strongAuthSupported:
type: boolean
description: An indicator of whether the API Client supports strong authentication
example: false
claimsSupported:
type: boolean
description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow
example: false
created:
type: string
format: date-time
description: 'The date and time, down to the millisecond, when the API Client was created'
example: '2017-07-11T18:45:37.098Z'
modified:
type: string
format: date-time
description: 'The date and time, down to the millisecond, when the API Client was last updated'
example: '2018-06-25T20:22:28.104Z'
lastUsed:
type: string
nullable: true
format: date-time
description: 'The date and time, down to the millisecond, when this API Client was last used to generate an access token. This timestamp does not get updated on every API Client usage, but only once a day. This property can be useful for identifying which API Clients are no longer actively used and can be removed.'
example: '2017-07-11T18:45:37.098Z'
scope:
type: array
nullable: true
items:
type: string
default: 'sp:scopes:all'
description: Scopes of the API Client.
example:
- 'demo:api-client-scope:first'
- 'demo:api-client-scope:second'
required:
- id
- businessName
- homepageUrl
- name
- description
- accessTokenValiditySeconds
- refreshTokenValiditySeconds
- redirectUris
- grantTypes
- accessType
- type
- internal
- enabled
- strongAuthSupported
- claimsSupported
- created
- modified
- scope
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createOauthClient
security:
- UserContextAuth:
- 'sp:oauth-client:manage'
tags:
- OAuth Clients
summary: Create OAuth Client
description: This creates an OAuth client.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
businessName:
type: string
nullable: true
description: The name of the business the API Client should belong to
example: Acme-Solar
homepageUrl:
type: string
nullable: true
description: The homepage URL associated with the owner of the API Client
example: 'http://localhost:12345'
name:
type: string
nullable: true
description: A human-readable name for the API Client
example: Demo API Client
description:
type: string
nullable: true
description: A description of the API Client
example: 'An API client used for the authorization_code, refresh_token, and client_credentials flows'
accessTokenValiditySeconds:
description: The number of seconds an access token generated for this API Client is valid for
type: integer
format: int32
example: 750
refreshTokenValiditySeconds:
description: The number of seconds a refresh token generated for this API Client is valid for
example: 86400
type: integer
format: int32
redirectUris:
type: array
nullable: true
items:
type: string
description: A list of the approved redirect URIs. Provide one or more URIs when assigning the AUTHORIZATION_CODE grant type to a new OAuth Client.
example:
- 'http://localhost:12345'
grantTypes:
type: array
nullable: true
items:
description: OAuth2 Grant Type
type: string
example: CLIENT_CREDENTIALS
enum:
- CLIENT_CREDENTIALS
- AUTHORIZATION_CODE
- REFRESH_TOKEN
description: A list of OAuth 2.0 grant types this API Client can be used with
example:
- AUTHORIZATION_CODE
- CLIENT_CREDENTIALS
- REFRESH_TOKEN
accessType:
description: The access type (online or offline) of this API Client
example: OFFLINE
type: string
enum:
- ONLINE
- OFFLINE
type:
description: The type of the API Client (public or confidential)
example: CONFIDENTIAL
type: string
enum:
- CONFIDENTIAL
- PUBLIC
internal:
type: boolean
description: An indicator of whether the API Client can be used for requests internal within the product.
example: false
enabled:
type: boolean
description: An indicator of whether the API Client is enabled for use
example: true
strongAuthSupported:
type: boolean
description: An indicator of whether the API Client supports strong authentication
example: false
claimsSupported:
type: boolean
description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow
example: false
scope:
type: array
nullable: true
items:
type: string
default: 'sp:scopes:all'
description: 'Scopes of the API Client. If no scope is specified, the client will be created with the default scope "sp:scopes:all". This means the API Client will have all the rights of the owner who created it.'
example:
- 'demo:api-client-scope:first'
- 'demo:api-client-scope:second'
required:
- name
- description
- accessTokenValiditySeconds
- grantTypes
- accessType
- enabled
responses:
'200':
description: Request succeeded.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the OAuth client
example: 2c9180835d2e5168015d32f890ca1581
secret:
type: string
description: Secret of the OAuth client (This field is only returned on the intial create call.)
example: 5c32dd9b21adb51c77794d46e71de117a1d0ddb36a7ff941fa28014ab7de2cf3
businessName:
type: string
description: The name of the business the API Client should belong to
example: Acme-Solar
homepageUrl:
type: string
description: The homepage URL associated with the owner of the API Client
example: 'http://localhost:12345'
name:
type: string
description: A human-readable name for the API Client
example: Demo API Client
description:
type: string
description: A description of the API Client
example: 'An API client used for the authorization_code, refresh_token, and client_credentials flows'
accessTokenValiditySeconds:
description: The number of seconds an access token generated for this API Client is valid for
example: 750
type: integer
format: int32
refreshTokenValiditySeconds:
description: The number of seconds a refresh token generated for this API Client is valid for
example: 86400
type: integer
format: int32
redirectUris:
type: array
items:
type: string
description: A list of the approved redirect URIs used with the authorization_code flow
example:
- 'http://localhost:12345'
grantTypes:
type: array
items:
description: OAuth2 Grant Type
type: string
example: CLIENT_CREDENTIALS
enum:
- CLIENT_CREDENTIALS
- AUTHORIZATION_CODE
- REFRESH_TOKEN
description: A list of OAuth 2.0 grant types this API Client can be used with
example:
- AUTHORIZATION_CODE
- CLIENT_CREDENTIALS
- REFRESH_TOKEN
accessType:
description: The access type (online or offline) of this API Client
example: OFFLINE
type: string
enum:
- ONLINE
- OFFLINE
type:
description: The type of the API Client (public or confidential)
example: CONFIDENTIAL
type: string
enum:
- CONFIDENTIAL
- PUBLIC
internal:
type: boolean
description: An indicator of whether the API Client can be used for requests internal to IDN
example: false
enabled:
type: boolean
description: An indicator of whether the API Client is enabled for use
example: true
strongAuthSupported:
type: boolean
description: An indicator of whether the API Client supports strong authentication
example: false
claimsSupported:
type: boolean
description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow
example: false
created:
type: string
format: date-time
description: 'The date and time, down to the millisecond, when the API Client was created'
example: '2017-07-11T18:45:37.098Z'
modified:
type: string
format: date-time
description: 'The date and time, down to the millisecond, when the API Client was last updated'
example: '2018-06-25T20:22:28.104Z'
scope:
type: array
nullable: true
items:
type: string
default: 'sp:scopes:all'
description: Scopes of the API Client.
example:
- 'demo:api-client-scope:first'
- 'demo:api-client-scope:second'
required:
- id
- secret
- businessName
- homepageUrl
- name
- description
- accessTokenValiditySeconds
- refreshTokenValiditySeconds
- redirectUris
- grantTypes
- accessType
- type
- internal
- enabled
- strongAuthSupported
- claimsSupported
- created
- modified
- scope
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/oauth-clients/{id}':
get:
operationId: getOauthClient
security:
- UserContextAuth:
- 'sp:oauth-client:manage'
- 'sp:oauth-client:read'
tags:
- OAuth Clients
summary: Get OAuth Client
description: This gets details of an OAuth client.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The OAuth client id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: Request succeeded.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the OAuth client
example: 2c9180835d2e5168015d32f890ca1581
businessName:
type: string
nullable: true
description: The name of the business the API Client should belong to
example: Acme-Solar
homepageUrl:
type: string
nullable: true
description: The homepage URL associated with the owner of the API Client
example: 'http://localhost:12345'
name:
type: string
description: A human-readable name for the API Client
example: Demo API Client
description:
type: string
nullable: true
description: A description of the API Client
example: 'An API client used for the authorization_code, refresh_token, and client_credentials flows'
accessTokenValiditySeconds:
type: integer
format: int32
description: The number of seconds an access token generated for this API Client is valid for
example: 750
refreshTokenValiditySeconds:
type: integer
format: int32
description: The number of seconds a refresh token generated for this API Client is valid for
example: 86400
redirectUris:
type: array
nullable: true
items:
type: string
description: A list of the approved redirect URIs used with the authorization_code flow
example:
- 'http://localhost:12345'
grantTypes:
type: array
items:
description: OAuth2 Grant Type
type: string
example: CLIENT_CREDENTIALS
enum:
- CLIENT_CREDENTIALS
- AUTHORIZATION_CODE
- REFRESH_TOKEN
description: A list of OAuth 2.0 grant types this API Client can be used with
example:
- AUTHORIZATION_CODE
- CLIENT_CREDENTIALS
- REFRESH_TOKEN
accessType:
description: The access type (online or offline) of this API Client
example: OFFLINE
type: string
enum:
- ONLINE
- OFFLINE
type:
description: The type of the API Client (public or confidential)
example: CONFIDENTIAL
type: string
enum:
- CONFIDENTIAL
- PUBLIC
internal:
type: boolean
description: An indicator of whether the API Client can be used for requests internal to IDN
example: false
enabled:
type: boolean
description: An indicator of whether the API Client is enabled for use
example: true
strongAuthSupported:
type: boolean
description: An indicator of whether the API Client supports strong authentication
example: false
claimsSupported:
type: boolean
description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow
example: false
created:
type: string
format: date-time
description: 'The date and time, down to the millisecond, when the API Client was created'
example: '2017-07-11T18:45:37.098Z'
modified:
type: string
format: date-time
description: 'The date and time, down to the millisecond, when the API Client was last updated'
example: '2018-06-25T20:22:28.104Z'
lastUsed:
type: string
nullable: true
format: date-time
description: 'The date and time, down to the millisecond, when this API Client was last used to generate an access token. This timestamp does not get updated on every API Client usage, but only once a day. This property can be useful for identifying which API Clients are no longer actively used and can be removed.'
example: '2017-07-11T18:45:37.098Z'
scope:
type: array
nullable: true
items:
type: string
default: 'sp:scopes:all'
description: Scopes of the API Client.
example:
- 'demo:api-client-scope:first'
- 'demo:api-client-scope:second'
required:
- id
- businessName
- homepageUrl
- name
- description
- accessTokenValiditySeconds
- refreshTokenValiditySeconds
- redirectUris
- grantTypes
- accessType
- type
- internal
- enabled
- strongAuthSupported
- claimsSupported
- created
- modified
- scope
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteOauthClient
security:
- UserContextAuth:
- 'sp:oauth-client:manage'
tags:
- OAuth Clients
summary: Delete OAuth Client
description: This deletes an OAuth client.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The OAuth client id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'204':
description: No content.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchOauthClient
security:
- UserContextAuth:
- 'sp:oauth-client:manage'
tags:
- OAuth Clients
summary: Patch OAuth Client
description: This performs a targeted update to the field(s) of an OAuth client.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The OAuth client id
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
description: |
A list of OAuth client update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
The following fields are patchable:
* tenant
* businessName
* homepageUrl
* name
* description
* accessTokenValiditySeconds
* refreshTokenValiditySeconds
* redirectUris
* grantTypes
* accessType
* enabled
* strongAuthSupported
* claimsSupported
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /strongAuthSupported
value: true
- op: replace
path: /businessName
value: acme-solar
responses:
'200':
description: 'Indicates the PATCH operation succeeded, and returns the OAuth client''s new representation.'
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the OAuth client
example: 2c9180835d2e5168015d32f890ca1581
businessName:
type: string
nullable: true
description: The name of the business the API Client should belong to
example: Acme-Solar
homepageUrl:
type: string
nullable: true
description: The homepage URL associated with the owner of the API Client
example: 'http://localhost:12345'
name:
type: string
description: A human-readable name for the API Client
example: Demo API Client
description:
type: string
nullable: true
description: A description of the API Client
example: 'An API client used for the authorization_code, refresh_token, and client_credentials flows'
accessTokenValiditySeconds:
type: integer
format: int32
description: The number of seconds an access token generated for this API Client is valid for
example: 750
refreshTokenValiditySeconds:
type: integer
format: int32
description: The number of seconds a refresh token generated for this API Client is valid for
example: 86400
redirectUris:
type: array
nullable: true
items:
type: string
description: A list of the approved redirect URIs used with the authorization_code flow
example:
- 'http://localhost:12345'
grantTypes:
type: array
items:
description: OAuth2 Grant Type
type: string
example: CLIENT_CREDENTIALS
enum:
- CLIENT_CREDENTIALS
- AUTHORIZATION_CODE
- REFRESH_TOKEN
description: A list of OAuth 2.0 grant types this API Client can be used with
example:
- AUTHORIZATION_CODE
- CLIENT_CREDENTIALS
- REFRESH_TOKEN
accessType:
description: The access type (online or offline) of this API Client
example: OFFLINE
type: string
enum:
- ONLINE
- OFFLINE
type:
description: The type of the API Client (public or confidential)
example: CONFIDENTIAL
type: string
enum:
- CONFIDENTIAL
- PUBLIC
internal:
type: boolean
description: An indicator of whether the API Client can be used for requests internal to IDN
example: false
enabled:
type: boolean
description: An indicator of whether the API Client is enabled for use
example: true
strongAuthSupported:
type: boolean
description: An indicator of whether the API Client supports strong authentication
example: false
claimsSupported:
type: boolean
description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow
example: false
created:
type: string
format: date-time
description: 'The date and time, down to the millisecond, when the API Client was created'
example: '2017-07-11T18:45:37.098Z'
modified:
type: string
format: date-time
description: 'The date and time, down to the millisecond, when the API Client was last updated'
example: '2018-06-25T20:22:28.104Z'
lastUsed:
type: string
nullable: true
format: date-time
description: 'The date and time, down to the millisecond, when this API Client was last used to generate an access token. This timestamp does not get updated on every API Client usage, but only once a day. This property can be useful for identifying which API Clients are no longer actively used and can be removed.'
example: '2017-07-11T18:45:37.098Z'
scope:
type: array
nullable: true
items:
type: string
default: 'sp:scopes:all'
description: Scopes of the API Client.
example:
- 'demo:api-client-scope:first'
- 'demo:api-client-scope:second'
required:
- id
- businessName
- homepageUrl
- name
- description
- accessTokenValiditySeconds
- refreshTokenValiditySeconds
- redirectUris
- grantTypes
- accessType
- type
- internal
- enabled
- strongAuthSupported
- claimsSupported
- created
- modified
- scope
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/password-sync-groups:
get:
operationId: getPasswordSyncGroups
tags:
- Password Sync Groups
summary: Get Password Sync Group List
description: This API returns a list of password sync groups. A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:password-sync-group-management:read'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: A list of password sync groups.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the sync group
example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
name:
description: Name of the sync group
type: string
example: Password Sync Group 1
passwordPolicyId:
type: string
description: ID of the password policy
example: 2c91808d744ba0ce01746f93b6204501
sourceIds:
type: array
description: List of password managed sources IDs
items:
type: string
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
created:
type: string
description: The date and time this sync group was created
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
modified:
type: string
description: The date and time this sync group was last modified
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createPasswordSyncGroup
tags:
- Password Sync Groups
summary: Create Password Sync Group
description: This API creates a password sync group based on the specifications provided. A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:password-sync-group-management:write'
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the sync group
example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
name:
description: Name of the sync group
type: string
example: Password Sync Group 1
passwordPolicyId:
type: string
description: ID of the password policy
example: 2c91808d744ba0ce01746f93b6204501
sourceIds:
type: array
description: List of password managed sources IDs
items:
type: string
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
created:
type: string
description: The date and time this sync group was created
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
modified:
type: string
description: The date and time this sync group was last modified
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
example:
name: Password Sync Group 2
passwordPolicyId: 2c91808d744ba0ce01746f93b6204501
sourceIds:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
responses:
'200':
description: Reference to the password sync group.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the sync group
example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
name:
description: Name of the sync group
type: string
example: Password Sync Group 1
passwordPolicyId:
type: string
description: ID of the password policy
example: 2c91808d744ba0ce01746f93b6204501
sourceIds:
type: array
description: List of password managed sources IDs
items:
type: string
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
created:
type: string
description: The date and time this sync group was created
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
modified:
type: string
description: The date and time this sync group was last modified
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
example:
id: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
name: Password Sync Group 2
passwordPolicyId: 2c91808d744ba0ce01746f93b6204501
sourceIds:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/password-sync-groups/{id}':
get:
operationId: getPasswordSyncGroup
tags:
- Password Sync Groups
summary: Get Password Sync Group by ID
description: This API returns the sync group for the specified ID. A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:password-sync-group-management:read'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of password sync group to retrieve.
example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
responses:
'200':
description: Reference to the password sync group.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the sync group
example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
name:
description: Name of the sync group
type: string
example: Password Sync Group 1
passwordPolicyId:
type: string
description: ID of the password policy
example: 2c91808d744ba0ce01746f93b6204501
sourceIds:
type: array
description: List of password managed sources IDs
items:
type: string
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
created:
type: string
description: The date and time this sync group was created
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
modified:
type: string
description: The date and time this sync group was last modified
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
example:
id: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
name: Password Sync Group 1
passwordPolicyId: 2c91808d744ba0ce01746f93b6204501
sourceIds:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: updatePasswordSyncGroup
tags:
- Password Sync Groups
summary: Update Password Sync Group by ID
description: This API updates the specified password sync group. A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:password-sync-group-management:write'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of password sync group to update.
example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the sync group
example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
name:
description: Name of the sync group
type: string
example: Password Sync Group 1
passwordPolicyId:
type: string
description: ID of the password policy
example: 2c91808d744ba0ce01746f93b6204501
sourceIds:
type: array
description: List of password managed sources IDs
items:
type: string
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
created:
type: string
description: The date and time this sync group was created
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
modified:
type: string
description: The date and time this sync group was last modified
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
example:
id: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
name: Password Sync Group 2
passwordPolicyId: 2c91808d744ba0ce01746f93b6204501
sourceIds:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
responses:
'200':
description: Reference to the password sync group.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the sync group
example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
name:
description: Name of the sync group
type: string
example: Password Sync Group 1
passwordPolicyId:
type: string
description: ID of the password policy
example: 2c91808d744ba0ce01746f93b6204501
sourceIds:
type: array
description: List of password managed sources IDs
items:
type: string
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
created:
type: string
description: The date and time this sync group was created
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
modified:
type: string
description: The date and time this sync group was last modified
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
example:
id: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
name: Password Sync Group 2
passwordPolicyId: 2c91808d744ba0ce01746f93b6204501
sourceIds:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deletePasswordSyncGroup
tags:
- Password Sync Groups
summary: Delete Password Sync Group by ID
description: This API deletes the specified password sync group. A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:password-sync-group-management:write'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of password sync group to delete.
example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/personal-access-tokens:
get:
operationId: listPersonalAccessTokens
security:
- UserContextAuth:
- 'sp:my-personal-access-tokens:read'
- 'sp:my-personal-access-tokens:manage'
- 'sp:all-personal-access-tokens:read'
- 'sp:all-personal-access-tokens:manage'
tags:
- Personal Access Tokens
summary: List Personal Access Tokens
description: 'This gets a collection of personal access tokens associated with the optional `owner-id`. query parameter. If the `owner-id` query parameter is omitted, all personal access tokens for a tenant will be retrieved, but the caller must have the ''idn:all-personal-access-tokens:read'' right.'
parameters:
- in: query
name: owner-id
description: |-
The identity ID of the owner whose personal access tokens should be listed. If "me", the caller should have the following right: 'idn:my-personal-access-tokens:read'
If an actual owner ID or if the `owner-id` parameter is omitted in the request, the caller should have the following right: 'idn:all-personal-access-tokens:read'.
If the caller has the following right, then managed personal access tokens associated with `owner-id` will be retrieved: 'idn:managed-personal-access-tokens:read'
required: false
schema:
type: string
default: null
example: 2c9180867b50d088017b554662fb281e
- in: query
name: filters
required: false
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**lastUsed**: *le, isnull*
example: 'lastUsed le 2023-02-05T10:59:27.214Z'
responses:
'200':
description: List of personal access tokens.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The ID of the personal access token (to be used as the username for Basic Auth).
example: 86f1dc6fe8f54414950454cbb11278fa
name:
type: string
description: The name of the personal access token. Cannot be the same as other personal access tokens owned by a user.
example: NodeJS Integration
scope:
type: array
nullable: true
items:
type: string
default: 'sp:scopes:all'
description: Scopes of the personal access token.
example:
- 'demo:personal-access-token-scope:first'
- 'demo:personal-access-token-scope:second'
owner:
type: object
description: Personal access token owner's identity.
properties:
type:
type: string
description: Personal access token owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Personal access token owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Personal access token owner's human-readable display name.
example: Support
created:
type: string
format: date-time
description: 'The date and time, down to the millisecond, when this personal access token was created.'
example: '2017-07-11T18:45:37.098Z'
lastUsed:
type: string
nullable: true
format: date-time
description: 'The date and time, down to the millisecond, when this personal access token was last used to generate an access token. This timestamp does not get updated on every PAT usage, but only once a day. This property can be useful for identifying which PATs are no longer actively used and can be removed.'
example: '2017-07-11T18:45:37.098Z'
managed:
type: boolean
default: false
example: false
description: 'If true, this token is managed by the SailPoint platform, and is not visible in the user interface. For example, Workflows will create managed personal access tokens for users who create workflows.'
required:
- id
- name
- scope
- owner
- created
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createPersonalAccessToken
security:
- UserContextAuth:
- 'sp:my-personal-access-tokens:manage'
- 'sp:all-personal-access-tokens:manage'
tags:
- Personal Access Tokens
summary: Create Personal Access Token
description: This creates a personal access token.
requestBody:
description: Name and scope of personal access token.
required: true
content:
application/json:
schema:
type: object
description: Object for specifying the name of a personal access token to create
properties:
name:
type: string
description: The name of the personal access token (PAT) to be created. Cannot be the same as another PAT owned by the user for whom this PAT is being created.
example: NodeJS Integration
scope:
type: array
nullable: true
items:
type: string
default: 'sp:scopes:all'
description: 'Scopes of the personal access token. If no scope is specified, the token will be created with the default scope "sp:scopes:all". This means the personal access token will have all the rights of the owner who created it.'
example:
- 'demo:personal-access-token-scope:first'
- 'demo:personal-access-token-scope:second'
required:
- name
responses:
'200':
description: Created. Note - this is the only time Personal Access Tokens' secret attribute will be displayed.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The ID of the personal access token (to be used as the username for Basic Auth).
example: 86f1dc6fe8f54414950454cbb11278fa
secret:
type: string
description: The secret of the personal access token (to be used as the password for Basic Auth).
example: 1d1bef2b9f426383447f64f69349fc7cac176042578d205c256ba3f37c59adb9
scope:
type: array
nullable: true
items:
type: string
default: 'sp:scopes:all'
description: Scopes of the personal access token.
example:
- 'demo:personal-access-token-scope:first'
- 'demo:personal-access-token-scope:second'
name:
type: string
description: The name of the personal access token. Cannot be the same as other personal access tokens owned by a user.
example: NodeJS Integration
owner:
type: object
description: Personal access token owner's identity.
properties:
type:
type: string
description: Personal access token owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Personal access token owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Personal access token owner's human-readable display name.
example: Support
created:
type: string
format: date-time
description: 'The date and time, down to the millisecond, when this personal access token was created.'
example: '2017-07-11T18:45:37.098Z'
required:
- id
- secret
- scope
- name
- owner
- created
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/personal-access-tokens/{id}':
patch:
operationId: patchPersonalAccessToken
security:
- UserContextAuth:
- 'sp:my-personal-access-tokens:manage'
tags:
- Personal Access Tokens
summary: Patch Personal Access Token
description: This performs a targeted update to the field(s) of a Personal Access Token.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The Personal Access Token id
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
description: |
A list of OAuth client update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
The following fields are patchable:
* name
* scope
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /name
value: New name
- op: replace
path: /scope
value:
- 'sp:scopes:all'
responses:
'200':
description: 'Indicates the PATCH operation succeeded, and returns the PAT''s new representation.'
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The ID of the personal access token (to be used as the username for Basic Auth).
example: 86f1dc6fe8f54414950454cbb11278fa
name:
type: string
description: The name of the personal access token. Cannot be the same as other personal access tokens owned by a user.
example: NodeJS Integration
scope:
type: array
nullable: true
items:
type: string
default: 'sp:scopes:all'
description: Scopes of the personal access token.
example:
- 'demo:personal-access-token-scope:first'
- 'demo:personal-access-token-scope:second'
owner:
type: object
description: Personal access token owner's identity.
properties:
type:
type: string
description: Personal access token owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Personal access token owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Personal access token owner's human-readable display name.
example: Support
created:
type: string
format: date-time
description: 'The date and time, down to the millisecond, when this personal access token was created.'
example: '2017-07-11T18:45:37.098Z'
lastUsed:
type: string
nullable: true
format: date-time
description: 'The date and time, down to the millisecond, when this personal access token was last used to generate an access token. This timestamp does not get updated on every PAT usage, but only once a day. This property can be useful for identifying which PATs are no longer actively used and can be removed.'
example: '2017-07-11T18:45:37.098Z'
managed:
type: boolean
default: false
example: false
description: 'If true, this token is managed by the SailPoint platform, and is not visible in the user interface. For example, Workflows will create managed personal access tokens for users who create workflows.'
required:
- id
- name
- scope
- owner
- created
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deletePersonalAccessToken
security:
- UserContextAuth:
- 'sp:my-personal-access-tokens:manage'
- 'sp:all-personal-access-tokens:manage'
tags:
- Personal Access Tokens
summary: Delete Personal Access Token
description: This deletes a personal access token.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The personal access token id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'204':
description: No content.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/public-identities:
get:
operationId: getPublicIdentities
tags:
- Public Identities
summary: Get a list of public identities
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
required: false
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**alias**: *eq, sw*
**email**: *eq, sw*
**firstname**: *eq, sw*
**lastname**: *eq, sw*
example: firstname eq "John"
- in: query
name: add-core-filters
description: |-
If *true*, only get identities which satisfy ALL the following criteria in addition to any criteria specified by *filters*:
- Should be either correlated or protected.
- Should not be "spadmin" or "cloudadmin".
- uid should not be null.
- lastname should not be null.
- email should not be null.
required: false
example: false
schema:
type: boolean
default: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
required: false
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name**
example: name
responses:
'200':
description: A list of public identity objects.
content:
application/json:
schema:
type: array
items:
type: object
title: Public Identity
description: Details about a public identity
properties:
id:
type: string
description: Identity id
example: 2c9180857182305e0171993735622948
name:
type: string
description: Human-readable display name of identity.
example: Alison Ferguso
alias:
type: string
description: Alternate unique identifier for the identity.
example: alison.ferguso
email:
nullable: true
type: string
description: Email address of identity.
example: alison.ferguso@acme-solar.com
status:
nullable: true
type: string
description: The lifecycle status for the identity
example: Active
identityState:
nullable: true
type: string
enum:
- ACTIVE
- INACTIVE_SHORT_TERM
- INACTIVE_LONG_TERM
- null
example: ACTIVE
description: |
The current state of the identity, which determines how Identity Security Cloud interacts with the identity.
An identity that is Active will be included identity picklists in Request Center, identity processing, and more.
Identities that are Inactive will be excluded from these features.
manager:
description: An identity reference to the manager of this identity
type: object
nullable: true
properties:
type:
example: IDENTITY
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Human-readable display name of identity.
example: Thomas Edison
attributes:
type: array
description: The public identity attributes of the identity
items:
type: object
properties:
key:
type: string
description: The attribute key
example: country
name:
type: string
description: Human-readable display name of the attribute
example: Country
value:
type: string
description: The attribute value
example: US
example:
- id: 2c9180857182305e0171993735622948
name: Alison Ferguso
alias: alison.ferguso
email: alison.ferguso@acme-solar.com
status: Active
manager:
type: IDENTITY
id: 2c9180a46faadee4016fb4e018c20639
name: Thomas Edison
attributes:
- key: phone
name: Phone
value: '5125551234'
- key: country
name: Country
value: US
- id: 2c9180a46faadee4016fb4e018c20639
name: Thomas Edison
alias: thomas.edison
email: thomas.edison@acme-solar.com
status: Active
manager:
type: IDENTITY
id: 2c918086676d3e0601677611dbde220f
name: Mister Manager
attributes:
- key: phone
name: Phone
value: '5125554321'
- key: country
name: Country
value: US
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/public-identities-config:
get:
operationId: getPublicIdentityConfig
tags:
- Public Identities Config
summary: Get the Public Identities Configuration
description: Returns the publicly visible attributes of an identity available to request approvers for Access Requests and Certification Campaigns. A token with ORG ADMIN authority is required to call this API.
responses:
'200':
description: Request succeeded.
content:
application/json:
schema:
type: object
description: Details of up to 5 Identity attributes that will be publicly accessible for all Identities to anyone in the org.
properties:
attributes:
type: array
description: Up to 5 identity attributes that will be available to everyone in the org for all users in the org.
items:
type: object
description: Used to map an attribute key for an Identity to its display name.
properties:
key:
type: string
description: The attribute key
example: country
name:
type: string
description: The attribute display name
example: Country
modified:
nullable: true
type: string
description: When this configuration was last modified.
format: date-time
example: '2018-06-25T20:22:28.104Z'
modifiedBy:
description: The identity who last modified this configuration.
type: object
nullable: true
properties:
type:
example: IDENTITY
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Human-readable display name of identity.
example: Thomas Edison
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: updatePublicIdentityConfig
tags:
- Public Identities Config
summary: Update the Public Identities Configuration
description: Updates the publicly visible attributes of an identity available to request approvers for Access Requests and Certification Campaigns. A token with ORG ADMIN authority is required to call this API.
requestBody:
required: true
content:
application/json:
schema:
type: object
description: Details of up to 5 Identity attributes that will be publicly accessible for all Identities to anyone in the org.
properties:
attributes:
type: array
description: Up to 5 identity attributes that will be available to everyone in the org for all users in the org.
items:
type: object
description: Used to map an attribute key for an Identity to its display name.
properties:
key:
type: string
description: The attribute key
example: country
name:
type: string
description: The attribute display name
example: Country
modified:
nullable: true
type: string
description: When this configuration was last modified.
format: date-time
example: '2018-06-25T20:22:28.104Z'
modifiedBy:
description: The identity who last modified this configuration.
type: object
nullable: true
properties:
type:
example: IDENTITY
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Human-readable display name of identity.
example: Thomas Edison
responses:
'200':
description: Request succeeded.
content:
application/json:
schema:
type: object
description: Details of up to 5 Identity attributes that will be publicly accessible for all Identities to anyone in the org.
properties:
attributes:
type: array
description: Up to 5 identity attributes that will be available to everyone in the org for all users in the org.
items:
type: object
description: Used to map an attribute key for an Identity to its display name.
properties:
key:
type: string
description: The attribute key
example: country
name:
type: string
description: The attribute display name
example: Country
modified:
nullable: true
type: string
description: When this configuration was last modified.
format: date-time
example: '2018-06-25T20:22:28.104Z'
modifiedBy:
description: The identity who last modified this configuration.
type: object
nullable: true
properties:
type:
example: IDENTITY
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Human-readable display name of identity.
example: Thomas Edison
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/requestable-objects:
get:
operationId: listRequestableObjects
tags:
- Requestable Objects
summary: Requestable Objects List
description: |-
This endpoint returns a list of acccess items that that can be requested through the Access Request endpoints. Access items are marked with AVAILABLE, PENDING or ASSIGNED with respect to the identity provided using *identity-id* query param.
Any authenticated token can call this endpoint to see their requestable access items. A token with ORG_ADMIN authority is required to call this endpoint to return a list of all of the requestable access items for the org or for another identity.
parameters:
- in: query
name: identity-id
required: false
schema:
type: string
example: e7eab60924f64aa284175b9fa3309599
description: |-
If present, the value returns only requestable objects for the specified identity.
* Admin users can call this with any identity ID value.
* Non-admin users can only specify *me* or pass their own identity ID value.
* If absent, returns a list of all requestable objects for the tenant. Only admin users can make such a call. In this case, the available, pending, assigned accesses will not be annotated in the result.
- in: query
name: types
description: 'Filters the results to the specified type/types, where each type is one of ROLE or ACCESS_PROFILE. If absent, all types are returned. Support for additional types may be added in the future without notice.'
required: false
schema:
type: array
items:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: 'The currently supported requestable object types. '
example: ACCESS_PROFILE
example: 'ROLE,ACCESS_PROFILE'
explode: false
- in: query
name: term
required: false
schema:
type: string
example: Finance Role
description: 'It allows searching requestable access items with a partial match on the name or description. If term is provided, then the *filter* query parameter will be ignored.'
- in: query
name: statuses
description: 'Filters the result to the specified status/statuses, where each status is one of AVAILABLE, ASSIGNED, or PENDING. It is an error to specify this parameter without also specifying an *identity-id* parameter. Additional statuses may be added in the future without notice.'
required: false
schema:
type: array
items:
type: string
enum:
- AVAILABLE
- PENDING
- ASSIGNED
- null
description: 'Status indicating the ability of an access request for the object to be made by or on behalf of the identity specified by *identity-id*. *AVAILABLE* indicates the object is available to request. *PENDING* indicates the object is unavailable because the identity has a pending request in flight. *ASSIGNED* indicates the object is unavailable because the identity already has the indicated role or access profile. If *identity-id* is not specified (allowed only for admin users), then status will be *AVAILABLE* for all results.'
example: AVAILABLE
explode: false
example:
- ASSIGNED
- PENDING
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
example: name sw "bob"
description: |
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, in, sw*
required: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
required: false
example: name
description: |
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name**
responses:
'200':
description: List of requestable objects
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: Id of the requestable object itself
example: 2c9180835d2e5168015d32f890ca1581
name:
type: string
description: Human-readable display name of the requestable object
example: Applied Research Access
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
description: The time when the requestable object was created
modified:
nullable: true
type: string
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: The time when the requestable object was last modified
description:
type: string
description: Description of the requestable object.
example: 'Access to research information, lab results, and schematics.'
nullable: true
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: 'The currently supported requestable object types. '
example: ACCESS_PROFILE
requestStatus:
allOf:
- type: string
enum:
- AVAILABLE
- PENDING
- ASSIGNED
- null
description: 'Status indicating the ability of an access request for the object to be made by or on behalf of the identity specified by *identity-id*. *AVAILABLE* indicates the object is available to request. *PENDING* indicates the object is unavailable because the identity has a pending request in flight. *ASSIGNED* indicates the object is unavailable because the identity already has the indicated role or access profile. If *identity-id* is not specified (allowed only for admin users), then status will be *AVAILABLE* for all results.'
example: AVAILABLE
- nullable: true
identityRequestId:
type: string
description: 'If *requestStatus* is *PENDING*, indicates the id of the associated account activity.'
nullable: true
example: null
ownerRef:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only
example: IDENTITY
id:
type: string
description: Identity id.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Human-readable display name of identity. This is read-only
example: Alison Ferguso
email:
type: string
description: Email address of identity. This is read-only
example: alison.ferguso@identitysoon.com
requestCommentsRequired:
type: boolean
description: Whether the requester must provide comments when requesting the object.
example: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/roles:
get:
operationId: listRoles
tags:
- Roles
summary: List Roles
description: |-
This API returns a list of Roles.
A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API.
parameters:
- in: query
name: for-subadmin
schema:
type: string
description: 'If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity''s ID. A 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin.'
example: 5168015d32f890ca15812c9180835d2e
required: false
- in: query
name: limit
description: |-
Note that for this API the maximum value for limit is 50.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 50
schema:
type: integer
format: int32
minimum: 0
maximum: 50
default: 50
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, sw*
**created**: *gt, lt, ge, le*
**modified**: *gt, lt, ge, le*
**owner.id**: *eq, in*
**requestable**: *eq*
example: requestable eq false
required: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, created, modified**
example: 'name,-modified'
required: false
- in: query
name: for-segment-ids
schema:
type: string
format: comma-separated
description: |-
If present and not empty, additionally filters Roles to those which are assigned to the Segment(s) with the specified IDs.
If segmentation is currently unavailable, specifying this parameter results in an error.
example: '0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d'
required: false
- in: query
name: include-unsegmented
schema:
type: boolean
default: true
description: 'Whether or not the response list should contain unsegmented Roles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error.'
example: false
required: false
responses:
'200':
description: List of Roles
content:
application/json:
schema:
type: array
items:
type: object
description: A Role
properties:
id:
type: string
description: 'The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.'
example: 2c918086749d78830174a1a40e121518
name:
type: string
description: The human-readable display name of the Role
maxLength: 128
example: Role 2567
created:
type: string
description: Date the Role was created
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date the Role was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
description:
type: string
nullable: true
description: A human-readable description of the Role
example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.
owner:
type: object
nullable: false
description: The owner of this object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
accessProfiles:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the Access Profile
example: ff808081751e6e129f1518161919ecca
type:
type: string
description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.'
enum:
- ACCESS_PROFILE
example: ACCESS_PROFILE
name:
type: string
description: Human-readable display name of the Access Profile. This field is ignored on input.
example: Access Profile 2567
nullable: true
entitlements:
type: array
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
membership:
nullable: true
type: object
description: 'When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.'
properties:
type:
type: string
enum:
- STANDARD
- IDENTITY_LIST
description: |-
This enum characterizes the type of a Role's membership selector. Only the following two are fully supported:
STANDARD: Indicates that Role membership is defined in terms of a criteria expression
IDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed
example: IDENTITY_LIST
criteria:
nullable: true
type: object
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
nullable: true
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
identities:
type: array
items:
type: object
description: A reference to an Identity in an IDENTITY_LIST role membership criteria.
properties:
type:
nullable: true
example: IDENTITY
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
nullable: true
description: Human-readable display name of the Identity.
example: Thomas Edison
aliasName:
type: string
nullable: true
description: User name of the Identity
example: t.edison
nullable: true
description: 'Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.'
legacyMembershipInfo:
type: object
nullable: true
description: 'This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.'
example:
type: IDENTITY_LIST
additionalProperties: true
enabled:
type: boolean
description: Whether the Role is enabled or not.
example: true
default: false
requestable:
type: boolean
description: Whether the Role can be the target of access requests.
example: true
default: false
accessRequestConfig:
nullable: true
description: Access request configuration for this object
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: true
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: true
nullable: true
default: false
approvalSchemes:
type: array
description: List describing the steps in approving the request
items:
type: object
properties:
approverType:
type: string
enum:
- OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**OWNER**: Owner of the associated Role
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
revocationRequestConfig:
nullable: true
default: null
description: Revocation request configuration for this object.
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: false
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: false
nullable: true
default: false
approvalSchemes:
type: array
description: List describing the steps in approving the revocation request
items:
type: object
properties:
approverType:
type: string
enum:
- OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**OWNER**: Owner of the associated Role
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Role is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
required:
- name
- owner
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:role-unchecked:read'
- 'idn:role-unchecked:manage'
- 'idn:role-checked:manage'
- 'idn:role-checked:read'
post:
operationId: createRole
tags:
- Roles
summary: Create a Role
description: |-
This API creates a role.
You must have a token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority to call this API.
In addition, a ROLE_SUBADMIN may not create a role including an access profile if that access profile is associated with a source the ROLE_SUBADMIN is not associated with themselves.
The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing roles. However, any new roles as well as any updates to existing descriptions will be limited to 2000 characters.
requestBody:
required: true
content:
application/json:
schema:
type: object
description: A Role
properties:
id:
type: string
description: 'The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.'
example: 2c918086749d78830174a1a40e121518
name:
type: string
description: The human-readable display name of the Role
maxLength: 128
example: Role 2567
created:
type: string
description: Date the Role was created
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date the Role was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
description:
type: string
nullable: true
description: A human-readable description of the Role
example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.
owner:
type: object
nullable: false
description: The owner of this object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
accessProfiles:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the Access Profile
example: ff808081751e6e129f1518161919ecca
type:
type: string
description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.'
enum:
- ACCESS_PROFILE
example: ACCESS_PROFILE
name:
type: string
description: Human-readable display name of the Access Profile. This field is ignored on input.
example: Access Profile 2567
nullable: true
entitlements:
type: array
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
membership:
nullable: true
type: object
description: 'When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.'
properties:
type:
type: string
enum:
- STANDARD
- IDENTITY_LIST
description: |-
This enum characterizes the type of a Role's membership selector. Only the following two are fully supported:
STANDARD: Indicates that Role membership is defined in terms of a criteria expression
IDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed
example: IDENTITY_LIST
criteria:
nullable: true
type: object
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
nullable: true
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
identities:
type: array
items:
type: object
description: A reference to an Identity in an IDENTITY_LIST role membership criteria.
properties:
type:
nullable: true
example: IDENTITY
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
nullable: true
description: Human-readable display name of the Identity.
example: Thomas Edison
aliasName:
type: string
nullable: true
description: User name of the Identity
example: t.edison
nullable: true
description: 'Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.'
legacyMembershipInfo:
type: object
nullable: true
description: 'This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.'
example:
type: IDENTITY_LIST
additionalProperties: true
enabled:
type: boolean
description: Whether the Role is enabled or not.
example: true
default: false
requestable:
type: boolean
description: Whether the Role can be the target of access requests.
example: true
default: false
accessRequestConfig:
nullable: true
description: Access request configuration for this object
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: true
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: true
nullable: true
default: false
approvalSchemes:
type: array
description: List describing the steps in approving the request
items:
type: object
properties:
approverType:
type: string
enum:
- OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**OWNER**: Owner of the associated Role
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
revocationRequestConfig:
nullable: true
default: null
description: Revocation request configuration for this object.
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: false
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: false
nullable: true
default: false
approvalSchemes:
type: array
description: List describing the steps in approving the revocation request
items:
type: object
properties:
approverType:
type: string
enum:
- OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**OWNER**: Owner of the associated Role
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Role is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
required:
- name
- owner
responses:
'201':
description: Role created
content:
application/json:
schema:
type: object
description: A Role
properties:
id:
type: string
description: 'The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.'
example: 2c918086749d78830174a1a40e121518
name:
type: string
description: The human-readable display name of the Role
maxLength: 128
example: Role 2567
created:
type: string
description: Date the Role was created
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date the Role was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
description:
type: string
nullable: true
description: A human-readable description of the Role
example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.
owner:
type: object
nullable: false
description: The owner of this object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
accessProfiles:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the Access Profile
example: ff808081751e6e129f1518161919ecca
type:
type: string
description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.'
enum:
- ACCESS_PROFILE
example: ACCESS_PROFILE
name:
type: string
description: Human-readable display name of the Access Profile. This field is ignored on input.
example: Access Profile 2567
nullable: true
entitlements:
type: array
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
membership:
nullable: true
type: object
description: 'When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.'
properties:
type:
type: string
enum:
- STANDARD
- IDENTITY_LIST
description: |-
This enum characterizes the type of a Role's membership selector. Only the following two are fully supported:
STANDARD: Indicates that Role membership is defined in terms of a criteria expression
IDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed
example: IDENTITY_LIST
criteria:
nullable: true
type: object
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
nullable: true
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
identities:
type: array
items:
type: object
description: A reference to an Identity in an IDENTITY_LIST role membership criteria.
properties:
type:
nullable: true
example: IDENTITY
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
nullable: true
description: Human-readable display name of the Identity.
example: Thomas Edison
aliasName:
type: string
nullable: true
description: User name of the Identity
example: t.edison
nullable: true
description: 'Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.'
legacyMembershipInfo:
type: object
nullable: true
description: 'This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.'
example:
type: IDENTITY_LIST
additionalProperties: true
enabled:
type: boolean
description: Whether the Role is enabled or not.
example: true
default: false
requestable:
type: boolean
description: Whether the Role can be the target of access requests.
example: true
default: false
accessRequestConfig:
nullable: true
description: Access request configuration for this object
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: true
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: true
nullable: true
default: false
approvalSchemes:
type: array
description: List describing the steps in approving the request
items:
type: object
properties:
approverType:
type: string
enum:
- OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**OWNER**: Owner of the associated Role
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
revocationRequestConfig:
nullable: true
default: null
description: Revocation request configuration for this object.
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: false
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: false
nullable: true
default: false
approvalSchemes:
type: array
description: List describing the steps in approving the revocation request
items:
type: object
properties:
approverType:
type: string
enum:
- OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**OWNER**: Owner of the associated Role
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Role is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
required:
- name
- owner
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:role-unchecked:manage'
- 'idn:role-checked:manage'
'/roles/{id}':
get:
operationId: getRole
tags:
- Roles
summary: Get a Role
description: |-
This API returns a Role by its ID.
A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member.
parameters:
- in: path
name: id
required: true
schema:
type: string
description: ID of the Role
example: 2c91808a7813090a017814121e121518
responses:
'200':
description: List of all Roles
content:
application/json:
schema:
type: object
description: A Role
properties:
id:
type: string
description: 'The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.'
example: 2c918086749d78830174a1a40e121518
name:
type: string
description: The human-readable display name of the Role
maxLength: 128
example: Role 2567
created:
type: string
description: Date the Role was created
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date the Role was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
description:
type: string
nullable: true
description: A human-readable description of the Role
example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.
owner:
type: object
nullable: false
description: The owner of this object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
accessProfiles:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the Access Profile
example: ff808081751e6e129f1518161919ecca
type:
type: string
description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.'
enum:
- ACCESS_PROFILE
example: ACCESS_PROFILE
name:
type: string
description: Human-readable display name of the Access Profile. This field is ignored on input.
example: Access Profile 2567
nullable: true
entitlements:
type: array
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
membership:
nullable: true
type: object
description: 'When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.'
properties:
type:
type: string
enum:
- STANDARD
- IDENTITY_LIST
description: |-
This enum characterizes the type of a Role's membership selector. Only the following two are fully supported:
STANDARD: Indicates that Role membership is defined in terms of a criteria expression
IDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed
example: IDENTITY_LIST
criteria:
nullable: true
type: object
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
nullable: true
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
identities:
type: array
items:
type: object
description: A reference to an Identity in an IDENTITY_LIST role membership criteria.
properties:
type:
nullable: true
example: IDENTITY
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
nullable: true
description: Human-readable display name of the Identity.
example: Thomas Edison
aliasName:
type: string
nullable: true
description: User name of the Identity
example: t.edison
nullable: true
description: 'Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.'
legacyMembershipInfo:
type: object
nullable: true
description: 'This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.'
example:
type: IDENTITY_LIST
additionalProperties: true
enabled:
type: boolean
description: Whether the Role is enabled or not.
example: true
default: false
requestable:
type: boolean
description: Whether the Role can be the target of access requests.
example: true
default: false
accessRequestConfig:
nullable: true
description: Access request configuration for this object
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: true
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: true
nullable: true
default: false
approvalSchemes:
type: array
description: List describing the steps in approving the request
items:
type: object
properties:
approverType:
type: string
enum:
- OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**OWNER**: Owner of the associated Role
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
revocationRequestConfig:
nullable: true
default: null
description: Revocation request configuration for this object.
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: false
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: false
nullable: true
default: false
approvalSchemes:
type: array
description: List describing the steps in approving the revocation request
items:
type: object
properties:
approverType:
type: string
enum:
- OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**OWNER**: Owner of the associated Role
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Role is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
required:
- name
- owner
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:role-unchecked:read'
- 'idn:role-unchecked:manage'
- 'idn:role-checked:manage'
- 'idn:role-checked:read'
patch:
operationId: patchRole
tags:
- Roles
summary: Patch a specified Role
description: |-
This API updates an existing role using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax.
The following fields are patchable: * name * description * enabled * owner * accessProfiles * membership * requestable * accessRequestConfig * revokeRequestConfig * segments
A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all access profiles included in the role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member.
The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing roles, however, any new roles as well as any updates to existing descriptions will be limited to 2000 characters.
When you use this API to modify a role's membership identities, you can only modify up to a limit of 500 membership identities at a time.
parameters:
- name: id
in: path
description: ID of the Role to patch
required: true
schema:
type: string
example: 2c91808a7813090a017814121e121518
requestBody:
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
examples:
Make a Role Requestable and Enable it in One Call:
description: This example shows how multiple fields may be updated with a single patch call.
value:
- op: replace
path: /requestable
value: true
- op: replace
path: /enabled
value: true
Assign a Role to a Segment:
description: This example illustrates the use of patch to assign a Role to a Segment by adding the Segment's ID to the Role's segments array.
value:
- op: add
path: /segments/-
value: f7b1b8a3-5fed-4fd4-ad29-82014e137e19
Set the Membership Selection Criteria to a List of Identities:
description: 'This example shows how to define a Role''s membershp by providing a list of Identities, referenced by their IDs.'
value:
- op: replace
path: /membership
value:
type: IDENTITY_LIST
identities:
- id: 2c91808973fe906c0174262092014ed9
- id: 2c918086262092014ed94fb8a47612f3
Set the Membership Selection Criteria to a Standard Expression:
description: 'This example shows how to define a Role''s membership using STANDARD criteria. In this case, the Role will be granted to all Identities which have the *Engineering* attribute from the indicated Source.'
value:
- op: replace
path: /membership
value:
type: STANDARD
criteria:
operation: OR
children:
- operation: EQUALS
key:
type: ENTITLEMENT
property: attribute.memberOf
sourceId: 2c9180887701fb2014213e122092014e
stringValue: Engineering
Add a New Clause as the Child of an Existing Standard Expression:
description: This example shows how to add a child clause to an existing STANDARD criteria expression.
value:
- op: add
path: /membership/criteria/children/-
value:
operation: ENDS_WITH
key:
type: IDENTITY
property: attribute.email
stringValue: '@identitynow.com'
required: true
responses:
'200':
description: Responds with the Role as updated.
content:
application/json:
schema:
type: object
description: A Role
properties:
id:
type: string
description: 'The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.'
example: 2c918086749d78830174a1a40e121518
name:
type: string
description: The human-readable display name of the Role
maxLength: 128
example: Role 2567
created:
type: string
description: Date the Role was created
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date the Role was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
description:
type: string
nullable: true
description: A human-readable description of the Role
example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.
owner:
type: object
nullable: false
description: The owner of this object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
accessProfiles:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the Access Profile
example: ff808081751e6e129f1518161919ecca
type:
type: string
description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.'
enum:
- ACCESS_PROFILE
example: ACCESS_PROFILE
name:
type: string
description: Human-readable display name of the Access Profile. This field is ignored on input.
example: Access Profile 2567
nullable: true
entitlements:
type: array
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
membership:
nullable: true
type: object
description: 'When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.'
properties:
type:
type: string
enum:
- STANDARD
- IDENTITY_LIST
description: |-
This enum characterizes the type of a Role's membership selector. Only the following two are fully supported:
STANDARD: Indicates that Role membership is defined in terms of a criteria expression
IDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed
example: IDENTITY_LIST
criteria:
nullable: true
type: object
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
nullable: true
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
identities:
type: array
items:
type: object
description: A reference to an Identity in an IDENTITY_LIST role membership criteria.
properties:
type:
nullable: true
example: IDENTITY
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
nullable: true
description: Human-readable display name of the Identity.
example: Thomas Edison
aliasName:
type: string
nullable: true
description: User name of the Identity
example: t.edison
nullable: true
description: 'Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.'
legacyMembershipInfo:
type: object
nullable: true
description: 'This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.'
example:
type: IDENTITY_LIST
additionalProperties: true
enabled:
type: boolean
description: Whether the Role is enabled or not.
example: true
default: false
requestable:
type: boolean
description: Whether the Role can be the target of access requests.
example: true
default: false
accessRequestConfig:
nullable: true
description: Access request configuration for this object
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: true
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: true
nullable: true
default: false
approvalSchemes:
type: array
description: List describing the steps in approving the request
items:
type: object
properties:
approverType:
type: string
enum:
- OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**OWNER**: Owner of the associated Role
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
revocationRequestConfig:
nullable: true
default: null
description: Revocation request configuration for this object.
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: false
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: false
nullable: true
default: false
approvalSchemes:
type: array
description: List describing the steps in approving the revocation request
items:
type: object
properties:
approverType:
type: string
enum:
- OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**OWNER**: Owner of the associated Role
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Role is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
required:
- name
- owner
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:role-unchecked:manage'
- 'idn:role-checked:manage'
delete:
operationId: deleteRole
tags:
- Roles
summary: Delete a Role
description: |-
This API deletes a Role by its ID.
A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member.
parameters:
- in: path
name: id
required: true
schema:
type: string
description: ID of the Role
example: 2c91808a7813090a017814121e121518
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:role-unchecked:manage'
- 'idn:role-checked:manage'
/roles/bulk-delete:
post:
operationId: deleteBulkRoles
summary: Delete Role(s)
tags:
- Roles
description: |-
This endpoint initiates a bulk deletion of one or more roles.
When the request is successful, the endpoint returns the bulk delete's task result ID. To follow the task, you can use [Get Task Status by ID](https://developer.sailpoint.com/docs/api/beta/get-task-status), which will return the task result's status and information.
This endpoint can only bulk delete up to a limit of 50 roles per request.
A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this endpoint. In addition, a token with ROLE_SUBADMIN authority can only call this endpoint if all roles included in the request are associated with sources with management workgroups the ROLE_SUBADMIN is a member of.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
roleIds:
description: List of IDs of Roles to be deleted.
type: array
items:
type: string
example:
- 2c9180847812e0b1017817051919ecca
- 2c9180887812e0b201781e129f151816
required:
- roleIds
example:
roleIds:
- 2c91808876438bb2017668b91919ecca
- 2c91808876438ba801766e129f151816
responses:
'202':
description: Returns an object with the id of the task performing the delete operation.
content:
application/json:
schema:
type: object
description: Task result.
properties:
type:
type: string
description: Task result DTO type.
enum:
- TASK_RESULT
example: TASK_RESULT
id:
type: string
description: Task result ID.
example: 464ae7bf791e49fdb74606a2e4a89635
name:
type: string
description: Task result display name.
nullable: true
example: null
example:
type: TASK_RESULT
id: 464ae7bf791e49fdb74606a2e4a89635
name: null
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
400.1 Bad Request Content:
description: Response for bad request content
value:
detailCode: 400.1 Bad Request Content
trackingId: 1ea1adcb84da4dcb890145e05745774e
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The request was syntactically correct but its content is semantically invalid.
400.1 Role ids limit violation:
description: Role ids limit violation response
value:
detailCode: 400.1 Bad Request Content
trackingId: 77aa89ac6f0e422dbc588866abc22be9
messages:
- locale: en-US
localeOrigin: DEFAULT
text: roleIds count exceeded max limit of 50 for bulk-delete.
400.1.404 Referenced object not found:
description: Referenced object not found response
value:
detailCode: 400.1.404 Referenced object not found
trackingId: 77aa89ac6f0e422dbc588866abc22be9
messages:
- locale: en-US
localeOrigin: DEFAULT
text: 'Referenced roleIds ["2c91808876438bb2017668b91919ecca"] was not found.'
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:role-unchecked:manage'
- 'idn:role-checked:manage'
'/roles/{id}/assigned-identities':
get:
operationId: getRoleAssignedIdentities
tags:
- Roles
summary: List Identities assigned a Role
parameters:
- in: path
name: id
schema:
type: string
description: ID of the Role for which the assigned Identities are to be listed
example: 2c91808a7813090a017814121e121518
required: true
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**aliasName**: *eq, sw*
**email**: *eq, sw*
**name**: *eq, sw, co*
example: name sw Joe
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **id, name, aliasName, email**
example: 'aliasName,name'
responses:
'200':
description: List of Identities assigned the Role
content:
application/json:
schema:
type: array
items:
type: object
description: A subset of the fields of an Identity which is a member of a Role.
properties:
id:
type: string
description: The ID of the Identity
example: 2c9180a46faadee4016fb4e018c20639
aliasName:
type: string
description: The alias / username of the Identity
example: t.edison
name:
type: string
description: The human-readable display name of the Identity
example: Thomas Edison
email:
type: string
description: Email address of the Identity
example: t.edison@identitynow.com
roleAssignmentSource:
type: string
enum:
- ACCESS_REQUEST
- ROLE_MEMBERSHIP
description: Type which indicates how a particular Identity obtained a particular Role
example: ACCESS_REQUEST
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:role-unchecked:read'
- 'idn:role-unchecked:manage'
- 'idn:role-checked:manage'
- 'idn:role-checked:read'
/saved-searches:
post:
security:
- UserContextAuth:
- 'sp:saved-search:create'
tags:
- Saved Search
description: |
Creates a new saved search.
summary: Create a saved search
operationId: createSavedSearch
requestBody:
description: The saved search to persist.
content:
application/json:
schema:
allOf:
- type: object
properties:
name:
description: |
The name of the saved search.
type: string
example: Disabled accounts
description:
description: |
The description of the saved search.
type: string
nullable: true
example: Disabled accounts
- type: object
properties:
created:
description: |
The date the saved search was initially created.
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
description: |
The last date the saved search was modified.
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
indices:
description: |
The names of the Elasticsearch indices in which to search.
type: array
items:
description: |-
Enum representing the currently supported indices.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofiles
- accountactivities
- entitlements
- events
- identities
- roles
- '*'
example: identities
example:
- identities
columns:
description: |
The columns to be returned (specifies the order in which they will be presented) for each document type.
The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_.
type: object
additionalProperties:
type: array
items:
type: object
properties:
field:
description: |
The name of the field.
type: string
example: email
header:
description: |
The value of the header.
type: string
example: Work Email
required:
- field
example:
identity:
- field: displayName
header: Display Name
- field: e-mail
header: Work Email
query:
description: |
The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL.
type: string
example: '@accounts(disabled:true)'
fields:
description: |
The fields to be searched against in a multi-field query.
type: array
nullable: true
items:
type: string
example:
- disabled
orderBy:
description: |
Sort by index. This takes precedence over the `sort` property.
type: object
additionalProperties:
type: array
items:
type: string
nullable: true
example:
identity:
- lastName
- firstName
role:
- name
sort:
description: |
The fields to be used to sort the search results.
type: array
items:
type: string
example:
- displayName
nullable: true
filters:
nullable: true
allOf:
- type: object
description: The filters to be applied for each filtered field name.
example:
attributes.cloudAuthoritativeSource:
type: EXISTS
exclude: true
accessCount:
type: RANGE
range:
lower:
value: '3'
created:
type: RANGE
range:
lower:
value: '2019-12-01'
inclusive: true
upper:
value: '2020-01-01'
source.name:
type: TERMS
terms:
- HR Employees
- Corporate Active Directory
exclude: true
protected:
type: TERMS
terms:
- 'true'
- type: object
properties:
type:
description: |-
Enum representing the currently supported filter types.
Additional values may be added in the future without notice.
type: string
enum:
- EXISTS
- RANGE
- TERMS
example: RANGE
range:
type: object
description: The range of values to be filtered.
properties:
lower:
description: The lower bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
upper:
description: The upper bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
terms:
description: The terms to be filtered.
type: array
items:
type: string
example: account_count
exclude:
description: Indicates if the filter excludes results.
type: boolean
default: false
example: false
required:
- indices
- query
required: true
responses:
'201':
description: The persisted saved search.
content:
application/json:
schema:
type: object
allOf:
- type: object
properties:
id:
description: |
The saved search ID.
type: string
example: 0de46054-fe90-434a-b84e-c6b3359d0c64
owner:
description: |
The owner of the saved search.
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
description: |
The id of the object.
type: string
example: 2c91808568c529c60168cca6f90c1313
required:
- type
- id
ownerId:
type: string
description: The ID of the identity that owns this saved search.
example: 2c91808568c529c60168cca6f90c1313
public:
type: boolean
description: Whether this saved search is visible to anyone but the owner. This field will always be false as there is no way to set a saved search as public at this time.
default: false
example: false
- type: object
properties:
name:
description: |
The name of the saved search.
type: string
example: Disabled accounts
description:
description: |
The description of the saved search.
type: string
nullable: true
example: Disabled accounts
- type: object
properties:
created:
description: |
The date the saved search was initially created.
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
description: |
The last date the saved search was modified.
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
indices:
description: |
The names of the Elasticsearch indices in which to search.
type: array
items:
description: |-
Enum representing the currently supported indices.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofiles
- accountactivities
- entitlements
- events
- identities
- roles
- '*'
example: identities
example:
- identities
columns:
description: |
The columns to be returned (specifies the order in which they will be presented) for each document type.
The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_.
type: object
additionalProperties:
type: array
items:
type: object
properties:
field:
description: |
The name of the field.
type: string
example: email
header:
description: |
The value of the header.
type: string
example: Work Email
required:
- field
example:
identity:
- field: displayName
header: Display Name
- field: e-mail
header: Work Email
query:
description: |
The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL.
type: string
example: '@accounts(disabled:true)'
fields:
description: |
The fields to be searched against in a multi-field query.
type: array
nullable: true
items:
type: string
example:
- disabled
orderBy:
description: |
Sort by index. This takes precedence over the `sort` property.
type: object
additionalProperties:
type: array
items:
type: string
nullable: true
example:
identity:
- lastName
- firstName
role:
- name
sort:
description: |
The fields to be used to sort the search results.
type: array
items:
type: string
example:
- displayName
nullable: true
filters:
nullable: true
allOf:
- type: object
description: The filters to be applied for each filtered field name.
example:
attributes.cloudAuthoritativeSource:
type: EXISTS
exclude: true
accessCount:
type: RANGE
range:
lower:
value: '3'
created:
type: RANGE
range:
lower:
value: '2019-12-01'
inclusive: true
upper:
value: '2020-01-01'
source.name:
type: TERMS
terms:
- HR Employees
- Corporate Active Directory
exclude: true
protected:
type: TERMS
terms:
- 'true'
- type: object
properties:
type:
description: |-
Enum representing the currently supported filter types.
Additional values may be added in the future without notice.
type: string
enum:
- EXISTS
- RANGE
- TERMS
example: RANGE
range:
type: object
description: The range of values to be filtered.
properties:
lower:
description: The lower bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
upper:
description: The upper bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
terms:
description: The terms to be filtered.
type: array
items:
type: string
example: account_count
exclude:
description: Indicates if the filter excludes results.
type: boolean
default: false
example: false
required:
- indices
- query
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
security:
- UserContextAuth:
- 'sp:saved-search:read'
tags:
- Saved Search
description: |
Returns a list of saved searches.
summary: A list of Saved Searches
operationId: listSavedSearches
parameters:
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- name: filters
in: query
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**owner.id**: *eq*
example: owner.id eq "7a724640-0c17-4ce9-a8c3-4a89738459c8"
responses:
'200':
description: The list of requested saved searches.
content:
application/json:
schema:
type: array
items:
type: object
allOf:
- type: object
properties:
id:
description: |
The saved search ID.
type: string
example: 0de46054-fe90-434a-b84e-c6b3359d0c64
owner:
description: |
The owner of the saved search.
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
description: |
The id of the object.
type: string
example: 2c91808568c529c60168cca6f90c1313
required:
- type
- id
ownerId:
type: string
description: The ID of the identity that owns this saved search.
example: 2c91808568c529c60168cca6f90c1313
public:
type: boolean
description: Whether this saved search is visible to anyone but the owner. This field will always be false as there is no way to set a saved search as public at this time.
default: false
example: false
- type: object
properties:
name:
description: |
The name of the saved search.
type: string
example: Disabled accounts
description:
description: |
The description of the saved search.
type: string
nullable: true
example: Disabled accounts
- type: object
properties:
created:
description: |
The date the saved search was initially created.
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
description: |
The last date the saved search was modified.
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
indices:
description: |
The names of the Elasticsearch indices in which to search.
type: array
items:
description: |-
Enum representing the currently supported indices.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofiles
- accountactivities
- entitlements
- events
- identities
- roles
- '*'
example: identities
example:
- identities
columns:
description: |
The columns to be returned (specifies the order in which they will be presented) for each document type.
The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_.
type: object
additionalProperties:
type: array
items:
type: object
properties:
field:
description: |
The name of the field.
type: string
example: email
header:
description: |
The value of the header.
type: string
example: Work Email
required:
- field
example:
identity:
- field: displayName
header: Display Name
- field: e-mail
header: Work Email
query:
description: |
The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL.
type: string
example: '@accounts(disabled:true)'
fields:
description: |
The fields to be searched against in a multi-field query.
type: array
nullable: true
items:
type: string
example:
- disabled
orderBy:
description: |
Sort by index. This takes precedence over the `sort` property.
type: object
additionalProperties:
type: array
items:
type: string
nullable: true
example:
identity:
- lastName
- firstName
role:
- name
sort:
description: |
The fields to be used to sort the search results.
type: array
items:
type: string
example:
- displayName
nullable: true
filters:
nullable: true
allOf:
- type: object
description: The filters to be applied for each filtered field name.
example:
attributes.cloudAuthoritativeSource:
type: EXISTS
exclude: true
accessCount:
type: RANGE
range:
lower:
value: '3'
created:
type: RANGE
range:
lower:
value: '2019-12-01'
inclusive: true
upper:
value: '2020-01-01'
source.name:
type: TERMS
terms:
- HR Employees
- Corporate Active Directory
exclude: true
protected:
type: TERMS
terms:
- 'true'
- type: object
properties:
type:
description: |-
Enum representing the currently supported filter types.
Additional values may be added in the future without notice.
type: string
enum:
- EXISTS
- RANGE
- TERMS
example: RANGE
range:
type: object
description: The range of values to be filtered.
properties:
lower:
description: The lower bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
upper:
description: The upper bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
terms:
description: The terms to be filtered.
type: array
items:
type: string
example: account_count
exclude:
description: Indicates if the filter excludes results.
type: boolean
default: false
example: false
required:
- indices
- query
headers:
X-Total-Count:
description: The total result count (returned only if the *count* parameter is specified as *true*).
schema:
type: integer
example: 5
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/saved-searches/{id}':
put:
tags:
- Saved Search
description: |
Updates an existing saved search.
>**NOTE: You cannot update the `owner` of the saved search.**
summary: |
Updates an existing saved search
operationId: putSavedSearch
parameters:
- in: path
name: id
description: ID of the requested document.
schema:
type: string
required: true
example: 2c91808568c529c60168cca6f90c1313
requestBody:
description: The saved search to persist.
content:
application/json:
schema:
type: object
allOf:
- type: object
properties:
id:
description: |
The saved search ID.
type: string
example: 0de46054-fe90-434a-b84e-c6b3359d0c64
owner:
description: |
The owner of the saved search.
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
description: |
The id of the object.
type: string
example: 2c91808568c529c60168cca6f90c1313
required:
- type
- id
ownerId:
type: string
description: The ID of the identity that owns this saved search.
example: 2c91808568c529c60168cca6f90c1313
public:
type: boolean
description: Whether this saved search is visible to anyone but the owner. This field will always be false as there is no way to set a saved search as public at this time.
default: false
example: false
- type: object
properties:
name:
description: |
The name of the saved search.
type: string
example: Disabled accounts
description:
description: |
The description of the saved search.
type: string
nullable: true
example: Disabled accounts
- type: object
properties:
created:
description: |
The date the saved search was initially created.
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
description: |
The last date the saved search was modified.
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
indices:
description: |
The names of the Elasticsearch indices in which to search.
type: array
items:
description: |-
Enum representing the currently supported indices.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofiles
- accountactivities
- entitlements
- events
- identities
- roles
- '*'
example: identities
example:
- identities
columns:
description: |
The columns to be returned (specifies the order in which they will be presented) for each document type.
The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_.
type: object
additionalProperties:
type: array
items:
type: object
properties:
field:
description: |
The name of the field.
type: string
example: email
header:
description: |
The value of the header.
type: string
example: Work Email
required:
- field
example:
identity:
- field: displayName
header: Display Name
- field: e-mail
header: Work Email
query:
description: |
The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL.
type: string
example: '@accounts(disabled:true)'
fields:
description: |
The fields to be searched against in a multi-field query.
type: array
nullable: true
items:
type: string
example:
- disabled
orderBy:
description: |
Sort by index. This takes precedence over the `sort` property.
type: object
additionalProperties:
type: array
items:
type: string
nullable: true
example:
identity:
- lastName
- firstName
role:
- name
sort:
description: |
The fields to be used to sort the search results.
type: array
items:
type: string
example:
- displayName
nullable: true
filters:
nullable: true
allOf:
- type: object
description: The filters to be applied for each filtered field name.
example:
attributes.cloudAuthoritativeSource:
type: EXISTS
exclude: true
accessCount:
type: RANGE
range:
lower:
value: '3'
created:
type: RANGE
range:
lower:
value: '2019-12-01'
inclusive: true
upper:
value: '2020-01-01'
source.name:
type: TERMS
terms:
- HR Employees
- Corporate Active Directory
exclude: true
protected:
type: TERMS
terms:
- 'true'
- type: object
properties:
type:
description: |-
Enum representing the currently supported filter types.
Additional values may be added in the future without notice.
type: string
enum:
- EXISTS
- RANGE
- TERMS
example: RANGE
range:
type: object
description: The range of values to be filtered.
properties:
lower:
description: The lower bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
upper:
description: The upper bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
terms:
description: The terms to be filtered.
type: array
items:
type: string
example: account_count
exclude:
description: Indicates if the filter excludes results.
type: boolean
default: false
example: false
required:
- indices
- query
required: true
responses:
'200':
description: The persisted saved search.
content:
application/json:
schema:
type: object
allOf:
- type: object
properties:
id:
description: |
The saved search ID.
type: string
example: 0de46054-fe90-434a-b84e-c6b3359d0c64
owner:
description: |
The owner of the saved search.
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
description: |
The id of the object.
type: string
example: 2c91808568c529c60168cca6f90c1313
required:
- type
- id
ownerId:
type: string
description: The ID of the identity that owns this saved search.
example: 2c91808568c529c60168cca6f90c1313
public:
type: boolean
description: Whether this saved search is visible to anyone but the owner. This field will always be false as there is no way to set a saved search as public at this time.
default: false
example: false
- type: object
properties:
name:
description: |
The name of the saved search.
type: string
example: Disabled accounts
description:
description: |
The description of the saved search.
type: string
nullable: true
example: Disabled accounts
- type: object
properties:
created:
description: |
The date the saved search was initially created.
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
description: |
The last date the saved search was modified.
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
indices:
description: |
The names of the Elasticsearch indices in which to search.
type: array
items:
description: |-
Enum representing the currently supported indices.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofiles
- accountactivities
- entitlements
- events
- identities
- roles
- '*'
example: identities
example:
- identities
columns:
description: |
The columns to be returned (specifies the order in which they will be presented) for each document type.
The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_.
type: object
additionalProperties:
type: array
items:
type: object
properties:
field:
description: |
The name of the field.
type: string
example: email
header:
description: |
The value of the header.
type: string
example: Work Email
required:
- field
example:
identity:
- field: displayName
header: Display Name
- field: e-mail
header: Work Email
query:
description: |
The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL.
type: string
example: '@accounts(disabled:true)'
fields:
description: |
The fields to be searched against in a multi-field query.
type: array
nullable: true
items:
type: string
example:
- disabled
orderBy:
description: |
Sort by index. This takes precedence over the `sort` property.
type: object
additionalProperties:
type: array
items:
type: string
nullable: true
example:
identity:
- lastName
- firstName
role:
- name
sort:
description: |
The fields to be used to sort the search results.
type: array
items:
type: string
example:
- displayName
nullable: true
filters:
nullable: true
allOf:
- type: object
description: The filters to be applied for each filtered field name.
example:
attributes.cloudAuthoritativeSource:
type: EXISTS
exclude: true
accessCount:
type: RANGE
range:
lower:
value: '3'
created:
type: RANGE
range:
lower:
value: '2019-12-01'
inclusive: true
upper:
value: '2020-01-01'
source.name:
type: TERMS
terms:
- HR Employees
- Corporate Active Directory
exclude: true
protected:
type: TERMS
terms:
- 'true'
- type: object
properties:
type:
description: |-
Enum representing the currently supported filter types.
Additional values may be added in the future without notice.
type: string
enum:
- EXISTS
- RANGE
- TERMS
example: RANGE
range:
type: object
description: The range of values to be filtered.
properties:
lower:
description: The lower bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
upper:
description: The upper bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
terms:
description: The terms to be filtered.
type: array
items:
type: string
example: account_count
exclude:
description: Indicates if the filter excludes results.
type: boolean
default: false
example: false
required:
- indices
- query
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
tags:
- Saved Search
description: |
Returns the specified saved search.
summary: Return saved search by ID
operationId: getSavedSearch
parameters:
- in: path
name: id
description: ID of the requested document.
schema:
type: string
required: true
example: 2c91808568c529c60168cca6f90c1313
responses:
'200':
description: The requested saved search.
content:
application/json:
schema:
type: object
allOf:
- type: object
properties:
id:
description: |
The saved search ID.
type: string
example: 0de46054-fe90-434a-b84e-c6b3359d0c64
owner:
description: |
The owner of the saved search.
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
description: |
The id of the object.
type: string
example: 2c91808568c529c60168cca6f90c1313
required:
- type
- id
ownerId:
type: string
description: The ID of the identity that owns this saved search.
example: 2c91808568c529c60168cca6f90c1313
public:
type: boolean
description: Whether this saved search is visible to anyone but the owner. This field will always be false as there is no way to set a saved search as public at this time.
default: false
example: false
- type: object
properties:
name:
description: |
The name of the saved search.
type: string
example: Disabled accounts
description:
description: |
The description of the saved search.
type: string
nullable: true
example: Disabled accounts
- type: object
properties:
created:
description: |
The date the saved search was initially created.
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
description: |
The last date the saved search was modified.
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
indices:
description: |
The names of the Elasticsearch indices in which to search.
type: array
items:
description: |-
Enum representing the currently supported indices.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofiles
- accountactivities
- entitlements
- events
- identities
- roles
- '*'
example: identities
example:
- identities
columns:
description: |
The columns to be returned (specifies the order in which they will be presented) for each document type.
The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_.
type: object
additionalProperties:
type: array
items:
type: object
properties:
field:
description: |
The name of the field.
type: string
example: email
header:
description: |
The value of the header.
type: string
example: Work Email
required:
- field
example:
identity:
- field: displayName
header: Display Name
- field: e-mail
header: Work Email
query:
description: |
The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL.
type: string
example: '@accounts(disabled:true)'
fields:
description: |
The fields to be searched against in a multi-field query.
type: array
nullable: true
items:
type: string
example:
- disabled
orderBy:
description: |
Sort by index. This takes precedence over the `sort` property.
type: object
additionalProperties:
type: array
items:
type: string
nullable: true
example:
identity:
- lastName
- firstName
role:
- name
sort:
description: |
The fields to be used to sort the search results.
type: array
items:
type: string
example:
- displayName
nullable: true
filters:
nullable: true
allOf:
- type: object
description: The filters to be applied for each filtered field name.
example:
attributes.cloudAuthoritativeSource:
type: EXISTS
exclude: true
accessCount:
type: RANGE
range:
lower:
value: '3'
created:
type: RANGE
range:
lower:
value: '2019-12-01'
inclusive: true
upper:
value: '2020-01-01'
source.name:
type: TERMS
terms:
- HR Employees
- Corporate Active Directory
exclude: true
protected:
type: TERMS
terms:
- 'true'
- type: object
properties:
type:
description: |-
Enum representing the currently supported filter types.
Additional values may be added in the future without notice.
type: string
enum:
- EXISTS
- RANGE
- TERMS
example: RANGE
range:
type: object
description: The range of values to be filtered.
properties:
lower:
description: The lower bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
upper:
description: The upper bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
terms:
description: The terms to be filtered.
type: array
items:
type: string
example: account_count
exclude:
description: Indicates if the filter excludes results.
type: boolean
default: false
example: false
required:
- indices
- query
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
tags:
- Saved Search
description: |
Deletes the specified saved search.
summary: Delete document by ID
operationId: deleteSavedSearch
parameters:
- in: path
name: id
description: ID of the requested document.
schema:
type: string
required: true
example: 2c91808568c529c60168cca6f90c1313
responses:
'204':
description: No Content - Indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/saved-searches/{id}/execute':
post:
tags:
- Saved Search
description: |
Executes the specified saved search.
summary: Execute a saved search by ID
operationId: executeSavedSearch
parameters:
- in: path
name: id
description: ID of the requested document.
schema:
type: string
required: true
example: 2c91808568c529c60168cca6f90c1313
requestBody:
description: |
When saved search execution is triggered by a scheduled search, *scheduleId* will specify the ID of the triggering scheduled search.
If *scheduleId* is not specified (when execution is triggered by a UI test), the *owner* and *recipients* arguments must be provided.
content:
application/json:
schema:
type: object
properties:
scheduleId:
description: |
The ID of the scheduled search that triggered the saved search execution.
type: string
example: 7a724640-0c17-4ce9-a8c3-4a89738459c8
owner:
description: |
The owner of the scheduled search being tested.
allOf:
- type: object
description: |
A typed reference to the object.
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
description: |
The id of the object.
type: string
example: 2c91808568c529c60168cca6f90c1313
required:
- type
- id
recipients:
description: |
The email recipients of the scheduled search being tested.
type: array
items:
type: object
description: |
A typed reference to the object.
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
description: |
The id of the object.
type: string
example: 2c91808568c529c60168cca6f90c1313
required:
- type
- id
examples:
scheduled:
summary: Triggered by Scheduled Search
value:
scheduleId: 7a724640-0c17-4ce9-a8c3-4a89738459c8
test:
summary: Triggered by UI Test
value:
owner:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
recipients:
- type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
required: true
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/scheduled-searches:
post:
tags:
- Scheduled Search
description: |
Creates a new scheduled search.
summary: Create a new scheduled search
operationId: createScheduledSearch
requestBody:
description: The scheduled search to persist.
content:
application/json:
schema:
allOf:
- type: object
properties:
name:
description: |
The name of the scheduled search.
type: string
example: Daily disabled accounts
nullable: true
description:
description: |
The description of the scheduled search.
type: string
nullable: true
example: Daily disabled accounts
- type: object
properties:
savedSearchId:
description: The ID of the saved search that will be executed.
type: string
example: 554f1511-f0a1-4744-ab14-599514d3e57c
created:
allOf:
- type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
description: The date the scheduled search was initially created.
readOnly: true
modified:
allOf:
- type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
description: The last date the scheduled search was modified.
readOnly: true
schedule:
type: object
description: The schedule information.
properties:
type:
description: |
Enum representing the currently supported schedule types.
Additional values may be added in the future without notice.
type: string
enum:
- DAILY
- WEEKLY
- MONTHLY
- CALENDAR
- ANNUALLY
example: WEEKLY
months:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The months to execute the search. This only applies to schedules with a type of `ANNUALLY`.
example:
type: LIST
values:
- '3'
- '6'
- '9'
- '12'
nullable: true
days:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The days to execute the search.
If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.
If `type` is `MONTHLY` or `ANNUALLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month.
example:
type: LIST
values:
- MON
- WED
- FRI
nullable: true
hours:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: The hours selected.
example:
type: RANGE
values:
- '9'
- '18'
interval: 3
expiration:
description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000'''
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
timeZoneId:
description: 'The canonical TZ identifier the schedule will run in (ex. America/New_York). If no timezone is specified, the org''s default timezone is used.'
nullable: true
type: string
example: America/Chicago
required:
- type
- hours
recipients:
description: A list of identities that should receive the scheduled search report via email.
type: array
items:
type: object
properties:
type:
type: string
description: The type of object being referenced
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: The ID of the referenced object
example: 2c9180867624cbd7017642d8c8c81f67
required:
- type
- id
enabled:
description: |
Indicates if the scheduled search is enabled.
type: boolean
default: false
example: false
emailEmptyResults:
description: |
Indicates if email generation should occur when search returns no results.
type: boolean
default: false
example: false
displayQueryDetails:
description: |
Indicates if the generated email should include the query and search results preview (which could include PII).
type: boolean
default: false
example: false
required:
- savedSearchId
- schedule
- recipients
examples:
Daily Search:
description: A search that executes each day at a 9 AM
value:
savedSearchId: 9c620e13-cd33-4804-a13d-403bd7bcdbad
schedule:
type: DAILY
hours:
type: LIST
values:
- '9'
recipients:
- type: IDENTITY
id: 2c9180867624cbd7017642d8c8c81f67
Weekly Search:
description: A search that executes each week on select days and times
value:
savedSearchId: 9c620e13-cd33-4804-a13d-403bd7bcdbad
schedule:
type: WEEKLY
days:
type: LIST
values:
- MON
- TUE
- WED
- THU
- FRI
- SAT
- SUN
hours:
type: LIST
values:
- '9'
recipients:
- type: IDENTITY
id: 2c9180867624cbd7017642d8c8c81f67
Monthly Search:
description: A search that executes each month on select days and times
value:
savedSearchId: 9c620e13-cd33-4804-a13d-403bd7bcdbad
schedule:
type: MONTHLY
days:
type: LIST
values:
- '1'
- '7'
- '14'
- L
hours:
type: LIST
values:
- '9'
recipients:
- type: IDENTITY
id: 2c9180867624cbd7017642d8c8c81f67
Annual Search:
description: 'A search that executes each year on the defined months, days, and times.'
value:
savedSearchId: 9c620e13-cd33-4804-a13d-403bd7bcdbad
schedule:
type: ANNUALLY
months:
type: LIST
values:
- '1'
interval: 3
days:
type: LIST
values:
- '1'
- '7'
- '14'
- L
hours:
type: LIST
values:
- '9'
recipients:
- type: IDENTITY
id: 2c9180867624cbd7017642d8c8c81f67
Calendar Search:
description: A search that executes on specific calendar days
value:
savedSearchId: 9c620e13-cd33-4804-a13d-403bd7bcdbad
schedule:
type: CALENDAR
days:
type: LIST
values:
- '2023-01-22'
- '2023-02-22'
hours:
type: LIST
values:
- '9'
recipients:
- type: IDENTITY
id: 2c9180867624cbd7017642d8c8c81f67
required: true
responses:
'201':
description: The persisted scheduled search.
content:
application/json:
schema:
type: object
allOf:
- type: object
properties:
id:
description: The scheduled search ID.
type: string
example: 0de46054-fe90-434a-b84e-c6b3359d0c64
readOnly: true
owner:
description: The owner of the scheduled search
readOnly: true
type: object
properties:
type:
type: string
description: The type of object being referenced
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: The ID of the referenced object
example: 2c9180867624cbd7017642d8c8c81f67
required:
- type
- id
ownerId:
description: |
The ID of the scheduled search owner.
Please use the `id` in the `owner` object instead.
type: string
example: 2c9180867624cbd7017642d8c8c81f67
readOnly: true
deprecated: true
- type: object
properties:
name:
description: |
The name of the scheduled search.
type: string
example: Daily disabled accounts
nullable: true
description:
description: |
The description of the scheduled search.
type: string
nullable: true
example: Daily disabled accounts
- type: object
properties:
savedSearchId:
description: The ID of the saved search that will be executed.
type: string
example: 554f1511-f0a1-4744-ab14-599514d3e57c
created:
allOf:
- type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
description: The date the scheduled search was initially created.
readOnly: true
modified:
allOf:
- type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
description: The last date the scheduled search was modified.
readOnly: true
schedule:
type: object
description: The schedule information.
properties:
type:
description: |
Enum representing the currently supported schedule types.
Additional values may be added in the future without notice.
type: string
enum:
- DAILY
- WEEKLY
- MONTHLY
- CALENDAR
- ANNUALLY
example: WEEKLY
months:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The months to execute the search. This only applies to schedules with a type of `ANNUALLY`.
example:
type: LIST
values:
- '3'
- '6'
- '9'
- '12'
nullable: true
days:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The days to execute the search.
If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.
If `type` is `MONTHLY` or `ANNUALLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month.
example:
type: LIST
values:
- MON
- WED
- FRI
nullable: true
hours:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: The hours selected.
example:
type: RANGE
values:
- '9'
- '18'
interval: 3
expiration:
description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000'''
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
timeZoneId:
description: 'The canonical TZ identifier the schedule will run in (ex. America/New_York). If no timezone is specified, the org''s default timezone is used.'
nullable: true
type: string
example: America/Chicago
required:
- type
- hours
recipients:
description: A list of identities that should receive the scheduled search report via email.
type: array
items:
type: object
properties:
type:
type: string
description: The type of object being referenced
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: The ID of the referenced object
example: 2c9180867624cbd7017642d8c8c81f67
required:
- type
- id
enabled:
description: |
Indicates if the scheduled search is enabled.
type: boolean
default: false
example: false
emailEmptyResults:
description: |
Indicates if email generation should occur when search returns no results.
type: boolean
default: false
example: false
displayQueryDetails:
description: |
Indicates if the generated email should include the query and search results preview (which could include PII).
type: boolean
default: false
example: false
required:
- savedSearchId
- schedule
- recipients
required:
- id
- owner
- ownerId
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
tags:
- Scheduled Search
description: |
Returns a list of scheduled searches.
summary: List scheduled searches
operationId: listScheduledSearch
parameters:
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- name: filters
in: query
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**owner.id**: *eq*
**savedSearchId**: *eq*
example: savedSearchId eq "6cc0945d-9eeb-4948-9033-72d066e1153e"
responses:
'200':
description: The list of requested scheduled searches.
content:
application/json:
schema:
type: array
items:
type: object
allOf:
- type: object
properties:
id:
description: The scheduled search ID.
type: string
example: 0de46054-fe90-434a-b84e-c6b3359d0c64
readOnly: true
owner:
description: The owner of the scheduled search
readOnly: true
type: object
properties:
type:
type: string
description: The type of object being referenced
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: The ID of the referenced object
example: 2c9180867624cbd7017642d8c8c81f67
required:
- type
- id
ownerId:
description: |
The ID of the scheduled search owner.
Please use the `id` in the `owner` object instead.
type: string
example: 2c9180867624cbd7017642d8c8c81f67
readOnly: true
deprecated: true
- type: object
properties:
name:
description: |
The name of the scheduled search.
type: string
example: Daily disabled accounts
nullable: true
description:
description: |
The description of the scheduled search.
type: string
nullable: true
example: Daily disabled accounts
- type: object
properties:
savedSearchId:
description: The ID of the saved search that will be executed.
type: string
example: 554f1511-f0a1-4744-ab14-599514d3e57c
created:
allOf:
- type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
description: The date the scheduled search was initially created.
readOnly: true
modified:
allOf:
- type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
description: The last date the scheduled search was modified.
readOnly: true
schedule:
type: object
description: The schedule information.
properties:
type:
description: |
Enum representing the currently supported schedule types.
Additional values may be added in the future without notice.
type: string
enum:
- DAILY
- WEEKLY
- MONTHLY
- CALENDAR
- ANNUALLY
example: WEEKLY
months:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The months to execute the search. This only applies to schedules with a type of `ANNUALLY`.
example:
type: LIST
values:
- '3'
- '6'
- '9'
- '12'
nullable: true
days:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The days to execute the search.
If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.
If `type` is `MONTHLY` or `ANNUALLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month.
example:
type: LIST
values:
- MON
- WED
- FRI
nullable: true
hours:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: The hours selected.
example:
type: RANGE
values:
- '9'
- '18'
interval: 3
expiration:
description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000'''
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
timeZoneId:
description: 'The canonical TZ identifier the schedule will run in (ex. America/New_York). If no timezone is specified, the org''s default timezone is used.'
nullable: true
type: string
example: America/Chicago
required:
- type
- hours
recipients:
description: A list of identities that should receive the scheduled search report via email.
type: array
items:
type: object
properties:
type:
type: string
description: The type of object being referenced
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: The ID of the referenced object
example: 2c9180867624cbd7017642d8c8c81f67
required:
- type
- id
enabled:
description: |
Indicates if the scheduled search is enabled.
type: boolean
default: false
example: false
emailEmptyResults:
description: |
Indicates if email generation should occur when search returns no results.
type: boolean
default: false
example: false
displayQueryDetails:
description: |
Indicates if the generated email should include the query and search results preview (which could include PII).
type: boolean
default: false
example: false
required:
- savedSearchId
- schedule
- recipients
required:
- id
- owner
- ownerId
headers:
X-Total-Count:
description: The total result count (returned only if the *count* parameter is specified as *true*).
schema:
type: integer
example: 5
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/scheduled-searches/{id}':
put:
tags:
- Scheduled Search
description: |
Updates an existing scheduled search.
summary: Update an existing Scheduled Search
operationId: updateScheduledSearch
parameters:
- in: path
name: id
description: ID of the requested document.
schema:
type: string
required: true
example: 2c91808568c529c60168cca6f90c1313
requestBody:
description: The scheduled search to persist.
content:
application/json:
schema:
type: object
allOf:
- type: object
properties:
id:
description: The scheduled search ID.
type: string
example: 0de46054-fe90-434a-b84e-c6b3359d0c64
readOnly: true
owner:
description: The owner of the scheduled search
readOnly: true
type: object
properties:
type:
type: string
description: The type of object being referenced
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: The ID of the referenced object
example: 2c9180867624cbd7017642d8c8c81f67
required:
- type
- id
ownerId:
description: |
The ID of the scheduled search owner.
Please use the `id` in the `owner` object instead.
type: string
example: 2c9180867624cbd7017642d8c8c81f67
readOnly: true
deprecated: true
- type: object
properties:
name:
description: |
The name of the scheduled search.
type: string
example: Daily disabled accounts
nullable: true
description:
description: |
The description of the scheduled search.
type: string
nullable: true
example: Daily disabled accounts
- type: object
properties:
savedSearchId:
description: The ID of the saved search that will be executed.
type: string
example: 554f1511-f0a1-4744-ab14-599514d3e57c
created:
allOf:
- type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
description: The date the scheduled search was initially created.
readOnly: true
modified:
allOf:
- type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
description: The last date the scheduled search was modified.
readOnly: true
schedule:
type: object
description: The schedule information.
properties:
type:
description: |
Enum representing the currently supported schedule types.
Additional values may be added in the future without notice.
type: string
enum:
- DAILY
- WEEKLY
- MONTHLY
- CALENDAR
- ANNUALLY
example: WEEKLY
months:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The months to execute the search. This only applies to schedules with a type of `ANNUALLY`.
example:
type: LIST
values:
- '3'
- '6'
- '9'
- '12'
nullable: true
days:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The days to execute the search.
If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.
If `type` is `MONTHLY` or `ANNUALLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month.
example:
type: LIST
values:
- MON
- WED
- FRI
nullable: true
hours:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: The hours selected.
example:
type: RANGE
values:
- '9'
- '18'
interval: 3
expiration:
description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000'''
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
timeZoneId:
description: 'The canonical TZ identifier the schedule will run in (ex. America/New_York). If no timezone is specified, the org''s default timezone is used.'
nullable: true
type: string
example: America/Chicago
required:
- type
- hours
recipients:
description: A list of identities that should receive the scheduled search report via email.
type: array
items:
type: object
properties:
type:
type: string
description: The type of object being referenced
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: The ID of the referenced object
example: 2c9180867624cbd7017642d8c8c81f67
required:
- type
- id
enabled:
description: |
Indicates if the scheduled search is enabled.
type: boolean
default: false
example: false
emailEmptyResults:
description: |
Indicates if email generation should occur when search returns no results.
type: boolean
default: false
example: false
displayQueryDetails:
description: |
Indicates if the generated email should include the query and search results preview (which could include PII).
type: boolean
default: false
example: false
required:
- savedSearchId
- schedule
- recipients
required:
- id
- owner
- ownerId
required: true
responses:
'200':
description: The persisted scheduled search.
content:
application/json:
schema:
type: object
allOf:
- type: object
properties:
id:
description: The scheduled search ID.
type: string
example: 0de46054-fe90-434a-b84e-c6b3359d0c64
readOnly: true
owner:
description: The owner of the scheduled search
readOnly: true
type: object
properties:
type:
type: string
description: The type of object being referenced
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: The ID of the referenced object
example: 2c9180867624cbd7017642d8c8c81f67
required:
- type
- id
ownerId:
description: |
The ID of the scheduled search owner.
Please use the `id` in the `owner` object instead.
type: string
example: 2c9180867624cbd7017642d8c8c81f67
readOnly: true
deprecated: true
- type: object
properties:
name:
description: |
The name of the scheduled search.
type: string
example: Daily disabled accounts
nullable: true
description:
description: |
The description of the scheduled search.
type: string
nullable: true
example: Daily disabled accounts
- type: object
properties:
savedSearchId:
description: The ID of the saved search that will be executed.
type: string
example: 554f1511-f0a1-4744-ab14-599514d3e57c
created:
allOf:
- type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
description: The date the scheduled search was initially created.
readOnly: true
modified:
allOf:
- type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
description: The last date the scheduled search was modified.
readOnly: true
schedule:
type: object
description: The schedule information.
properties:
type:
description: |
Enum representing the currently supported schedule types.
Additional values may be added in the future without notice.
type: string
enum:
- DAILY
- WEEKLY
- MONTHLY
- CALENDAR
- ANNUALLY
example: WEEKLY
months:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The months to execute the search. This only applies to schedules with a type of `ANNUALLY`.
example:
type: LIST
values:
- '3'
- '6'
- '9'
- '12'
nullable: true
days:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The days to execute the search.
If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.
If `type` is `MONTHLY` or `ANNUALLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month.
example:
type: LIST
values:
- MON
- WED
- FRI
nullable: true
hours:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: The hours selected.
example:
type: RANGE
values:
- '9'
- '18'
interval: 3
expiration:
description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000'''
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
timeZoneId:
description: 'The canonical TZ identifier the schedule will run in (ex. America/New_York). If no timezone is specified, the org''s default timezone is used.'
nullable: true
type: string
example: America/Chicago
required:
- type
- hours
recipients:
description: A list of identities that should receive the scheduled search report via email.
type: array
items:
type: object
properties:
type:
type: string
description: The type of object being referenced
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: The ID of the referenced object
example: 2c9180867624cbd7017642d8c8c81f67
required:
- type
- id
enabled:
description: |
Indicates if the scheduled search is enabled.
type: boolean
default: false
example: false
emailEmptyResults:
description: |
Indicates if email generation should occur when search returns no results.
type: boolean
default: false
example: false
displayQueryDetails:
description: |
Indicates if the generated email should include the query and search results preview (which could include PII).
type: boolean
default: false
example: false
required:
- savedSearchId
- schedule
- recipients
required:
- id
- owner
- ownerId
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
tags:
- Scheduled Search
description: Returns the specified scheduled search.
summary: Get a Scheduled Search
operationId: getScheduledSearch
parameters:
- in: path
name: id
description: ID of the requested document.
schema:
type: string
required: true
example: 2c91808568c529c60168cca6f90c1313
responses:
'200':
description: The requested scheduled search.
content:
application/json:
schema:
type: object
allOf:
- type: object
properties:
id:
description: The scheduled search ID.
type: string
example: 0de46054-fe90-434a-b84e-c6b3359d0c64
readOnly: true
owner:
description: The owner of the scheduled search
readOnly: true
type: object
properties:
type:
type: string
description: The type of object being referenced
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: The ID of the referenced object
example: 2c9180867624cbd7017642d8c8c81f67
required:
- type
- id
ownerId:
description: |
The ID of the scheduled search owner.
Please use the `id` in the `owner` object instead.
type: string
example: 2c9180867624cbd7017642d8c8c81f67
readOnly: true
deprecated: true
- type: object
properties:
name:
description: |
The name of the scheduled search.
type: string
example: Daily disabled accounts
nullable: true
description:
description: |
The description of the scheduled search.
type: string
nullable: true
example: Daily disabled accounts
- type: object
properties:
savedSearchId:
description: The ID of the saved search that will be executed.
type: string
example: 554f1511-f0a1-4744-ab14-599514d3e57c
created:
allOf:
- type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
description: The date the scheduled search was initially created.
readOnly: true
modified:
allOf:
- type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
description: The last date the scheduled search was modified.
readOnly: true
schedule:
type: object
description: The schedule information.
properties:
type:
description: |
Enum representing the currently supported schedule types.
Additional values may be added in the future without notice.
type: string
enum:
- DAILY
- WEEKLY
- MONTHLY
- CALENDAR
- ANNUALLY
example: WEEKLY
months:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The months to execute the search. This only applies to schedules with a type of `ANNUALLY`.
example:
type: LIST
values:
- '3'
- '6'
- '9'
- '12'
nullable: true
days:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The days to execute the search.
If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.
If `type` is `MONTHLY` or `ANNUALLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month.
example:
type: LIST
values:
- MON
- WED
- FRI
nullable: true
hours:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: The hours selected.
example:
type: RANGE
values:
- '9'
- '18'
interval: 3
expiration:
description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000'''
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
timeZoneId:
description: 'The canonical TZ identifier the schedule will run in (ex. America/New_York). If no timezone is specified, the org''s default timezone is used.'
nullable: true
type: string
example: America/Chicago
required:
- type
- hours
recipients:
description: A list of identities that should receive the scheduled search report via email.
type: array
items:
type: object
properties:
type:
type: string
description: The type of object being referenced
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: The ID of the referenced object
example: 2c9180867624cbd7017642d8c8c81f67
required:
- type
- id
enabled:
description: |
Indicates if the scheduled search is enabled.
type: boolean
default: false
example: false
emailEmptyResults:
description: |
Indicates if email generation should occur when search returns no results.
type: boolean
default: false
example: false
displayQueryDetails:
description: |
Indicates if the generated email should include the query and search results preview (which could include PII).
type: boolean
default: false
example: false
required:
- savedSearchId
- schedule
- recipients
required:
- id
- owner
- ownerId
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
tags:
- Scheduled Search
description: |
Deletes the specified scheduled search.
operationId: deleteScheduledSearch
summary: Delete a Scheduled Search
parameters:
- in: path
name: id
description: ID of the requested document.
schema:
type: string
required: true
example: 2c91808568c529c60168cca6f90c1313
responses:
'204':
description: No Content - Indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/scheduled-searches/{id}/unsubscribe':
post:
tags:
- Scheduled Search
description: |
Unsubscribes a recipient from the specified scheduled search.
operationId: unsubscribeScheduledSearch
summary: Unsubscribe a recipient from Scheduled Search
parameters:
- in: path
name: id
description: ID of the requested document.
schema:
type: string
required: true
example: 2c91808568c529c60168cca6f90c1313
requestBody:
description: |
The recipient to be removed from the scheduled search.
content:
application/json:
schema:
type: object
description: |
A typed reference to the object.
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
description: |
The id of the object.
type: string
example: 2c91808568c529c60168cca6f90c1313
required:
- type
- id
required: true
responses:
'204':
description: No Content - Indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
/search:
post:
tags:
- Search
description: 'Performs a search with the provided query and returns a matching result collection. By default, you can page a maximum of 10,000 search result records. To page past 10,000 records, you can use searchAfter paging. Refer to [Paginating Search Queries](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-search-queries) for more information about how to implement searchAfter paging. '
externalDocs:
description: Learn more about search.
url: 'https://documentation.sailpoint.com/saas/help/search/index.html'
operationId: searchPost
security:
- UserContextAuth:
- 'sp:search:read'
summary: Perform Search
parameters:
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 10000
schema:
type: integer
format: int32
minimum: 0
maximum: 10000
default: 10000
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
requestBody:
content:
application/json:
schema:
type: object
properties:
indices:
description: 'The names of the Elasticsearch indices in which to search. If none are provided, then all indices will be searched.'
externalDocs:
description: Learn more about search indices here.
url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html'
type: array
items:
description: |-
Enum representing the currently supported indices.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofiles
- accountactivities
- entitlements
- events
- identities
- roles
- '*'
example: identities
example:
- identities
queryType:
description: |-
The type of query to use. By default, the `SAILPOINT` query type is used, which requires the `query` object to be defined in the request body.
To use the `queryDsl` or `typeAheadQuery` objects in the request, you must set the type to `DSL` or `TYPEAHEAD` accordingly.
Additional values may be added in the future without notice.
type: string
enum:
- DSL
- SAILPOINT
- TEXT
- TYPEAHEAD
default: SAILPOINT
example: SAILPOINT
queryVersion:
allOf:
- description: The current Elasticserver version.
type: string
default: '5.2'
example: '5.2'
- type: string
description: |-
The version of the query object.
This version number will map to the version of Elasticsearch for the query strings and objects being used.
query:
type: object
description: Query parameters used to construct an Elasticsearch query object.
properties:
query:
description: 'The query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.'
type: string
example: 'name:a*'
fields:
description: |-
The fields the query will be applied to. Fields provide you with a simple way to add additional fields to search, without making the query too complicated. For example, you can use the fields to specify that you want your query of "a*" to be applied to "name", "firstName", and the "source.name". The response will include all results matching the "a*" query found in those three fields.
A field's availability depends on the indices being searched. For example, if you are searching "identities", you can apply your search to the "firstName" field, but you couldn't use "firstName" with a search on "access profiles". Refer to the response schema for the respective lists of available fields.
type: array
items:
type: string
example:
- name
timeZone:
description: The time zone to be applied to any range query related to dates.
type: string
example: America/Chicago
innerHit:
description: The innerHit query object returns a flattened list of results for the specified nested type.
type: object
required:
- query
- type
properties:
query:
description: 'The search query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.'
type: string
example: 'source.name:\"Active Directory\"'
type:
description: 'The nested type to use in the inner hits query. The nested type [Nested Type](https://www.elastic.co/guide/en/elasticsearch/reference/current/nested.html) refers to a document "nested" within another document. For example, an identity can have nested documents for access, accounts, and apps.'
type: string
example: access
queryDsl:
description: 'The search query using the Elasticsearch [Query DSL](https://www.elastic.co/guide/en/elasticsearch/reference/7.10/query-dsl.html) syntax.'
type: object
example:
match:
name: john.doe
textQuery:
type: object
description: Query parameters used to construct an Elasticsearch text query object.
required:
- terms
- fields
properties:
terms:
description: Words or characters that specify a particular thing to be searched for.
type: array
items:
type: string
example:
- The quick brown fox
- '3141592'
- '7'
fields:
description: The fields to be searched.
type: array
items:
type: string
example:
- displayName
- employeeNumber
- roleCount
matchAny:
description: 'Indicates that at least one of the terms must be found in the specified fields; otherwise, all terms must be found.'
type: boolean
default: false
example: false
contains:
description: 'Indicates that the terms can be located anywhere in the specified fields; otherwise, the fields must begin with the terms.'
type: boolean
default: false
example: true
typeAheadQuery:
type: object
description: 'Query parameters used to construct an Elasticsearch type ahead query object. The typeAheadQuery performs a search for top values beginning with the typed values. For example, typing "Jo" results in top hits matching "Jo." Typing "Job" results in top hits matching "Job." '
required:
- query
- field
properties:
query:
description: The type ahead query string used to construct a phrase prefix match query.
type: string
example: Work
field:
description: The field on which to perform the type ahead search.
type: string
example: source.name
nestedType:
description: The nested type.
type: string
example: access
maxExpansions:
description: |-
The number of suffixes the last term will be expanded into.
Influences the performance of the query and the number results returned.
Valid values: 1 to 1000.
type: integer
format: int32
minimum: 1
maximum: 1000
default: 10
example: 10
size:
description: The max amount of records the search will return.
type: integer
format: int32
minimum: 1
default: 100
example: 100
sort:
description: The sort order of the returned records.
type: string
default: desc
example: asc
sortByValue:
description: 'The flag that defines the sort type, by count or value.'
type: boolean
default: false
example: true
includeNested:
description: Indicates whether nested objects from returned search results should be included.
type: boolean
default: true
example: true
queryResultFilter:
type: object
description: Allows the query results to be filtered by specifying a list of fields to include and/or exclude from the result documents.
properties:
includes:
description: The list of field names to include in the result documents.
type: array
items:
type: string
example:
- name
- displayName
excludes:
description: The list of field names to exclude from the result documents.
type: array
items:
type: string
example:
- stacktrace
aggregationType:
description: |
Enum representing the currently available query languages for aggregations, which are used to perform calculations or groupings on search results.
Additional values may be added in the future without notice.
type: string
enum:
- DSL
- SAILPOINT
default: DSL
example: DSL
aggregationsVersion:
allOf:
- description: The current Elasticserver version.
type: string
default: '5.2'
example: '5.2'
- type: string
description: |-
The version of the language being used for aggregation queries.
This version number will map to the version of Elasticsearch for the aggregation query object.
aggregationsDsl:
description: 'The aggregation search query using Elasticsearch [Aggregations](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/search-aggregations.html) syntax.'
type: object
example: {}
aggregations:
description: |
The aggregation’s specifications, such as the groupings and calculations to be performed.
allOf:
- type: object
properties:
nested:
type: object
description: The nested aggregation object.
required:
- name
- type
properties:
name:
description: The name of the nested aggregate to be included in the result.
type: string
example: id
type:
description: The type of the nested object.
type: string
example: access
metric:
type: object
description: The calculation done on the results of the query
required:
- name
- field
properties:
name:
description: |-
The name of the metric aggregate to be included in the result.
If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
type: string
example: Access Name Count
type:
description: |-
Enum representing the currently supported metric aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- COUNT
- UNIQUE_COUNT
- AVG
- SUM
- MEDIAN
- MIN
- MAX
default: UNIQUE_COUNT
example: COUNT
field:
description: |
The field the calculation is performed on.
Prefix the field name with '@' to reference a nested object.
type: string
example: '@access.name'
filter:
type: object
description: An additional filter to constrain the results of the search query.
required:
- name
- field
- value
properties:
name:
description: The name of the filter aggregate to be included in the result.
type: string
example: Entitlements
type:
description: |-
Enum representing the currently supported filter aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERM
default: TERM
example: TERM
field:
description: |
The search field to apply the filter to.
Prefix the field name with '@' to reference a nested object.
type: string
example: access.type
value:
description: The value to filter on.
type: string
example: ENTITLEMENT
bucket:
type: object
description: The bucket to group the results of the aggregation query by.
required:
- name
- field
properties:
name:
description: The name of the bucket aggregate to be included in the result.
type: string
example: Identity Locations
type:
description: |-
Enum representing the currently supported bucket aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERMS
default: TERMS
example: TERMS
field:
description: |-
The field to bucket on.
Prefix the field name with '@' to reference a nested object.
type: string
example: attributes.city
size:
description: Maximum number of buckets to include.
type: integer
format: int32
example: 100
minDocCount:
description: Minimum number of documents a bucket should have.
type: integer
format: int32
example: 2
- type: object
properties:
subAggregation:
description: Aggregation to be performed on the result of the parent bucket aggregation.
allOf:
- type: object
properties:
nested:
type: object
description: The nested aggregation object.
required:
- name
- type
properties:
name:
description: The name of the nested aggregate to be included in the result.
type: string
example: id
type:
description: The type of the nested object.
type: string
example: access
metric:
type: object
description: The calculation done on the results of the query
required:
- name
- field
properties:
name:
description: |-
The name of the metric aggregate to be included in the result.
If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
type: string
example: Access Name Count
type:
description: |-
Enum representing the currently supported metric aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- COUNT
- UNIQUE_COUNT
- AVG
- SUM
- MEDIAN
- MIN
- MAX
default: UNIQUE_COUNT
example: COUNT
field:
description: |
The field the calculation is performed on.
Prefix the field name with '@' to reference a nested object.
type: string
example: '@access.name'
filter:
type: object
description: An additional filter to constrain the results of the search query.
required:
- name
- field
- value
properties:
name:
description: The name of the filter aggregate to be included in the result.
type: string
example: Entitlements
type:
description: |-
Enum representing the currently supported filter aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERM
default: TERM
example: TERM
field:
description: |
The search field to apply the filter to.
Prefix the field name with '@' to reference a nested object.
type: string
example: access.type
value:
description: The value to filter on.
type: string
example: ENTITLEMENT
bucket:
type: object
description: The bucket to group the results of the aggregation query by.
required:
- name
- field
properties:
name:
description: The name of the bucket aggregate to be included in the result.
type: string
example: Identity Locations
type:
description: |-
Enum representing the currently supported bucket aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERMS
default: TERMS
example: TERMS
field:
description: |-
The field to bucket on.
Prefix the field name with '@' to reference a nested object.
type: string
example: attributes.city
size:
description: Maximum number of buckets to include.
type: integer
format: int32
example: 100
minDocCount:
description: Minimum number of documents a bucket should have.
type: integer
format: int32
example: 2
- type: object
properties:
subAggregation:
description: Aggregation to be performed on the result of the parent bucket aggregation.
type: object
properties:
nested:
type: object
description: The nested aggregation object.
required:
- name
- type
properties:
name:
description: The name of the nested aggregate to be included in the result.
type: string
example: id
type:
description: The type of the nested object.
type: string
example: access
metric:
type: object
description: The calculation done on the results of the query
required:
- name
- field
properties:
name:
description: |-
The name of the metric aggregate to be included in the result.
If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
type: string
example: Access Name Count
type:
description: |-
Enum representing the currently supported metric aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- COUNT
- UNIQUE_COUNT
- AVG
- SUM
- MEDIAN
- MIN
- MAX
default: UNIQUE_COUNT
example: COUNT
field:
description: |
The field the calculation is performed on.
Prefix the field name with '@' to reference a nested object.
type: string
example: '@access.name'
filter:
type: object
description: An additional filter to constrain the results of the search query.
required:
- name
- field
- value
properties:
name:
description: The name of the filter aggregate to be included in the result.
type: string
example: Entitlements
type:
description: |-
Enum representing the currently supported filter aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERM
default: TERM
example: TERM
field:
description: |
The search field to apply the filter to.
Prefix the field name with '@' to reference a nested object.
type: string
example: access.type
value:
description: The value to filter on.
type: string
example: ENTITLEMENT
bucket:
type: object
description: The bucket to group the results of the aggregation query by.
required:
- name
- field
properties:
name:
description: The name of the bucket aggregate to be included in the result.
type: string
example: Identity Locations
type:
description: |-
Enum representing the currently supported bucket aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERMS
default: TERMS
example: TERMS
field:
description: |-
The field to bucket on.
Prefix the field name with '@' to reference a nested object.
type: string
example: attributes.city
size:
description: Maximum number of buckets to include.
type: integer
format: int32
example: 100
minDocCount:
description: Minimum number of documents a bucket should have.
type: integer
format: int32
example: 2
sort:
description: The fields to be used to sort the search results. Use + or - to specify the sort direction.
type: array
items:
type: string
example:
- displayName
- +id
searchAfter:
description: |-
Used to begin the search window at the values specified.
This parameter consists of the last values of the sorted fields in the current record set.
This is used to expand the Elasticsearch limit of 10K records by shifting the 10K window to begin at this value.
It is recommended that you always include the ID of the object in addition to any other fields on this parameter in order to ensure you don't get duplicate results while paging.
For example, when searching for identities, if you are sorting by displayName you will also want to include ID, for example ["displayName", "id"].
If the last identity ID in the search result is 2c91808375d8e80a0175e1f88a575221 and the last displayName is "John Doe", then using that displayName and ID will start a new search after this identity.
The searchAfter value will look like ["John Doe","2c91808375d8e80a0175e1f88a575221"]
type: array
items:
type: string
example:
- John Doe
- 2c91808375d8e80a0175e1f88a575221
filters:
description: The filters to be applied for each filtered field name.
type: object
additionalProperties:
type: object
properties:
type:
description: |-
Enum representing the currently supported filter types.
Additional values may be added in the future without notice.
type: string
enum:
- EXISTS
- RANGE
- TERMS
example: RANGE
range:
type: object
description: The range of values to be filtered.
properties:
lower:
description: The lower bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
upper:
description: The upper bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
terms:
description: The terms to be filtered.
type: array
items:
type: string
example: account_count
exclude:
description: Indicates if the filter excludes results.
type: boolean
default: false
example: false
example: {}
examples:
query-fields:
summary: Query with Fields
value:
indices:
- identities
query:
query: '"John Doe"'
fields:
- name
query-timeZone:
summary: Query with TimeZone
value:
indices:
- identities
query:
query: 'created: [2022-05-19T19:26:03.351Z TO now]'
timeZone: America/Los_Angeles
query-innerHit:
summary: Query with InnerHit
value:
indices:
- identities
query:
query: '"John Doe"'
innerHit:
type: access
query: 'source.name:\"Active Directory\"'
typeAheadQuery:
summary: TypeAheadQuery
value:
indices:
- identities
queryType: TYPEAHEAD
typeAheadQuery:
field: name
query: Jo
maxExpansions: 50
size: 100
sort: desc
sortByValue: false
typeAheadQuery-nestedType:
summary: TypeAheadQuery with NestedType
value:
indices:
- identities
queryType: TYPEAHEAD
typeAheadQuery:
field: source.name
nestedType: access
query: Work
maxExpansions: 50
size: 100
sort: desc
sortByValue: false
filter-exists:
summary: Filter with Exists
value:
indices:
- identities
query:
query: 'attributes.city:London'
filters:
attributes.cloudAuthoritativeSource:
type: EXISTS
exclude: true
filter-range:
summary: Filter with Range
value:
indices:
- identities
query:
query: 'attributes.city:London'
timeZone: Europe/London
filters:
accessCount:
type: RANGE
range:
lower:
value: '3'
created:
type: RANGE
range:
lower:
value: '2019-12-01'
inclusive: true
upper:
value: '2020-01-01'
filter-terms:
summary: Filter with Terms
value:
indices:
- identities
query:
query: 'attributes.city:London'
filters:
source.name:
type: TERMS
terms:
- HR Employees
- Corporate Active Directory
exclude: true
protected:
type: TERMS
terms:
- 'true'
required: true
responses:
'200':
description: List of matching documents.
content:
application/json:
schema:
type: array
items:
discriminator:
propertyName: _type
mapping:
accessprofile: ../model/access/profile/AccessProfileDocument.yaml
accountactivity: ../model/account/activity/AccountActivityDocument.yaml
entitlement: ../model/entitlement/EntitlementDocument.yaml
event: ../model/event/EventDocument.yaml
identity: ../model/identity/IdentityDocument.yaml
role: ../model/role/RoleDocument.yaml
oneOf:
- description: 'More complete representation of an access profile. '
allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
description:
type: string
description: Access item's description.
example: The admin role
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
nullable: true
format: date-time
example: '2018-06-25T20:22:33.104Z'
enabled:
type: boolean
description: Indicates whether the access item is currently enabled.
default: false
example: true
requestable:
type: boolean
description: Indicates whether the access item can be requested.
default: true
example: true
requestCommentsRequired:
type: boolean
description: Indicates whether comments are required for requests to access the item.
default: false
example: false
owner:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's display name.
example: Support
email:
type: string
description: Owner's email.
example: cloud-support@sailpoint.com
- type: object
required:
- id
- name
- _type
properties:
id:
type: string
description: Access profile's ID.
example: 2c9180825a6c1adc015a71c9023f0818
name:
type: string
description: Access profile's name.
example: Cloud Eng
_type:
description: |-
Access profile's document type.
This enum represents the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- account
- aggregation
- entitlement
- event
- identity
- role
example: accessprofile
source:
type: object
description: Access profile's source.
properties:
id:
type: string
description: Source's ID.
example: ff8081815757d4fb0157588f3d9d008f
name:
type: string
description: Source's name.
example: Employees
entitlements:
type: array
description: Entitlements the access profile has access to.
items:
type: object
properties:
hasPermissions:
type: boolean
description: Indicates whether the entitlement has permissions.
default: false
example: false
description:
type: string
description: Entitlement's description.
example: Cloud engineering
attribute:
type: string
description: Entitlement attribute's name.
example: memberOf
value:
type: string
description: Entitlement's value.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
schema:
type: string
description: Entitlement's schema.
example: group
privileged:
type: boolean
description: Indicates whether the entitlement is privileged.
default: false
example: false
id:
type: string
description: Entitlement's ID.
example: 2c918084575812550157589064f33b89
name:
type: string
description: Entitlement's name.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
entitlementCount:
type: integer
description: Number of entitlements.
example: 5
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
- description: AccountActivity
allOf:
- type: object
required:
- id
- name
- _type
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
name:
type: string
example: john.doe
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- account
- aggregation
- entitlement
- event
- identity
- role
example: identity
- type: object
properties:
action:
type: string
description: Type of action performed in the activity.
externalDocs:
description: Learn more about account activity action types
url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data'
example: Identity Refresh.
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
stage:
type: string
description: Activity's current stage.
example: Completed
origin:
type: string
description: Activity's origin.
nullable: true
example: null
status:
type: string
description: Activity's current status.
example: Complete
requester:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
recipient:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
trackingNumber:
type: string
description: Account activity's tracking number.
example: 61aad0c9e8134eca89e76a35e0cabe3f
errors:
type: array
description: Errors provided by the source while completing account actions.
items:
type: string
nullable: true
example: null
warnings:
type: array
description: Warnings provided by the source while completing account actions.
items:
type: string
nullable: true
example: null
approvals:
type: array
description: Approvals performed on an item during activity.
items:
type: object
properties:
comments:
type: array
items:
type: object
properties:
comment:
type: string
description: The comment text
example: This request was autoapproved by our automated ETS subscriber.
commenter:
type: string
description: The name of the commenter
example: Automated AR Approval
date:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
created:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
modified:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
owner:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
result:
type: string
description: The result of the approval
example: Finished
type:
type: string
nullable: true
example: null
originalRequests:
type: array
description: Original actions that triggered all individual source actions related to the account action.
items:
type: object
properties:
accountId:
type: string
description: Account ID.
example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com'
attributeRequests:
type: array
description: Attribute changes requested for account.
items:
type: object
properties:
name:
type: string
description: Attribute name.
example: groups
op:
type: string
description: Operation to perform on attribute.
example: Add
value:
type: string
description: Value of attribute.
example: '3203537556531076'
op:
type: string
description: Operation used.
example: add
source:
description: Account's source.
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
expansionItems:
type: array
description: Controls that translated the attribute requests into actual provisioning actions on the source.
items:
type: object
properties:
accountId:
type: string
description: The ID of the account
example: 2c91808981f58ea601821c3e93482e6f
cause:
type: string
example: Role
name:
type: string
description: The name of the item
example: smartsheet-role
attributeRequests:
type: array
items:
type: object
properties:
name:
type: string
description: Attribute name.
example: groups
op:
type: string
description: Operation to perform on attribute.
example: Add
value:
type: string
description: Value of attribute.
example: '3203537556531076'
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
accountRequests:
type: array
description: Account data for each individual source action triggered by the original requests.
items:
type: object
properties:
accountId:
type: string
description: Unique ID of the account
example: John.Doe
attributeRequests:
type: array
items:
type: object
properties:
name:
type: string
description: Attribute name.
example: groups
op:
type: string
description: Operation to perform on attribute.
example: Add
value:
type: string
description: Value of attribute.
example: '3203537556531076'
op:
type: string
example: Modify
description: The operation that was performed
provisioningTarget:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
result:
type: object
properties:
errors:
type: array
items:
type: string
example: |-
[ConnectorError] [
{
"code": "unrecognized_keys",
"keys": [
"groups"
],
"path": [],
"message": "Unrecognized key(s) in object: 'groups'"
}
] (requestId: 5e9d6df5-9b1b-47d9-9bf1-dc3a2893299e)
status:
type: string
description: The status of the account request
example: failed
ticketId:
type: string
nullable: true
example: null
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
sources:
type: string
description: Sources involved in the account activity.
example: 'smartsheet-test, airtable-v4, IdentityNow'
- description: Entitlement
allOf:
- type: object
required:
- id
- name
- _type
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
name:
type: string
example: john.doe
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- account
- aggregation
- entitlement
- event
- identity
- role
example: identity
- type: object
properties:
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
displayName:
type: string
description: Entitlement's display name.
example: Admin
source:
type: object
description: Entitlement's source.
properties:
id:
type: string
description: ID of entitlement's source.
example: 2c91808b6e9e6fb8016eec1a2b6f7b5f
name:
type: string
description: Display name of entitlement's source.
example: ODS-HR-Employees
segments:
type: array
description: Segments with the role.
items:
type: object
properties:
id:
type: string
example: b009b6e3-b56d-41d9-8735-cb532ea0b017
description: Segment's unique ID.
name:
type: string
example: Test Segment
description: Segment's display name.
segmentCount:
type: integer
description: Number of segments with the role.
format: int32
example: 1
requestable:
type: boolean
description: Indicates whether the entitlement is requestable.
default: false
example: false
cloudGoverned:
type: boolean
description: Indicates whether the entitlement is cloud governed.
default: false
example: false
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
privileged:
type: boolean
description: Indicates whether the entitlement is privileged.
default: false
example: false
identityCount:
type: integer
description: Number of identities who have access to the entitlement.
format: int32
example: 3
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
- description: Event
allOf:
- type: object
required:
- id
- name
- _type
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
name:
type: string
example: john.doe
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- account
- aggregation
- entitlement
- event
- identity
- role
example: identity
- type: object
properties:
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
action:
type: string
description: Name of the event as it's displayed in audit reports.
example: update
type:
type: string
description: 'Event type. Refer to [Event Types](https://documentation.sailpoint.com/saas/help/search/index.html#event-types) for a list of event types and their meanings.'
example: SYSTEM_CONFIG
actor:
type: string
description: Name of the actor that generated the event.
example: System
target:
type: string
description: 'Name of the target, or recipient, of the event.'
example: Carol.Adams
stack:
type: string
description: The event's stack.
example: tpe
trackingNumber:
type: string
description: ID of the group of events.
example: 63f891e0735f4cc8bf1968144a1e7440
ipAddress:
type: string
description: Target system's IP address.
example: 52.52.97.85
details:
type: string
description: ID of event's details.
example: 73b65dfbed1842548c207432a18c84b0
attributes:
type: object
description: Attributes involved in the event.
additionalProperties: true
example:
pod: stg03-useast1
org: acme
sourceName: SailPoint
objects:
type: array
description: Objects the event is happening to.
items:
type: string
example: AUTHENTICATION
operation:
type: string
description: 'Operation, or action, performed during the event.'
example: REQUEST
status:
type: string
description: 'Event status. Refer to [Event Statuses](https://documentation.sailpoint.com/saas/help/search/index.html#event-statuses) for a list of event statuses and their meanings.'
example: PASSED
technicalName:
type: string
description: Event's normalized name. This normalized name always follows the pattern of 'objects_operation_status'.
example: AUTHENTICATION_REQUEST_PASSED
- description: Identity
allOf:
- type: object
required:
- id
- name
- _type
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
name:
type: string
example: john.doe
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- account
- aggregation
- entitlement
- event
- identity
- role
example: identity
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
displayName:
type: string
example: Carol.Adams
description: Identity's display name.
firstName:
type: string
description: Identity's first name.
example: Carol
lastName:
type: string
description: Identity's last name.
example: Adams
email:
type: string
description: Identity's primary email address.
example: Carol.Adams@sailpointdemo.com
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
phone:
type: string
description: Identity's phone number.
example: +1 440-527-3672
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
inactive:
type: boolean
description: Indicates whether the identity is inactive.
default: false
example: false
protected:
type: boolean
description: Indicates whether the identity is protected.
default: false
example: false
status:
type: string
description: Identity's status in SailPoint.
example: UNREGISTERED
employeeNumber:
type: string
description: Identity's employee number.
example: 1a2a3d4e
manager:
type: object
description: Identity's manager.
nullable: true
properties:
id:
type: string
description: ID of identity's manager.
example: 2c9180867dfe694b017e208e27c05799
name:
type: string
description: Name of identity's manager.
example: Amanda.Ross
displayName:
type: string
description: Display name of identity's manager.
example: Amanda.Ross
isManager:
type: boolean
description: Indicates whether the identity is a manager of other identities.
example: false
identityProfile:
type: object
description: Identity's identity profile.
properties:
id:
type: string
description: Identity profile's ID.
example: 3bc8ad26b8664945866b31339d1ff7d2
name:
type: string
description: Identity profile's name.
example: HR Employees
source:
type: object
description: Identity's source.
properties:
id:
type: string
description: ID of identity's source.
example: 2c91808b6e9e6fb8016eec1a2b6f7b5f
name:
type: string
description: Display name of identity's source.
example: ODS-HR-Employees
attributes:
type: object
description: Map or dictionary of key/value pairs.
additionalProperties: true
example:
country: US
firstname: Carol
cloudStatus: UNREGISTERED
processingState:
type: string
description: Identity's processing state.
nullable: true
example: null
processingDetails:
description: Identity's processing details.
nullable: true
type: object
properties:
date:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
stage:
type: string
example: In Process
retryCount:
type: integer
example: 0
format: int32
stackTrace:
type: string
example:
message:
type: string
example:
accounts:
type: array
description: List of accounts associated with the identity.
items:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
accountId:
type: string
description: Account ID.
example: John.Doe
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
disabled:
type: boolean
description: Indicates whether the account is disabled.
default: false
example: false
locked:
type: boolean
description: Indicates whether the account is locked.
default: false
example: false
privileged:
type: boolean
description: Indicates whether the account is privileged.
default: false
example: false
manuallyCorrelated:
type: boolean
description: Indicates whether the account has been manually correlated to an identity.
default: false
example: false
passwordLastSet:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
entitlementAttributes:
type: object
nullable: true
description: Map or dictionary of key/value pairs.
additionalProperties: true
example:
moderator: true
admin: true
trust_level: '4'
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
accountCount:
type: integer
description: Number of accounts associated with the identity.
format: int32
example: 3
apps:
type: array
description: List of applications the identity has access to.
items:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
source:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
account:
type: object
properties:
id:
type: string
description: The SailPoint generated unique ID
example: 2c9180837dfe6949017e21f3d8cd6d49
accountId:
type: string
description: The account ID generated by the source
example: 'CN=Carol Adams,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
appCount:
type: integer
format: int32
description: Number of applications the identity has access to.
example: 2
access:
type: array
description: List of access items assigned to the identity.
items:
discriminator:
propertyName: type
mapping:
ACCESS_PROFILE: ../access/AccessProfileSummary.yaml
ENTITLEMENT: ../access/AccessProfileEntitlement.yaml
ROLE: ../access/AccessProfileRole.yaml
oneOf:
- description: This is a summary representation of an access profile.
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
description:
type: string
nullable: true
example: null
- type: object
properties:
source:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
owner:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
revocable:
type: boolean
example: true
- description: EntitlementReference
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
description:
type: string
nullable: true
example: null
- type: object
properties:
source:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
privileged:
type: boolean
example: false
attribute:
type: string
example: memberOf
value:
type: string
example: 'CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
standalone:
type: boolean
example: false
- description: Role
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
description:
type: string
nullable: true
example: null
- type: object
properties:
owner:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
disabled:
type: boolean
revocable:
type: boolean
accessCount:
type: integer
format: int32
description: Number of access items assigned to the identity.
example: 5
entitlementCount:
type: integer
format: int32
description: Number of entitlements assigned to the identity.
example: 10
roleCount:
type: integer
format: int32
description: Number of roles assigned to the identity.
example: 1
accessProfileCount:
type: integer
format: int32
description: Number of access profiles assigned to the identity.
example: 1
owns:
type: array
description: Access items the identity owns.
items:
type: object
properties:
sources:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
entitlements:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
accessProfiles:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
roles:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
apps:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
governanceGroups:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
fallbackApprover:
type: boolean
example: false
ownsCount:
type: integer
format: int32
description: Number of access items the identity owns.
example: 5
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
- description: Role
allOf:
- type: object
required:
- id
- name
- _type
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
name:
type: string
example: john.doe
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- account
- aggregation
- entitlement
- event
- identity
- role
example: identity
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
description:
type: string
description: Access item's description.
example: The admin role
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
nullable: true
format: date-time
example: '2018-06-25T20:22:33.104Z'
enabled:
type: boolean
description: Indicates whether the access item is currently enabled.
default: false
example: true
requestable:
type: boolean
description: Indicates whether the access item can be requested.
default: true
example: true
requestCommentsRequired:
type: boolean
description: Indicates whether comments are required for requests to access the item.
default: false
example: false
owner:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's display name.
example: Support
email:
type: string
description: Owner's email.
example: cloud-support@sailpoint.com
- type: object
properties:
accessProfiles:
type: array
description: Access profiles included with the role.
items:
type: object
properties:
id:
type: string
example: 2c91809c6faade77016fb4f0b63407ae
description: Access profile's unique ID.
name:
type: string
example: Admin Access
description: Access profile's display name.
accessProfileCount:
type: integer
description: Number of access profiles included with the role.
format: int32
example: 1
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
segments:
type: array
description: Segments with the role.
items:
type: object
properties:
id:
type: string
example: b009b6e3-b56d-41d9-8735-cb532ea0b017
description: Segment's unique ID.
name:
type: string
example: Test Segment
description: Segment's display name.
segmentCount:
type: integer
description: Number of segments with the role.
format: int32
example: 1
entitlements:
type: array
description: Entitlements included with the role.
items:
type: object
properties:
hasPermissions:
type: boolean
description: Indicates whether the entitlement has permissions.
default: false
example: false
description:
type: string
description: Entitlement's description.
example: Cloud engineering
attribute:
type: string
description: Entitlement attribute's name.
example: memberOf
value:
type: string
description: Entitlement's value.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
schema:
type: string
description: Entitlement's schema.
example: group
privileged:
type: boolean
description: Indicates whether the entitlement is privileged.
default: false
example: false
id:
type: string
description: Entitlement's ID.
example: 2c918084575812550157589064f33b89
name:
type: string
description: Entitlement's name.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
entitlementCount:
type: integer
description: Number of entitlements included with the role.
format: int32
example: 3
examples:
accessProfiles:
summary: A collection of AccessProfiles
value:
- id: 2c9180825a6c1adc015a71c9023f0818
name: Cloud Eng
_type: accessprofile
description: Cloud Eng
created: '2017-02-24T20:21:23.145Z'
modified: '2019-05-24T20:36:04.312Z'
synced: '2020-02-18T05:30:20.414Z'
enabled: true
requestable: true
requestCommentsRequired: false
owner:
id: ff8081815757d36a015757d42e56031e
name: SailPoint Support
type: IDENTITY
email: cloud-support@sailpoint.com
source:
id: ff8081815757d4fb0157588f3d9d008f
name: Employees
entitlements:
- id: 2c918084575812550157589064f33b89
name: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
description: mull
attribute: memberOf
value: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
entitlementCount: 1
tags:
- TAG_1
- TAG_2
entitlements:
summary: A collection of Entitlements
value:
- id: 2c9180946ed0c43d016eec1a80892fbd
name: entitlement.aa415ae7
_type: entitlement
description: 'null'
attribute: groups
value: entitlement.aa415ae7
modified: '2019-12-09T19:19:50.154Z'
synced: '2020-02-19T04:30:32.906Z'
displayName: entitlement.aa415ae7
source:
id: 2c91808b6e9e6fb8016eec1a2b6f7b5f
name: ODS-HR-Employees
privileged: false
identityCount: 68
tags:
- TAG_1
- TAG_2
events:
summary: A collection of Events
value:
- id: e092842f-c904-4b59-aac8-2544abeeef4b
name: Update Task Schedule Passed
_type: event
created: '2020-02-17T16:23:18.327Z'
synced: '2020-02-17T16:23:18.388Z'
action: TASK_SCHEDULE_UPDATE_PASSED
type: SYSTEM_CONFIG
actor:
name: MantisTaskScheduler
target:
name: Perform provisioning activity search delete synchronization
stack: tpe
trackingNumber: c6b98bc39ece48b080826d16c76b166c
ipAddress: 207.189.160.158
details: 'null'
attributes:
sourceName: SailPoint
objects:
- TASK
- SCHEDULE
operation: UPDATE
status: PASSED
technicalName: TASK_SCHEDULE_UPDATE_PASSED
identities:
summary: A collection of Identities
value:
- id: 2c9180865c45e7e3015c46c434a80622
name: ad.admin
_type: identity
firstName: AD
lastName: Admin
displayName: AD Admin
email: SLPT.CLOUD.SAILPOINT.TEST+AD-ADMIN@GMAIL.COM
created: '2018-08-22T19:54:54.302Z'
modified: '2018-08-22T19:54:54.302Z'
synced: '2018-08-22T19:54:54.302Z'
phone: 512-942-7578
inactive: false
protected: false
status: UNREGISTERED
employeeNumber: O349804
manager: null
isManager: false
identityProfile:
id: 2c918085605c8d0601606f357cb231e6
name: E2E AD
source:
id: 2c9180855c45b230015c46c19b9c0202
name: EndToEnd-ADSource
attributes:
uid: ad.admin
firstname: AD
cloudAuthoritativeSource: 2c9180855c45b230015c46c19b9c0202
cloudStatus: UNREGISTERED
iplanet-am-user-alias-list: null
displayName: AD Admin
internalCloudStatus: UNREGISTERED
workPhone: 512-942-7578
email: SLPT.CLOUD.SAILPOINT.TEST+AD-ADMIN@GMAIL.COM
lastname: Admin
processingState: null
processingDetails: null
accounts:
- id: 2c9180865c45e7e3015c46c434a80623
name: ad.admin
accountId: 'CN=AD Admin,OU=slpt-automation,DC=TestAutomationAD,DC=local'
source:
id: 2c9180855c45b230015c46c19b9c0202
name: EndToEnd-ADSource
type: Active Directory - Direct
disabled: false
locked: false
privileged: false
manuallyCorrelated: false
passwordLastSet: '2018-08-22T19:54:54.302Z'
entitlementAttributes:
memberOf:
- 'CN=Group Policy Creator Owners,CN=Users,DC=TestAutomationAD,DC=local'
- 'CN=Domain Guests,CN=Users,DC=TestAutomationAD,DC=local'
- 'CN=Domain Admins,CN=Users,DC=TestAutomationAD,DC=local'
- 'CN=Enterprise Admins,CN=Users,DC=TestAutomationAD,DC=local'
- 'CN=Schema Admins,CN=Users,DC=TestAutomationAD,DC=local'
- 'CN=Guests,CN=Builtin,DC=TestAutomationAD,DC=local'
- 'CN=Administrators,CN=Builtin,DC=TestAutomationAD,DC=local'
created: '2018-08-22T19:54:54.302Z'
- id: 2c918083606d670c01606f35a30a0349
name: ad.admin
accountId: ad.admin
source:
id: ff8081815c46b85b015c46b90c7c02a6
name: IdentityNow
type: IdentityNowConnector
disabled: false
locked: false
privileged: false
manuallyCorrelated: false
passwordLastSet: null
entitlementAttributes: null
created: '2018-08-22T19:54:54.302Z'
accountCount: 2
apps:
- id: '22751'
name: ADP Workforce Now
source:
id: 2c9180855c45b230015c46e2f6a8026a
name: Corporate Active Directory
account:
id: 2c9180865c45efa4015c470be0de1606
accountId: 'CN=Bob Wilson,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com'
appCount: 1
access:
- id: 2c918083634bc6cb01639808d40270ba
name: 'test [AccessProfile-1527264105448]'
displayName: test
type: ACCESS_PROFILE
description: test
source:
id: 2c9180855c45b230015c46c19b9c0202
name: EndToEnd-ADSource
owner:
id: 2c9180865c45e7e3015c46c434a80622
name: ad.admin
displayName: AD Admin
- id: 2c9180865c45e7e3015c46c457c50755
name: Administrators
displayName: Administrators
type: ENTITLEMENT
description: null
source:
id: 2c9180855c45b230015c46c19b9c0202
name: EndToEnd-ADSource
privileged: false
attribute: memberOf
value: 'CN=Administrators,CN=Builtin,DC=TestAutomationAD,DC=local'
standalone: false
- id: 2c9180865decdaa5015e06598b293108
name: 'test [cloudRole-1503345085223]'
displayName: test
type: ROLE
description: test
owner:
id: 2c9180865c45e7e3015c46c5030707a0
name: will.albin
displayName: Albin Will
disabled: false
accessCount: 3
accessProfileCount: 1
entitlementCount: 1
roleCount: 1
tags:
- TAG_1
- TAG_2
roles:
summary: A collection of Roles
value:
- id: 2c91808c6faadea6016fb4f2bc69077b
name: IT Role
_type: role
description: IT role
created: '2020-01-17T19:20:15.040Z'
modified: null
synced: '2020-02-18T05:30:20.145Z'
enabled: true
requestable: false
requestCommentsRequired: false
owner:
id: 2c9180a46faadee4016fb4e018c20639
name: Cloud Support
type: IDENTITY
email: thomas.edison@acme-solar.com
accessProfiles:
- id: 2c91809c6faade77016fb4f0b63407ae
name: Admin Access
accessProfileCount: 1
tags:
- TAG_1
- TAG_2
headers:
X-Total-Count:
schema:
type: integer
description: The total result count (returned only if the *count* parameter is specified as *true*).
example: 30
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/search/count:
post:
tags:
- Search
description: Performs a search with a provided query and returns the count of results in the X-Total-Count header.
operationId: searchCount
security:
- UserContextAuth:
- 'sp:search:read'
summary: Count Documents Satisfying a Query
requestBody:
content:
application/json:
schema:
type: object
properties:
indices:
description: 'The names of the Elasticsearch indices in which to search. If none are provided, then all indices will be searched.'
externalDocs:
description: Learn more about search indices here.
url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html'
type: array
items:
description: |-
Enum representing the currently supported indices.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofiles
- accountactivities
- entitlements
- events
- identities
- roles
- '*'
example: identities
example:
- identities
queryType:
description: |-
The type of query to use. By default, the `SAILPOINT` query type is used, which requires the `query` object to be defined in the request body.
To use the `queryDsl` or `typeAheadQuery` objects in the request, you must set the type to `DSL` or `TYPEAHEAD` accordingly.
Additional values may be added in the future without notice.
type: string
enum:
- DSL
- SAILPOINT
- TEXT
- TYPEAHEAD
default: SAILPOINT
example: SAILPOINT
queryVersion:
allOf:
- description: The current Elasticserver version.
type: string
default: '5.2'
example: '5.2'
- type: string
description: |-
The version of the query object.
This version number will map to the version of Elasticsearch for the query strings and objects being used.
query:
type: object
description: Query parameters used to construct an Elasticsearch query object.
properties:
query:
description: 'The query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.'
type: string
example: 'name:a*'
fields:
description: |-
The fields the query will be applied to. Fields provide you with a simple way to add additional fields to search, without making the query too complicated. For example, you can use the fields to specify that you want your query of "a*" to be applied to "name", "firstName", and the "source.name". The response will include all results matching the "a*" query found in those three fields.
A field's availability depends on the indices being searched. For example, if you are searching "identities", you can apply your search to the "firstName" field, but you couldn't use "firstName" with a search on "access profiles". Refer to the response schema for the respective lists of available fields.
type: array
items:
type: string
example:
- name
timeZone:
description: The time zone to be applied to any range query related to dates.
type: string
example: America/Chicago
innerHit:
description: The innerHit query object returns a flattened list of results for the specified nested type.
type: object
required:
- query
- type
properties:
query:
description: 'The search query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.'
type: string
example: 'source.name:\"Active Directory\"'
type:
description: 'The nested type to use in the inner hits query. The nested type [Nested Type](https://www.elastic.co/guide/en/elasticsearch/reference/current/nested.html) refers to a document "nested" within another document. For example, an identity can have nested documents for access, accounts, and apps.'
type: string
example: access
queryDsl:
description: 'The search query using the Elasticsearch [Query DSL](https://www.elastic.co/guide/en/elasticsearch/reference/7.10/query-dsl.html) syntax.'
type: object
example:
match:
name: john.doe
textQuery:
type: object
description: Query parameters used to construct an Elasticsearch text query object.
required:
- terms
- fields
properties:
terms:
description: Words or characters that specify a particular thing to be searched for.
type: array
items:
type: string
example:
- The quick brown fox
- '3141592'
- '7'
fields:
description: The fields to be searched.
type: array
items:
type: string
example:
- displayName
- employeeNumber
- roleCount
matchAny:
description: 'Indicates that at least one of the terms must be found in the specified fields; otherwise, all terms must be found.'
type: boolean
default: false
example: false
contains:
description: 'Indicates that the terms can be located anywhere in the specified fields; otherwise, the fields must begin with the terms.'
type: boolean
default: false
example: true
typeAheadQuery:
type: object
description: 'Query parameters used to construct an Elasticsearch type ahead query object. The typeAheadQuery performs a search for top values beginning with the typed values. For example, typing "Jo" results in top hits matching "Jo." Typing "Job" results in top hits matching "Job." '
required:
- query
- field
properties:
query:
description: The type ahead query string used to construct a phrase prefix match query.
type: string
example: Work
field:
description: The field on which to perform the type ahead search.
type: string
example: source.name
nestedType:
description: The nested type.
type: string
example: access
maxExpansions:
description: |-
The number of suffixes the last term will be expanded into.
Influences the performance of the query and the number results returned.
Valid values: 1 to 1000.
type: integer
format: int32
minimum: 1
maximum: 1000
default: 10
example: 10
size:
description: The max amount of records the search will return.
type: integer
format: int32
minimum: 1
default: 100
example: 100
sort:
description: The sort order of the returned records.
type: string
default: desc
example: asc
sortByValue:
description: 'The flag that defines the sort type, by count or value.'
type: boolean
default: false
example: true
includeNested:
description: Indicates whether nested objects from returned search results should be included.
type: boolean
default: true
example: true
queryResultFilter:
type: object
description: Allows the query results to be filtered by specifying a list of fields to include and/or exclude from the result documents.
properties:
includes:
description: The list of field names to include in the result documents.
type: array
items:
type: string
example:
- name
- displayName
excludes:
description: The list of field names to exclude from the result documents.
type: array
items:
type: string
example:
- stacktrace
aggregationType:
description: |
Enum representing the currently available query languages for aggregations, which are used to perform calculations or groupings on search results.
Additional values may be added in the future without notice.
type: string
enum:
- DSL
- SAILPOINT
default: DSL
example: DSL
aggregationsVersion:
allOf:
- description: The current Elasticserver version.
type: string
default: '5.2'
example: '5.2'
- type: string
description: |-
The version of the language being used for aggregation queries.
This version number will map to the version of Elasticsearch for the aggregation query object.
aggregationsDsl:
description: 'The aggregation search query using Elasticsearch [Aggregations](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/search-aggregations.html) syntax.'
type: object
example: {}
aggregations:
description: |
The aggregation’s specifications, such as the groupings and calculations to be performed.
allOf:
- type: object
properties:
nested:
type: object
description: The nested aggregation object.
required:
- name
- type
properties:
name:
description: The name of the nested aggregate to be included in the result.
type: string
example: id
type:
description: The type of the nested object.
type: string
example: access
metric:
type: object
description: The calculation done on the results of the query
required:
- name
- field
properties:
name:
description: |-
The name of the metric aggregate to be included in the result.
If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
type: string
example: Access Name Count
type:
description: |-
Enum representing the currently supported metric aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- COUNT
- UNIQUE_COUNT
- AVG
- SUM
- MEDIAN
- MIN
- MAX
default: UNIQUE_COUNT
example: COUNT
field:
description: |
The field the calculation is performed on.
Prefix the field name with '@' to reference a nested object.
type: string
example: '@access.name'
filter:
type: object
description: An additional filter to constrain the results of the search query.
required:
- name
- field
- value
properties:
name:
description: The name of the filter aggregate to be included in the result.
type: string
example: Entitlements
type:
description: |-
Enum representing the currently supported filter aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERM
default: TERM
example: TERM
field:
description: |
The search field to apply the filter to.
Prefix the field name with '@' to reference a nested object.
type: string
example: access.type
value:
description: The value to filter on.
type: string
example: ENTITLEMENT
bucket:
type: object
description: The bucket to group the results of the aggregation query by.
required:
- name
- field
properties:
name:
description: The name of the bucket aggregate to be included in the result.
type: string
example: Identity Locations
type:
description: |-
Enum representing the currently supported bucket aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERMS
default: TERMS
example: TERMS
field:
description: |-
The field to bucket on.
Prefix the field name with '@' to reference a nested object.
type: string
example: attributes.city
size:
description: Maximum number of buckets to include.
type: integer
format: int32
example: 100
minDocCount:
description: Minimum number of documents a bucket should have.
type: integer
format: int32
example: 2
- type: object
properties:
subAggregation:
description: Aggregation to be performed on the result of the parent bucket aggregation.
allOf:
- type: object
properties:
nested:
type: object
description: The nested aggregation object.
required:
- name
- type
properties:
name:
description: The name of the nested aggregate to be included in the result.
type: string
example: id
type:
description: The type of the nested object.
type: string
example: access
metric:
type: object
description: The calculation done on the results of the query
required:
- name
- field
properties:
name:
description: |-
The name of the metric aggregate to be included in the result.
If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
type: string
example: Access Name Count
type:
description: |-
Enum representing the currently supported metric aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- COUNT
- UNIQUE_COUNT
- AVG
- SUM
- MEDIAN
- MIN
- MAX
default: UNIQUE_COUNT
example: COUNT
field:
description: |
The field the calculation is performed on.
Prefix the field name with '@' to reference a nested object.
type: string
example: '@access.name'
filter:
type: object
description: An additional filter to constrain the results of the search query.
required:
- name
- field
- value
properties:
name:
description: The name of the filter aggregate to be included in the result.
type: string
example: Entitlements
type:
description: |-
Enum representing the currently supported filter aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERM
default: TERM
example: TERM
field:
description: |
The search field to apply the filter to.
Prefix the field name with '@' to reference a nested object.
type: string
example: access.type
value:
description: The value to filter on.
type: string
example: ENTITLEMENT
bucket:
type: object
description: The bucket to group the results of the aggregation query by.
required:
- name
- field
properties:
name:
description: The name of the bucket aggregate to be included in the result.
type: string
example: Identity Locations
type:
description: |-
Enum representing the currently supported bucket aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERMS
default: TERMS
example: TERMS
field:
description: |-
The field to bucket on.
Prefix the field name with '@' to reference a nested object.
type: string
example: attributes.city
size:
description: Maximum number of buckets to include.
type: integer
format: int32
example: 100
minDocCount:
description: Minimum number of documents a bucket should have.
type: integer
format: int32
example: 2
- type: object
properties:
subAggregation:
description: Aggregation to be performed on the result of the parent bucket aggregation.
type: object
properties:
nested:
type: object
description: The nested aggregation object.
required:
- name
- type
properties:
name:
description: The name of the nested aggregate to be included in the result.
type: string
example: id
type:
description: The type of the nested object.
type: string
example: access
metric:
type: object
description: The calculation done on the results of the query
required:
- name
- field
properties:
name:
description: |-
The name of the metric aggregate to be included in the result.
If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
type: string
example: Access Name Count
type:
description: |-
Enum representing the currently supported metric aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- COUNT
- UNIQUE_COUNT
- AVG
- SUM
- MEDIAN
- MIN
- MAX
default: UNIQUE_COUNT
example: COUNT
field:
description: |
The field the calculation is performed on.
Prefix the field name with '@' to reference a nested object.
type: string
example: '@access.name'
filter:
type: object
description: An additional filter to constrain the results of the search query.
required:
- name
- field
- value
properties:
name:
description: The name of the filter aggregate to be included in the result.
type: string
example: Entitlements
type:
description: |-
Enum representing the currently supported filter aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERM
default: TERM
example: TERM
field:
description: |
The search field to apply the filter to.
Prefix the field name with '@' to reference a nested object.
type: string
example: access.type
value:
description: The value to filter on.
type: string
example: ENTITLEMENT
bucket:
type: object
description: The bucket to group the results of the aggregation query by.
required:
- name
- field
properties:
name:
description: The name of the bucket aggregate to be included in the result.
type: string
example: Identity Locations
type:
description: |-
Enum representing the currently supported bucket aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERMS
default: TERMS
example: TERMS
field:
description: |-
The field to bucket on.
Prefix the field name with '@' to reference a nested object.
type: string
example: attributes.city
size:
description: Maximum number of buckets to include.
type: integer
format: int32
example: 100
minDocCount:
description: Minimum number of documents a bucket should have.
type: integer
format: int32
example: 2
sort:
description: The fields to be used to sort the search results. Use + or - to specify the sort direction.
type: array
items:
type: string
example:
- displayName
- +id
searchAfter:
description: |-
Used to begin the search window at the values specified.
This parameter consists of the last values of the sorted fields in the current record set.
This is used to expand the Elasticsearch limit of 10K records by shifting the 10K window to begin at this value.
It is recommended that you always include the ID of the object in addition to any other fields on this parameter in order to ensure you don't get duplicate results while paging.
For example, when searching for identities, if you are sorting by displayName you will also want to include ID, for example ["displayName", "id"].
If the last identity ID in the search result is 2c91808375d8e80a0175e1f88a575221 and the last displayName is "John Doe", then using that displayName and ID will start a new search after this identity.
The searchAfter value will look like ["John Doe","2c91808375d8e80a0175e1f88a575221"]
type: array
items:
type: string
example:
- John Doe
- 2c91808375d8e80a0175e1f88a575221
filters:
description: The filters to be applied for each filtered field name.
type: object
additionalProperties:
type: object
properties:
type:
description: |-
Enum representing the currently supported filter types.
Additional values may be added in the future without notice.
type: string
enum:
- EXISTS
- RANGE
- TERMS
example: RANGE
range:
type: object
description: The range of values to be filtered.
properties:
lower:
description: The lower bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
upper:
description: The upper bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
terms:
description: The terms to be filtered.
type: array
items:
type: string
example: account_count
exclude:
description: Indicates if the filter excludes results.
type: boolean
default: false
example: false
example: {}
examples:
query-timeZone:
summary: Query with TimeZone
value:
indices:
- identities
query:
query: 'created: [2022-05-19T19:26:03.351Z TO now]'
timeZone: America/Los_Angeles
required: true
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
headers:
X-Total-Count:
description: The total result count.
schema:
type: integer
example: 5
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/search/aggregate:
post:
tags:
- Search
description: 'Performs a search query aggregation and returns the aggregation result. By default, you can page a maximum of 10,000 search result records. To page past 10,000 records, you can use searchAfter paging. Refer to [Paginating Search Queries](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-search-queries) for more information about how to implement searchAfter paging. '
operationId: searchAggregate
security:
- UserContextAuth:
- 'sp:search:read'
summary: Perform a Search Query Aggregation
parameters:
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
requestBody:
content:
application/json:
schema:
type: object
properties:
indices:
description: 'The names of the Elasticsearch indices in which to search. If none are provided, then all indices will be searched.'
externalDocs:
description: Learn more about search indices here.
url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html'
type: array
items:
description: |-
Enum representing the currently supported indices.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofiles
- accountactivities
- entitlements
- events
- identities
- roles
- '*'
example: identities
example:
- identities
queryType:
description: |-
The type of query to use. By default, the `SAILPOINT` query type is used, which requires the `query` object to be defined in the request body.
To use the `queryDsl` or `typeAheadQuery` objects in the request, you must set the type to `DSL` or `TYPEAHEAD` accordingly.
Additional values may be added in the future without notice.
type: string
enum:
- DSL
- SAILPOINT
- TEXT
- TYPEAHEAD
default: SAILPOINT
example: SAILPOINT
queryVersion:
allOf:
- description: The current Elasticserver version.
type: string
default: '5.2'
example: '5.2'
- type: string
description: |-
The version of the query object.
This version number will map to the version of Elasticsearch for the query strings and objects being used.
query:
type: object
description: Query parameters used to construct an Elasticsearch query object.
properties:
query:
description: 'The query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.'
type: string
example: 'name:a*'
fields:
description: |-
The fields the query will be applied to. Fields provide you with a simple way to add additional fields to search, without making the query too complicated. For example, you can use the fields to specify that you want your query of "a*" to be applied to "name", "firstName", and the "source.name". The response will include all results matching the "a*" query found in those three fields.
A field's availability depends on the indices being searched. For example, if you are searching "identities", you can apply your search to the "firstName" field, but you couldn't use "firstName" with a search on "access profiles". Refer to the response schema for the respective lists of available fields.
type: array
items:
type: string
example:
- name
timeZone:
description: The time zone to be applied to any range query related to dates.
type: string
example: America/Chicago
innerHit:
description: The innerHit query object returns a flattened list of results for the specified nested type.
type: object
required:
- query
- type
properties:
query:
description: 'The search query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.'
type: string
example: 'source.name:\"Active Directory\"'
type:
description: 'The nested type to use in the inner hits query. The nested type [Nested Type](https://www.elastic.co/guide/en/elasticsearch/reference/current/nested.html) refers to a document "nested" within another document. For example, an identity can have nested documents for access, accounts, and apps.'
type: string
example: access
queryDsl:
description: 'The search query using the Elasticsearch [Query DSL](https://www.elastic.co/guide/en/elasticsearch/reference/7.10/query-dsl.html) syntax.'
type: object
example:
match:
name: john.doe
textQuery:
type: object
description: Query parameters used to construct an Elasticsearch text query object.
required:
- terms
- fields
properties:
terms:
description: Words or characters that specify a particular thing to be searched for.
type: array
items:
type: string
example:
- The quick brown fox
- '3141592'
- '7'
fields:
description: The fields to be searched.
type: array
items:
type: string
example:
- displayName
- employeeNumber
- roleCount
matchAny:
description: 'Indicates that at least one of the terms must be found in the specified fields; otherwise, all terms must be found.'
type: boolean
default: false
example: false
contains:
description: 'Indicates that the terms can be located anywhere in the specified fields; otherwise, the fields must begin with the terms.'
type: boolean
default: false
example: true
typeAheadQuery:
type: object
description: 'Query parameters used to construct an Elasticsearch type ahead query object. The typeAheadQuery performs a search for top values beginning with the typed values. For example, typing "Jo" results in top hits matching "Jo." Typing "Job" results in top hits matching "Job." '
required:
- query
- field
properties:
query:
description: The type ahead query string used to construct a phrase prefix match query.
type: string
example: Work
field:
description: The field on which to perform the type ahead search.
type: string
example: source.name
nestedType:
description: The nested type.
type: string
example: access
maxExpansions:
description: |-
The number of suffixes the last term will be expanded into.
Influences the performance of the query and the number results returned.
Valid values: 1 to 1000.
type: integer
format: int32
minimum: 1
maximum: 1000
default: 10
example: 10
size:
description: The max amount of records the search will return.
type: integer
format: int32
minimum: 1
default: 100
example: 100
sort:
description: The sort order of the returned records.
type: string
default: desc
example: asc
sortByValue:
description: 'The flag that defines the sort type, by count or value.'
type: boolean
default: false
example: true
includeNested:
description: Indicates whether nested objects from returned search results should be included.
type: boolean
default: true
example: true
queryResultFilter:
type: object
description: Allows the query results to be filtered by specifying a list of fields to include and/or exclude from the result documents.
properties:
includes:
description: The list of field names to include in the result documents.
type: array
items:
type: string
example:
- name
- displayName
excludes:
description: The list of field names to exclude from the result documents.
type: array
items:
type: string
example:
- stacktrace
aggregationType:
description: |
Enum representing the currently available query languages for aggregations, which are used to perform calculations or groupings on search results.
Additional values may be added in the future without notice.
type: string
enum:
- DSL
- SAILPOINT
default: DSL
example: DSL
aggregationsVersion:
allOf:
- description: The current Elasticserver version.
type: string
default: '5.2'
example: '5.2'
- type: string
description: |-
The version of the language being used for aggregation queries.
This version number will map to the version of Elasticsearch for the aggregation query object.
aggregationsDsl:
description: 'The aggregation search query using Elasticsearch [Aggregations](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/search-aggregations.html) syntax.'
type: object
example: {}
aggregations:
description: |
The aggregation’s specifications, such as the groupings and calculations to be performed.
allOf:
- type: object
properties:
nested:
type: object
description: The nested aggregation object.
required:
- name
- type
properties:
name:
description: The name of the nested aggregate to be included in the result.
type: string
example: id
type:
description: The type of the nested object.
type: string
example: access
metric:
type: object
description: The calculation done on the results of the query
required:
- name
- field
properties:
name:
description: |-
The name of the metric aggregate to be included in the result.
If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
type: string
example: Access Name Count
type:
description: |-
Enum representing the currently supported metric aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- COUNT
- UNIQUE_COUNT
- AVG
- SUM
- MEDIAN
- MIN
- MAX
default: UNIQUE_COUNT
example: COUNT
field:
description: |
The field the calculation is performed on.
Prefix the field name with '@' to reference a nested object.
type: string
example: '@access.name'
filter:
type: object
description: An additional filter to constrain the results of the search query.
required:
- name
- field
- value
properties:
name:
description: The name of the filter aggregate to be included in the result.
type: string
example: Entitlements
type:
description: |-
Enum representing the currently supported filter aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERM
default: TERM
example: TERM
field:
description: |
The search field to apply the filter to.
Prefix the field name with '@' to reference a nested object.
type: string
example: access.type
value:
description: The value to filter on.
type: string
example: ENTITLEMENT
bucket:
type: object
description: The bucket to group the results of the aggregation query by.
required:
- name
- field
properties:
name:
description: The name of the bucket aggregate to be included in the result.
type: string
example: Identity Locations
type:
description: |-
Enum representing the currently supported bucket aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERMS
default: TERMS
example: TERMS
field:
description: |-
The field to bucket on.
Prefix the field name with '@' to reference a nested object.
type: string
example: attributes.city
size:
description: Maximum number of buckets to include.
type: integer
format: int32
example: 100
minDocCount:
description: Minimum number of documents a bucket should have.
type: integer
format: int32
example: 2
- type: object
properties:
subAggregation:
description: Aggregation to be performed on the result of the parent bucket aggregation.
allOf:
- type: object
properties:
nested:
type: object
description: The nested aggregation object.
required:
- name
- type
properties:
name:
description: The name of the nested aggregate to be included in the result.
type: string
example: id
type:
description: The type of the nested object.
type: string
example: access
metric:
type: object
description: The calculation done on the results of the query
required:
- name
- field
properties:
name:
description: |-
The name of the metric aggregate to be included in the result.
If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
type: string
example: Access Name Count
type:
description: |-
Enum representing the currently supported metric aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- COUNT
- UNIQUE_COUNT
- AVG
- SUM
- MEDIAN
- MIN
- MAX
default: UNIQUE_COUNT
example: COUNT
field:
description: |
The field the calculation is performed on.
Prefix the field name with '@' to reference a nested object.
type: string
example: '@access.name'
filter:
type: object
description: An additional filter to constrain the results of the search query.
required:
- name
- field
- value
properties:
name:
description: The name of the filter aggregate to be included in the result.
type: string
example: Entitlements
type:
description: |-
Enum representing the currently supported filter aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERM
default: TERM
example: TERM
field:
description: |
The search field to apply the filter to.
Prefix the field name with '@' to reference a nested object.
type: string
example: access.type
value:
description: The value to filter on.
type: string
example: ENTITLEMENT
bucket:
type: object
description: The bucket to group the results of the aggregation query by.
required:
- name
- field
properties:
name:
description: The name of the bucket aggregate to be included in the result.
type: string
example: Identity Locations
type:
description: |-
Enum representing the currently supported bucket aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERMS
default: TERMS
example: TERMS
field:
description: |-
The field to bucket on.
Prefix the field name with '@' to reference a nested object.
type: string
example: attributes.city
size:
description: Maximum number of buckets to include.
type: integer
format: int32
example: 100
minDocCount:
description: Minimum number of documents a bucket should have.
type: integer
format: int32
example: 2
- type: object
properties:
subAggregation:
description: Aggregation to be performed on the result of the parent bucket aggregation.
type: object
properties:
nested:
type: object
description: The nested aggregation object.
required:
- name
- type
properties:
name:
description: The name of the nested aggregate to be included in the result.
type: string
example: id
type:
description: The type of the nested object.
type: string
example: access
metric:
type: object
description: The calculation done on the results of the query
required:
- name
- field
properties:
name:
description: |-
The name of the metric aggregate to be included in the result.
If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
type: string
example: Access Name Count
type:
description: |-
Enum representing the currently supported metric aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- COUNT
- UNIQUE_COUNT
- AVG
- SUM
- MEDIAN
- MIN
- MAX
default: UNIQUE_COUNT
example: COUNT
field:
description: |
The field the calculation is performed on.
Prefix the field name with '@' to reference a nested object.
type: string
example: '@access.name'
filter:
type: object
description: An additional filter to constrain the results of the search query.
required:
- name
- field
- value
properties:
name:
description: The name of the filter aggregate to be included in the result.
type: string
example: Entitlements
type:
description: |-
Enum representing the currently supported filter aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERM
default: TERM
example: TERM
field:
description: |
The search field to apply the filter to.
Prefix the field name with '@' to reference a nested object.
type: string
example: access.type
value:
description: The value to filter on.
type: string
example: ENTITLEMENT
bucket:
type: object
description: The bucket to group the results of the aggregation query by.
required:
- name
- field
properties:
name:
description: The name of the bucket aggregate to be included in the result.
type: string
example: Identity Locations
type:
description: |-
Enum representing the currently supported bucket aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERMS
default: TERMS
example: TERMS
field:
description: |-
The field to bucket on.
Prefix the field name with '@' to reference a nested object.
type: string
example: attributes.city
size:
description: Maximum number of buckets to include.
type: integer
format: int32
example: 100
minDocCount:
description: Minimum number of documents a bucket should have.
type: integer
format: int32
example: 2
sort:
description: The fields to be used to sort the search results. Use + or - to specify the sort direction.
type: array
items:
type: string
example:
- displayName
- +id
searchAfter:
description: |-
Used to begin the search window at the values specified.
This parameter consists of the last values of the sorted fields in the current record set.
This is used to expand the Elasticsearch limit of 10K records by shifting the 10K window to begin at this value.
It is recommended that you always include the ID of the object in addition to any other fields on this parameter in order to ensure you don't get duplicate results while paging.
For example, when searching for identities, if you are sorting by displayName you will also want to include ID, for example ["displayName", "id"].
If the last identity ID in the search result is 2c91808375d8e80a0175e1f88a575221 and the last displayName is "John Doe", then using that displayName and ID will start a new search after this identity.
The searchAfter value will look like ["John Doe","2c91808375d8e80a0175e1f88a575221"]
type: array
items:
type: string
example:
- John Doe
- 2c91808375d8e80a0175e1f88a575221
filters:
description: The filters to be applied for each filtered field name.
type: object
additionalProperties:
type: object
properties:
type:
description: |-
Enum representing the currently supported filter types.
Additional values may be added in the future without notice.
type: string
enum:
- EXISTS
- RANGE
- TERMS
example: RANGE
range:
type: object
description: The range of values to be filtered.
properties:
lower:
description: The lower bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
upper:
description: The upper bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
terms:
description: The terms to be filtered.
type: array
items:
type: string
example: account_count
exclude:
description: Indicates if the filter excludes results.
type: boolean
default: false
example: false
example: {}
examples:
metricAggregation:
summary: MetricAggregation
value:
indices:
- identities
aggregationType: SAILPOINT
aggregations:
metric:
name: How Many Locations
type: UNIQUE_COUNT
field: attributes.city
metricAggregation-dsl:
summary: MetricAggregation using DSL
value:
indices:
- identities
aggregationType: DSL
aggregationsDsl:
How Many Locations:
cardinality:
field: attributes.city.exact
bucketAggregation:
summary: BucketAggregation
value:
indices:
- identities
aggregationType: SAILPOINT
aggregations:
bucket:
name: Identity Locations
type: TERMS
field: attributes.city
bucketAggregation-dsl:
summary: BucketAggregation using DSL
value:
indices:
- identities
aggregationType: DSL
aggregationsDsl:
Identity Locations:
terms:
field: attributes.city.exact
nestedAggregation-bucketAggregation:
summary: NestedAggregation with BucketAggregation
value:
indices:
- identities
aggregationType: SAILPOINT
aggregations:
nested:
name: Access
field: access
type: TERMS
bucket:
name: Access Source Name
type: TERMS
field: access.source.name
nestedAggregation-bucketAggregation-dsl:
summary: NestedAggregation with BucketAggregation using DSL
value:
indices:
- identities
aggregationType: DSL
aggregationsDsl:
access:
nested:
path: access
aggs:
Access Source Name:
terms:
field: access.source.name.exact
nestedAggregation-filterAggregation-bucketAggregation:
summary: NestedAggregation with FilterAggregation and BucketAggregation
value:
indices:
- identities
aggregationType: SAILPOINT
aggregations:
nested:
name: Access
field: access
type: TERMS
filter:
name: Entitlements
field: access.type
value: ENTITLEMENT
bucket:
name: Access Name
type: TERMS
field: access.name
nestedAggregation-filterAggregation-bucketAggregation-dsl:
summary: NestedAggregation with FilterAggregation and BucketAggregation using DSL
value:
indices:
- identities
aggregationType: DSL
aggregationsDsl:
access:
nested:
path: access
aggs:
Entitlements:
filter:
term:
access.type: ENTITLEMENT
aggs:
Access Name:
terms:
field: access.name.exact
bucketAggregation-subAggregation:
summary: BucketAggregation with SubAggregation
value:
indices:
- identities
aggregationType: SAILPOINT
aggregations:
bucket:
name: Identity Department
type: TERMS
field: attributes.department
subAggregation:
bucket:
name: Identity Locations
type: TERMS
field: attributes.city
bucketAggregation-subAggregation-dsl:
summary: BucketAggregation with SubAggregation using DSL
value:
indices:
- identities
aggregationType: DSL
aggregationsDsl:
Identity Department:
terms:
field: attributes.department.exact
aggs:
Identity Locations:
terms:
field: attributes.city.exact
required: true
responses:
'200':
description: Aggregation results.
content:
application/json:
schema:
type: object
properties:
aggregations:
type: object
description: |
The document containing the results of the aggregation. This document is controlled by Elasticsearch and depends on the type of aggregation query that is run.
See Elasticsearch [Aggregations](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/search-aggregations.html) documentation for information.
example:
Identity Locations:
buckets:
- key: Austin
doc_count: 109
- key: London
doc_count: 64
- key: San Jose
doc_count: 27
- key: Brussels
doc_count: 26
- key: Sao Paulo
doc_count: 24
- key: Munich
doc_count: 23
- key: Singapore
doc_count: 22
- key: Tokyo
doc_count: 20
- key: Taipei
doc_count: 16
hits:
description: |
The results of the aggregation search query.
type: array
items:
discriminator:
propertyName: _type
mapping:
accessprofile: ../model/access/profile/AccessProfileDocument.yaml
accountactivity: ../model/account/activity/AccountActivityDocument.yaml
entitlement: ../model/entitlement/EntitlementDocument.yaml
event: ../model/event/EventDocument.yaml
identity: ../model/identity/IdentityDocument.yaml
role: ../model/role/RoleDocument.yaml
oneOf:
- description: 'More complete representation of an access profile. '
allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
description:
type: string
description: Access item's description.
example: The admin role
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
nullable: true
format: date-time
example: '2018-06-25T20:22:33.104Z'
enabled:
type: boolean
description: Indicates whether the access item is currently enabled.
default: false
example: true
requestable:
type: boolean
description: Indicates whether the access item can be requested.
default: true
example: true
requestCommentsRequired:
type: boolean
description: Indicates whether comments are required for requests to access the item.
default: false
example: false
owner:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's display name.
example: Support
email:
type: string
description: Owner's email.
example: cloud-support@sailpoint.com
- type: object
required:
- id
- name
- _type
properties:
id:
type: string
description: Access profile's ID.
example: 2c9180825a6c1adc015a71c9023f0818
name:
type: string
description: Access profile's name.
example: Cloud Eng
_type:
description: |-
Access profile's document type.
This enum represents the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- account
- aggregation
- entitlement
- event
- identity
- role
example: accessprofile
source:
type: object
description: Access profile's source.
properties:
id:
type: string
description: Source's ID.
example: ff8081815757d4fb0157588f3d9d008f
name:
type: string
description: Source's name.
example: Employees
entitlements:
type: array
description: Entitlements the access profile has access to.
items:
type: object
properties:
hasPermissions:
type: boolean
description: Indicates whether the entitlement has permissions.
default: false
example: false
description:
type: string
description: Entitlement's description.
example: Cloud engineering
attribute:
type: string
description: Entitlement attribute's name.
example: memberOf
value:
type: string
description: Entitlement's value.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
schema:
type: string
description: Entitlement's schema.
example: group
privileged:
type: boolean
description: Indicates whether the entitlement is privileged.
default: false
example: false
id:
type: string
description: Entitlement's ID.
example: 2c918084575812550157589064f33b89
name:
type: string
description: Entitlement's name.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
entitlementCount:
type: integer
description: Number of entitlements.
example: 5
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
- description: AccountActivity
allOf:
- type: object
required:
- id
- name
- _type
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
name:
type: string
example: john.doe
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- account
- aggregation
- entitlement
- event
- identity
- role
example: identity
- type: object
properties:
action:
type: string
description: Type of action performed in the activity.
externalDocs:
description: Learn more about account activity action types
url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data'
example: Identity Refresh.
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
stage:
type: string
description: Activity's current stage.
example: Completed
origin:
type: string
description: Activity's origin.
nullable: true
example: null
status:
type: string
description: Activity's current status.
example: Complete
requester:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
recipient:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
trackingNumber:
type: string
description: Account activity's tracking number.
example: 61aad0c9e8134eca89e76a35e0cabe3f
errors:
type: array
description: Errors provided by the source while completing account actions.
items:
type: string
nullable: true
example: null
warnings:
type: array
description: Warnings provided by the source while completing account actions.
items:
type: string
nullable: true
example: null
approvals:
type: array
description: Approvals performed on an item during activity.
items:
type: object
properties:
comments:
type: array
items:
type: object
properties:
comment:
type: string
description: The comment text
example: This request was autoapproved by our automated ETS subscriber.
commenter:
type: string
description: The name of the commenter
example: Automated AR Approval
date:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
created:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
modified:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
owner:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
result:
type: string
description: The result of the approval
example: Finished
type:
type: string
nullable: true
example: null
originalRequests:
type: array
description: Original actions that triggered all individual source actions related to the account action.
items:
type: object
properties:
accountId:
type: string
description: Account ID.
example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com'
attributeRequests:
type: array
description: Attribute changes requested for account.
items:
type: object
properties:
name:
type: string
description: Attribute name.
example: groups
op:
type: string
description: Operation to perform on attribute.
example: Add
value:
type: string
description: Value of attribute.
example: '3203537556531076'
op:
type: string
description: Operation used.
example: add
source:
description: Account's source.
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
expansionItems:
type: array
description: Controls that translated the attribute requests into actual provisioning actions on the source.
items:
type: object
properties:
accountId:
type: string
description: The ID of the account
example: 2c91808981f58ea601821c3e93482e6f
cause:
type: string
example: Role
name:
type: string
description: The name of the item
example: smartsheet-role
attributeRequests:
type: array
items:
type: object
properties:
name:
type: string
description: Attribute name.
example: groups
op:
type: string
description: Operation to perform on attribute.
example: Add
value:
type: string
description: Value of attribute.
example: '3203537556531076'
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
accountRequests:
type: array
description: Account data for each individual source action triggered by the original requests.
items:
type: object
properties:
accountId:
type: string
description: Unique ID of the account
example: John.Doe
attributeRequests:
type: array
items:
type: object
properties:
name:
type: string
description: Attribute name.
example: groups
op:
type: string
description: Operation to perform on attribute.
example: Add
value:
type: string
description: Value of attribute.
example: '3203537556531076'
op:
type: string
example: Modify
description: The operation that was performed
provisioningTarget:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
result:
type: object
properties:
errors:
type: array
items:
type: string
example: |-
[ConnectorError] [
{
"code": "unrecognized_keys",
"keys": [
"groups"
],
"path": [],
"message": "Unrecognized key(s) in object: 'groups'"
}
] (requestId: 5e9d6df5-9b1b-47d9-9bf1-dc3a2893299e)
status:
type: string
description: The status of the account request
example: failed
ticketId:
type: string
nullable: true
example: null
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
sources:
type: string
description: Sources involved in the account activity.
example: 'smartsheet-test, airtable-v4, IdentityNow'
- description: Entitlement
allOf:
- type: object
required:
- id
- name
- _type
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
name:
type: string
example: john.doe
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- account
- aggregation
- entitlement
- event
- identity
- role
example: identity
- type: object
properties:
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
displayName:
type: string
description: Entitlement's display name.
example: Admin
source:
type: object
description: Entitlement's source.
properties:
id:
type: string
description: ID of entitlement's source.
example: 2c91808b6e9e6fb8016eec1a2b6f7b5f
name:
type: string
description: Display name of entitlement's source.
example: ODS-HR-Employees
segments:
type: array
description: Segments with the role.
items:
type: object
properties:
id:
type: string
example: b009b6e3-b56d-41d9-8735-cb532ea0b017
description: Segment's unique ID.
name:
type: string
example: Test Segment
description: Segment's display name.
segmentCount:
type: integer
description: Number of segments with the role.
format: int32
example: 1
requestable:
type: boolean
description: Indicates whether the entitlement is requestable.
default: false
example: false
cloudGoverned:
type: boolean
description: Indicates whether the entitlement is cloud governed.
default: false
example: false
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
privileged:
type: boolean
description: Indicates whether the entitlement is privileged.
default: false
example: false
identityCount:
type: integer
description: Number of identities who have access to the entitlement.
format: int32
example: 3
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
- description: Event
allOf:
- type: object
required:
- id
- name
- _type
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
name:
type: string
example: john.doe
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- account
- aggregation
- entitlement
- event
- identity
- role
example: identity
- type: object
properties:
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
action:
type: string
description: Name of the event as it's displayed in audit reports.
example: update
type:
type: string
description: 'Event type. Refer to [Event Types](https://documentation.sailpoint.com/saas/help/search/index.html#event-types) for a list of event types and their meanings.'
example: SYSTEM_CONFIG
actor:
type: string
description: Name of the actor that generated the event.
example: System
target:
type: string
description: 'Name of the target, or recipient, of the event.'
example: Carol.Adams
stack:
type: string
description: The event's stack.
example: tpe
trackingNumber:
type: string
description: ID of the group of events.
example: 63f891e0735f4cc8bf1968144a1e7440
ipAddress:
type: string
description: Target system's IP address.
example: 52.52.97.85
details:
type: string
description: ID of event's details.
example: 73b65dfbed1842548c207432a18c84b0
attributes:
type: object
description: Attributes involved in the event.
additionalProperties: true
example:
pod: stg03-useast1
org: acme
sourceName: SailPoint
objects:
type: array
description: Objects the event is happening to.
items:
type: string
example: AUTHENTICATION
operation:
type: string
description: 'Operation, or action, performed during the event.'
example: REQUEST
status:
type: string
description: 'Event status. Refer to [Event Statuses](https://documentation.sailpoint.com/saas/help/search/index.html#event-statuses) for a list of event statuses and their meanings.'
example: PASSED
technicalName:
type: string
description: Event's normalized name. This normalized name always follows the pattern of 'objects_operation_status'.
example: AUTHENTICATION_REQUEST_PASSED
- description: Identity
allOf:
- type: object
required:
- id
- name
- _type
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
name:
type: string
example: john.doe
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- account
- aggregation
- entitlement
- event
- identity
- role
example: identity
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
displayName:
type: string
example: Carol.Adams
description: Identity's display name.
firstName:
type: string
description: Identity's first name.
example: Carol
lastName:
type: string
description: Identity's last name.
example: Adams
email:
type: string
description: Identity's primary email address.
example: Carol.Adams@sailpointdemo.com
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
phone:
type: string
description: Identity's phone number.
example: +1 440-527-3672
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
inactive:
type: boolean
description: Indicates whether the identity is inactive.
default: false
example: false
protected:
type: boolean
description: Indicates whether the identity is protected.
default: false
example: false
status:
type: string
description: Identity's status in SailPoint.
example: UNREGISTERED
employeeNumber:
type: string
description: Identity's employee number.
example: 1a2a3d4e
manager:
type: object
description: Identity's manager.
nullable: true
properties:
id:
type: string
description: ID of identity's manager.
example: 2c9180867dfe694b017e208e27c05799
name:
type: string
description: Name of identity's manager.
example: Amanda.Ross
displayName:
type: string
description: Display name of identity's manager.
example: Amanda.Ross
isManager:
type: boolean
description: Indicates whether the identity is a manager of other identities.
example: false
identityProfile:
type: object
description: Identity's identity profile.
properties:
id:
type: string
description: Identity profile's ID.
example: 3bc8ad26b8664945866b31339d1ff7d2
name:
type: string
description: Identity profile's name.
example: HR Employees
source:
type: object
description: Identity's source.
properties:
id:
type: string
description: ID of identity's source.
example: 2c91808b6e9e6fb8016eec1a2b6f7b5f
name:
type: string
description: Display name of identity's source.
example: ODS-HR-Employees
attributes:
type: object
description: Map or dictionary of key/value pairs.
additionalProperties: true
example:
country: US
firstname: Carol
cloudStatus: UNREGISTERED
processingState:
type: string
description: Identity's processing state.
nullable: true
example: null
processingDetails:
description: Identity's processing details.
nullable: true
type: object
properties:
date:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
stage:
type: string
example: In Process
retryCount:
type: integer
example: 0
format: int32
stackTrace:
type: string
example:
message:
type: string
example:
accounts:
type: array
description: List of accounts associated with the identity.
items:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
accountId:
type: string
description: Account ID.
example: John.Doe
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
disabled:
type: boolean
description: Indicates whether the account is disabled.
default: false
example: false
locked:
type: boolean
description: Indicates whether the account is locked.
default: false
example: false
privileged:
type: boolean
description: Indicates whether the account is privileged.
default: false
example: false
manuallyCorrelated:
type: boolean
description: Indicates whether the account has been manually correlated to an identity.
default: false
example: false
passwordLastSet:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
entitlementAttributes:
type: object
nullable: true
description: Map or dictionary of key/value pairs.
additionalProperties: true
example:
moderator: true
admin: true
trust_level: '4'
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
accountCount:
type: integer
description: Number of accounts associated with the identity.
format: int32
example: 3
apps:
type: array
description: List of applications the identity has access to.
items:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
source:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
account:
type: object
properties:
id:
type: string
description: The SailPoint generated unique ID
example: 2c9180837dfe6949017e21f3d8cd6d49
accountId:
type: string
description: The account ID generated by the source
example: 'CN=Carol Adams,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
appCount:
type: integer
format: int32
description: Number of applications the identity has access to.
example: 2
access:
type: array
description: List of access items assigned to the identity.
items:
discriminator:
propertyName: type
mapping:
ACCESS_PROFILE: ../access/AccessProfileSummary.yaml
ENTITLEMENT: ../access/AccessProfileEntitlement.yaml
ROLE: ../access/AccessProfileRole.yaml
oneOf:
- description: This is a summary representation of an access profile.
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
description:
type: string
nullable: true
example: null
- type: object
properties:
source:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
owner:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
revocable:
type: boolean
example: true
- description: EntitlementReference
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
description:
type: string
nullable: true
example: null
- type: object
properties:
source:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
privileged:
type: boolean
example: false
attribute:
type: string
example: memberOf
value:
type: string
example: 'CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
standalone:
type: boolean
example: false
- description: Role
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
description:
type: string
nullable: true
example: null
- type: object
properties:
owner:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
disabled:
type: boolean
revocable:
type: boolean
accessCount:
type: integer
format: int32
description: Number of access items assigned to the identity.
example: 5
entitlementCount:
type: integer
format: int32
description: Number of entitlements assigned to the identity.
example: 10
roleCount:
type: integer
format: int32
description: Number of roles assigned to the identity.
example: 1
accessProfileCount:
type: integer
format: int32
description: Number of access profiles assigned to the identity.
example: 1
owns:
type: array
description: Access items the identity owns.
items:
type: object
properties:
sources:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
entitlements:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
accessProfiles:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
roles:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
apps:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
governanceGroups:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
fallbackApprover:
type: boolean
example: false
ownsCount:
type: integer
format: int32
description: Number of access items the identity owns.
example: 5
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
- description: Role
allOf:
- type: object
required:
- id
- name
- _type
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
name:
type: string
example: john.doe
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- account
- aggregation
- entitlement
- event
- identity
- role
example: identity
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
description:
type: string
description: Access item's description.
example: The admin role
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
nullable: true
format: date-time
example: '2018-06-25T20:22:33.104Z'
enabled:
type: boolean
description: Indicates whether the access item is currently enabled.
default: false
example: true
requestable:
type: boolean
description: Indicates whether the access item can be requested.
default: true
example: true
requestCommentsRequired:
type: boolean
description: Indicates whether comments are required for requests to access the item.
default: false
example: false
owner:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's display name.
example: Support
email:
type: string
description: Owner's email.
example: cloud-support@sailpoint.com
- type: object
properties:
accessProfiles:
type: array
description: Access profiles included with the role.
items:
type: object
properties:
id:
type: string
example: 2c91809c6faade77016fb4f0b63407ae
description: Access profile's unique ID.
name:
type: string
example: Admin Access
description: Access profile's display name.
accessProfileCount:
type: integer
description: Number of access profiles included with the role.
format: int32
example: 1
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
segments:
type: array
description: Segments with the role.
items:
type: object
properties:
id:
type: string
example: b009b6e3-b56d-41d9-8735-cb532ea0b017
description: Segment's unique ID.
name:
type: string
example: Test Segment
description: Segment's display name.
segmentCount:
type: integer
description: Number of segments with the role.
format: int32
example: 1
entitlements:
type: array
description: Entitlements included with the role.
items:
type: object
properties:
hasPermissions:
type: boolean
description: Indicates whether the entitlement has permissions.
default: false
example: false
description:
type: string
description: Entitlement's description.
example: Cloud engineering
attribute:
type: string
description: Entitlement attribute's name.
example: memberOf
value:
type: string
description: Entitlement's value.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
schema:
type: string
description: Entitlement's schema.
example: group
privileged:
type: boolean
description: Indicates whether the entitlement is privileged.
default: false
example: false
id:
type: string
description: Entitlement's ID.
example: 2c918084575812550157589064f33b89
name:
type: string
description: Entitlement's name.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
entitlementCount:
type: integer
description: Number of entitlements included with the role.
format: int32
example: 3
text/csv:
schema:
description: |
If the *Accept:text/csv* header is specified and the *aggregationType* parameter in the request body is *SAILPOINT*,
the aggregation result will be returned as a CSV document.
type: string
example:
- 'Identity Locations,Count'
- 'Munich,23'
- 'Brussels,26'
- 'Singapore,22'
- 'Tokyo,20'
- 'Taipei,16'
- 'London,64'
- 'Austin,109'
- 'Sao Paulo,24'
- 'San Jose,27'
headers:
X-Total-Count:
description: The total result count (returned only if the *count* parameter is specified as *true*).
schema:
type: integer
example: 5
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/search/{index}/{id}':
get:
tags:
- Search
description: 'Fetches a single document from the specified index, using the specified document ID.'
operationId: searchGet
security:
- UserContextAuth:
- 'sp:search:read'
summary: Get a Document by ID
parameters:
- in: path
name: index
description: |
The index from which to fetch the specified document.
The currently supported index names are: *accessprofiles*, *accountactivities*, *entitlements*, *events*, *identities*, and *roles*.
schema:
type: string
required: true
example: accounts
- in: path
name: id
description: ID of the requested document.
schema:
type: string
required: true
example: 2c91808568c529c60168cca6f90c1313
responses:
'200':
description: The requested document.
content:
application/json:
schema:
discriminator:
propertyName: _type
mapping:
accessprofile: ../model/access/profile/AccessProfileDocument.yaml
accountactivity: ../model/account/activity/AccountActivityDocument.yaml
entitlement: ../model/entitlement/EntitlementDocument.yaml
event: ../model/event/EventDocument.yaml
identity: ../model/identity/IdentityDocument.yaml
role: ../model/role/RoleDocument.yaml
oneOf:
- description: 'More complete representation of an access profile. '
allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
description:
type: string
description: Access item's description.
example: The admin role
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
nullable: true
format: date-time
example: '2018-06-25T20:22:33.104Z'
enabled:
type: boolean
description: Indicates whether the access item is currently enabled.
default: false
example: true
requestable:
type: boolean
description: Indicates whether the access item can be requested.
default: true
example: true
requestCommentsRequired:
type: boolean
description: Indicates whether comments are required for requests to access the item.
default: false
example: false
owner:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's display name.
example: Support
email:
type: string
description: Owner's email.
example: cloud-support@sailpoint.com
- type: object
required:
- id
- name
- _type
properties:
id:
type: string
description: Access profile's ID.
example: 2c9180825a6c1adc015a71c9023f0818
name:
type: string
description: Access profile's name.
example: Cloud Eng
_type:
description: |-
Access profile's document type.
This enum represents the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- account
- aggregation
- entitlement
- event
- identity
- role
example: accessprofile
source:
type: object
description: Access profile's source.
properties:
id:
type: string
description: Source's ID.
example: ff8081815757d4fb0157588f3d9d008f
name:
type: string
description: Source's name.
example: Employees
entitlements:
type: array
description: Entitlements the access profile has access to.
items:
type: object
properties:
hasPermissions:
type: boolean
description: Indicates whether the entitlement has permissions.
default: false
example: false
description:
type: string
description: Entitlement's description.
example: Cloud engineering
attribute:
type: string
description: Entitlement attribute's name.
example: memberOf
value:
type: string
description: Entitlement's value.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
schema:
type: string
description: Entitlement's schema.
example: group
privileged:
type: boolean
description: Indicates whether the entitlement is privileged.
default: false
example: false
id:
type: string
description: Entitlement's ID.
example: 2c918084575812550157589064f33b89
name:
type: string
description: Entitlement's name.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
entitlementCount:
type: integer
description: Number of entitlements.
example: 5
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
- description: AccountActivity
allOf:
- type: object
required:
- id
- name
- _type
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
name:
type: string
example: john.doe
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- account
- aggregation
- entitlement
- event
- identity
- role
example: identity
- type: object
properties:
action:
type: string
description: Type of action performed in the activity.
externalDocs:
description: Learn more about account activity action types
url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data'
example: Identity Refresh.
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
stage:
type: string
description: Activity's current stage.
example: Completed
origin:
type: string
description: Activity's origin.
nullable: true
example: null
status:
type: string
description: Activity's current status.
example: Complete
requester:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
recipient:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
trackingNumber:
type: string
description: Account activity's tracking number.
example: 61aad0c9e8134eca89e76a35e0cabe3f
errors:
type: array
description: Errors provided by the source while completing account actions.
items:
type: string
nullable: true
example: null
warnings:
type: array
description: Warnings provided by the source while completing account actions.
items:
type: string
nullable: true
example: null
approvals:
type: array
description: Approvals performed on an item during activity.
items:
type: object
properties:
comments:
type: array
items:
type: object
properties:
comment:
type: string
description: The comment text
example: This request was autoapproved by our automated ETS subscriber.
commenter:
type: string
description: The name of the commenter
example: Automated AR Approval
date:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
created:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
modified:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
owner:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
result:
type: string
description: The result of the approval
example: Finished
type:
type: string
nullable: true
example: null
originalRequests:
type: array
description: Original actions that triggered all individual source actions related to the account action.
items:
type: object
properties:
accountId:
type: string
description: Account ID.
example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com'
attributeRequests:
type: array
description: Attribute changes requested for account.
items:
type: object
properties:
name:
type: string
description: Attribute name.
example: groups
op:
type: string
description: Operation to perform on attribute.
example: Add
value:
type: string
description: Value of attribute.
example: '3203537556531076'
op:
type: string
description: Operation used.
example: add
source:
description: Account's source.
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
expansionItems:
type: array
description: Controls that translated the attribute requests into actual provisioning actions on the source.
items:
type: object
properties:
accountId:
type: string
description: The ID of the account
example: 2c91808981f58ea601821c3e93482e6f
cause:
type: string
example: Role
name:
type: string
description: The name of the item
example: smartsheet-role
attributeRequests:
type: array
items:
type: object
properties:
name:
type: string
description: Attribute name.
example: groups
op:
type: string
description: Operation to perform on attribute.
example: Add
value:
type: string
description: Value of attribute.
example: '3203537556531076'
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
accountRequests:
type: array
description: Account data for each individual source action triggered by the original requests.
items:
type: object
properties:
accountId:
type: string
description: Unique ID of the account
example: John.Doe
attributeRequests:
type: array
items:
type: object
properties:
name:
type: string
description: Attribute name.
example: groups
op:
type: string
description: Operation to perform on attribute.
example: Add
value:
type: string
description: Value of attribute.
example: '3203537556531076'
op:
type: string
example: Modify
description: The operation that was performed
provisioningTarget:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
result:
type: object
properties:
errors:
type: array
items:
type: string
example: |-
[ConnectorError] [
{
"code": "unrecognized_keys",
"keys": [
"groups"
],
"path": [],
"message": "Unrecognized key(s) in object: 'groups'"
}
] (requestId: 5e9d6df5-9b1b-47d9-9bf1-dc3a2893299e)
status:
type: string
description: The status of the account request
example: failed
ticketId:
type: string
nullable: true
example: null
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
sources:
type: string
description: Sources involved in the account activity.
example: 'smartsheet-test, airtable-v4, IdentityNow'
- description: Entitlement
allOf:
- type: object
required:
- id
- name
- _type
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
name:
type: string
example: john.doe
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- account
- aggregation
- entitlement
- event
- identity
- role
example: identity
- type: object
properties:
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
displayName:
type: string
description: Entitlement's display name.
example: Admin
source:
type: object
description: Entitlement's source.
properties:
id:
type: string
description: ID of entitlement's source.
example: 2c91808b6e9e6fb8016eec1a2b6f7b5f
name:
type: string
description: Display name of entitlement's source.
example: ODS-HR-Employees
segments:
type: array
description: Segments with the role.
items:
type: object
properties:
id:
type: string
example: b009b6e3-b56d-41d9-8735-cb532ea0b017
description: Segment's unique ID.
name:
type: string
example: Test Segment
description: Segment's display name.
segmentCount:
type: integer
description: Number of segments with the role.
format: int32
example: 1
requestable:
type: boolean
description: Indicates whether the entitlement is requestable.
default: false
example: false
cloudGoverned:
type: boolean
description: Indicates whether the entitlement is cloud governed.
default: false
example: false
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
privileged:
type: boolean
description: Indicates whether the entitlement is privileged.
default: false
example: false
identityCount:
type: integer
description: Number of identities who have access to the entitlement.
format: int32
example: 3
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
- description: Event
allOf:
- type: object
required:
- id
- name
- _type
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
name:
type: string
example: john.doe
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- account
- aggregation
- entitlement
- event
- identity
- role
example: identity
- type: object
properties:
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
action:
type: string
description: Name of the event as it's displayed in audit reports.
example: update
type:
type: string
description: 'Event type. Refer to [Event Types](https://documentation.sailpoint.com/saas/help/search/index.html#event-types) for a list of event types and their meanings.'
example: SYSTEM_CONFIG
actor:
type: string
description: Name of the actor that generated the event.
example: System
target:
type: string
description: 'Name of the target, or recipient, of the event.'
example: Carol.Adams
stack:
type: string
description: The event's stack.
example: tpe
trackingNumber:
type: string
description: ID of the group of events.
example: 63f891e0735f4cc8bf1968144a1e7440
ipAddress:
type: string
description: Target system's IP address.
example: 52.52.97.85
details:
type: string
description: ID of event's details.
example: 73b65dfbed1842548c207432a18c84b0
attributes:
type: object
description: Attributes involved in the event.
additionalProperties: true
example:
pod: stg03-useast1
org: acme
sourceName: SailPoint
objects:
type: array
description: Objects the event is happening to.
items:
type: string
example: AUTHENTICATION
operation:
type: string
description: 'Operation, or action, performed during the event.'
example: REQUEST
status:
type: string
description: 'Event status. Refer to [Event Statuses](https://documentation.sailpoint.com/saas/help/search/index.html#event-statuses) for a list of event statuses and their meanings.'
example: PASSED
technicalName:
type: string
description: Event's normalized name. This normalized name always follows the pattern of 'objects_operation_status'.
example: AUTHENTICATION_REQUEST_PASSED
- description: Identity
allOf:
- type: object
required:
- id
- name
- _type
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
name:
type: string
example: john.doe
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- account
- aggregation
- entitlement
- event
- identity
- role
example: identity
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
displayName:
type: string
example: Carol.Adams
description: Identity's display name.
firstName:
type: string
description: Identity's first name.
example: Carol
lastName:
type: string
description: Identity's last name.
example: Adams
email:
type: string
description: Identity's primary email address.
example: Carol.Adams@sailpointdemo.com
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
phone:
type: string
description: Identity's phone number.
example: +1 440-527-3672
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
inactive:
type: boolean
description: Indicates whether the identity is inactive.
default: false
example: false
protected:
type: boolean
description: Indicates whether the identity is protected.
default: false
example: false
status:
type: string
description: Identity's status in SailPoint.
example: UNREGISTERED
employeeNumber:
type: string
description: Identity's employee number.
example: 1a2a3d4e
manager:
type: object
description: Identity's manager.
nullable: true
properties:
id:
type: string
description: ID of identity's manager.
example: 2c9180867dfe694b017e208e27c05799
name:
type: string
description: Name of identity's manager.
example: Amanda.Ross
displayName:
type: string
description: Display name of identity's manager.
example: Amanda.Ross
isManager:
type: boolean
description: Indicates whether the identity is a manager of other identities.
example: false
identityProfile:
type: object
description: Identity's identity profile.
properties:
id:
type: string
description: Identity profile's ID.
example: 3bc8ad26b8664945866b31339d1ff7d2
name:
type: string
description: Identity profile's name.
example: HR Employees
source:
type: object
description: Identity's source.
properties:
id:
type: string
description: ID of identity's source.
example: 2c91808b6e9e6fb8016eec1a2b6f7b5f
name:
type: string
description: Display name of identity's source.
example: ODS-HR-Employees
attributes:
type: object
description: Map or dictionary of key/value pairs.
additionalProperties: true
example:
country: US
firstname: Carol
cloudStatus: UNREGISTERED
processingState:
type: string
description: Identity's processing state.
nullable: true
example: null
processingDetails:
description: Identity's processing details.
nullable: true
type: object
properties:
date:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
stage:
type: string
example: In Process
retryCount:
type: integer
example: 0
format: int32
stackTrace:
type: string
example:
message:
type: string
example:
accounts:
type: array
description: List of accounts associated with the identity.
items:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
accountId:
type: string
description: Account ID.
example: John.Doe
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
disabled:
type: boolean
description: Indicates whether the account is disabled.
default: false
example: false
locked:
type: boolean
description: Indicates whether the account is locked.
default: false
example: false
privileged:
type: boolean
description: Indicates whether the account is privileged.
default: false
example: false
manuallyCorrelated:
type: boolean
description: Indicates whether the account has been manually correlated to an identity.
default: false
example: false
passwordLastSet:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
entitlementAttributes:
type: object
nullable: true
description: Map or dictionary of key/value pairs.
additionalProperties: true
example:
moderator: true
admin: true
trust_level: '4'
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
accountCount:
type: integer
description: Number of accounts associated with the identity.
format: int32
example: 3
apps:
type: array
description: List of applications the identity has access to.
items:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
source:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
account:
type: object
properties:
id:
type: string
description: The SailPoint generated unique ID
example: 2c9180837dfe6949017e21f3d8cd6d49
accountId:
type: string
description: The account ID generated by the source
example: 'CN=Carol Adams,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
appCount:
type: integer
format: int32
description: Number of applications the identity has access to.
example: 2
access:
type: array
description: List of access items assigned to the identity.
items:
discriminator:
propertyName: type
mapping:
ACCESS_PROFILE: ../access/AccessProfileSummary.yaml
ENTITLEMENT: ../access/AccessProfileEntitlement.yaml
ROLE: ../access/AccessProfileRole.yaml
oneOf:
- description: This is a summary representation of an access profile.
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
description:
type: string
nullable: true
example: null
- type: object
properties:
source:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
owner:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
revocable:
type: boolean
example: true
- description: EntitlementReference
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
description:
type: string
nullable: true
example: null
- type: object
properties:
source:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
privileged:
type: boolean
example: false
attribute:
type: string
example: memberOf
value:
type: string
example: 'CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
standalone:
type: boolean
example: false
- description: Role
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
description:
type: string
nullable: true
example: null
- type: object
properties:
owner:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
disabled:
type: boolean
revocable:
type: boolean
accessCount:
type: integer
format: int32
description: Number of access items assigned to the identity.
example: 5
entitlementCount:
type: integer
format: int32
description: Number of entitlements assigned to the identity.
example: 10
roleCount:
type: integer
format: int32
description: Number of roles assigned to the identity.
example: 1
accessProfileCount:
type: integer
format: int32
description: Number of access profiles assigned to the identity.
example: 1
owns:
type: array
description: Access items the identity owns.
items:
type: object
properties:
sources:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
entitlements:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
accessProfiles:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
roles:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
apps:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
governanceGroups:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
fallbackApprover:
type: boolean
example: false
ownsCount:
type: integer
format: int32
description: Number of access items the identity owns.
example: 5
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
- description: Role
allOf:
- type: object
required:
- id
- name
- _type
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
name:
type: string
example: john.doe
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- account
- aggregation
- entitlement
- event
- identity
- role
example: identity
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
description:
type: string
description: Access item's description.
example: The admin role
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
nullable: true
format: date-time
example: '2018-06-25T20:22:33.104Z'
enabled:
type: boolean
description: Indicates whether the access item is currently enabled.
default: false
example: true
requestable:
type: boolean
description: Indicates whether the access item can be requested.
default: true
example: true
requestCommentsRequired:
type: boolean
description: Indicates whether comments are required for requests to access the item.
default: false
example: false
owner:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's display name.
example: Support
email:
type: string
description: Owner's email.
example: cloud-support@sailpoint.com
- type: object
properties:
accessProfiles:
type: array
description: Access profiles included with the role.
items:
type: object
properties:
id:
type: string
example: 2c91809c6faade77016fb4f0b63407ae
description: Access profile's unique ID.
name:
type: string
example: Admin Access
description: Access profile's display name.
accessProfileCount:
type: integer
description: Number of access profiles included with the role.
format: int32
example: 1
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
segments:
type: array
description: Segments with the role.
items:
type: object
properties:
id:
type: string
example: b009b6e3-b56d-41d9-8735-cb532ea0b017
description: Segment's unique ID.
name:
type: string
example: Test Segment
description: Segment's display name.
segmentCount:
type: integer
description: Number of segments with the role.
format: int32
example: 1
entitlements:
type: array
description: Entitlements included with the role.
items:
type: object
properties:
hasPermissions:
type: boolean
description: Indicates whether the entitlement has permissions.
default: false
example: false
description:
type: string
description: Entitlement's description.
example: Cloud engineering
attribute:
type: string
description: Entitlement attribute's name.
example: memberOf
value:
type: string
description: Entitlement's value.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
schema:
type: string
description: Entitlement's schema.
example: group
privileged:
type: boolean
description: Indicates whether the entitlement is privileged.
default: false
example: false
id:
type: string
description: Entitlement's ID.
example: 2c918084575812550157589064f33b89
name:
type: string
description: Entitlement's name.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
entitlementCount:
type: integer
description: Number of entitlements included with the role.
format: int32
example: 3
examples:
accessProfile:
summary: AccessProfile
value:
id: 2c9180825a6c1adc015a71c9023f0818
name: Cloud Eng
description: Cloud Eng
created: '2017-02-24T20:21:23.145Z'
modified: '2019-05-24T20:36:04.312Z'
synced: '2020-02-18T05:30:20.414Z'
enabled: true
requestable: true
requestCommentsRequired: false
owner:
id: ff8081815757d36a015757d42e56031e
name: SailPoint Support
type: IDENTITY
email: cloud-support@sailpoint.com
source:
id: ff8081815757d4fb0157588f3d9d008f
name: Employees
entitlements:
- id: 2c918084575812550157589064f33b89
name: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
description: mull
attribute: memberOf
value: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
entitlementCount: 1
tags:
- TAG_1
- TAG_2
entitlement:
summary: Entitlement
value:
id: 2c9180946ed0c43d016eec1a80892fbd
name: entitlement.aa415ae7
description: 'null'
attribute: groups
value: entitlement.aa415ae7
modified: '2019-12-09T19:19:50.154Z'
created: '2018-12-07T01:07:48Z'
synced: '2020-02-19T04:30:32.906Z'
displayName: entitlement.aa415ae7
source:
id: 2c91808b6e9e6fb8016eec1a2b6f7b5f
name: ODS-HR-Employees
owner:
type: IDENTITY
id: 2c9180858315595501831958427e5424
name: Addie Lee
privileged: false
identityCount: 68
tags:
- TAG_1
- TAG_2
event:
summary: Event
value:
id: e092842f-c904-4b59-aac8-2544abeeef4b
name: Update Task Schedule Passed
created: '2020-02-17T16:23:18.327Z'
synced: '2020-02-17T16:23:18.388Z'
action: TASK_SCHEDULE_UPDATE_PASSED
type: SYSTEM_CONFIG
actor:
name: MantisTaskScheduler
target:
name: Perform provisioning activity search delete synchronization
stack: tpe
trackingNumber: c6b98bc39ece48b080826d16c76b166c
ipAddress: 207.189.160.158
details: 'null'
attributes:
sourceName: SailPoint
objects:
- TASK
- SCHEDULE
operation: UPDATE
status: PASSED
technicalName: TASK_SCHEDULE_UPDATE_PASSED
identity:
summary: Identity
value:
id: 2c9180865c45e7e3015c46c434a80622
name: ad.admin
firstName: AD
lastName: Admin
displayName: AD Admin
email: SLPT.CLOUD.SAILPOINT.TEST+AD-ADMIN@GMAIL.COM
created: '2018-08-22T19:54:54.302Z'
modified: '2018-08-22T19:54:54.302Z'
synced: '2018-08-22T19:54:54.302Z'
phone: 512-942-7578
inactive: false
protected: false
status: UNREGISTERED
employeeNumber: O349804
manager: null
isManager: false
identityProfile:
id: 2c918085605c8d0601606f357cb231e6
name: E2E AD
source:
id: 2c9180855c45b230015c46c19b9c0202
name: EndToEnd-ADSource
attributes:
uid: ad.admin
firstname: AD
cloudAuthoritativeSource: 2c9180855c45b230015c46c19b9c0202
cloudStatus: UNREGISTERED
iplanet-am-user-alias-list: null
displayName: AD Admin
internalCloudStatus: UNREGISTERED
workPhone: 512-942-7578
email: SLPT.CLOUD.SAILPOINT.TEST+AD-ADMIN@GMAIL.COM
lastname: Admin
processingState: null
processingDetails: null
accounts:
- id: 2c9180865c45e7e3015c46c434a80623
name: ad.admin
accountId: 'CN=AD Admin,OU=slpt-automation,DC=TestAutomationAD,DC=local'
source:
id: 2c9180855c45b230015c46c19b9c0202
name: EndToEnd-ADSource
type: Active Directory - Direct
disabled: false
locked: false
privileged: false
manuallyCorrelated: false
passwordLastSet: '2018-08-22T19:54:54.302Z'
entitlementAttributes:
memberOf:
- 'CN=Group Policy Creator Owners,CN=Users,DC=TestAutomationAD,DC=local'
- 'CN=Domain Guests,CN=Users,DC=TestAutomationAD,DC=local'
- 'CN=Domain Admins,CN=Users,DC=TestAutomationAD,DC=local'
- 'CN=Enterprise Admins,CN=Users,DC=TestAutomationAD,DC=local'
- 'CN=Schema Admins,CN=Users,DC=TestAutomationAD,DC=local'
- 'CN=Guests,CN=Builtin,DC=TestAutomationAD,DC=local'
- 'CN=Administrators,CN=Builtin,DC=TestAutomationAD,DC=local'
created: '2018-08-22T19:54:54.302Z'
- id: 2c918083606d670c01606f35a30a0349
name: ad.admin
accountId: ad.admin
source:
id: ff8081815c46b85b015c46b90c7c02a6
name: IdentityNow
type: IdentityNowConnector
disabled: false
locked: false
privileged: false
manuallyCorrelated: false
passwordLastSet: null
entitlementAttributes: null
created: '2018-08-22T19:54:54.302Z'
accountCount: 2
apps:
- id: '22751'
name: ADP Workforce Now
source:
id: 2c9180855c45b230015c46e2f6a8026a
name: Corporate Active Directory
account:
id: 2c9180865c45efa4015c470be0de1606
accountId: 'CN=Bob Wilson,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com'
appCount: 1
access:
- id: 2c918083634bc6cb01639808d40270ba
name: 'test [AccessProfile-1527264105448]'
displayName: test
type: ACCESS_PROFILE
description: test
source:
id: 2c9180855c45b230015c46c19b9c0202
name: EndToEnd-ADSource
owner:
id: 2c9180865c45e7e3015c46c434a80622
name: ad.admin
displayName: AD Admin
- id: 2c9180865c45e7e3015c46c457c50755
name: Administrators
displayName: Administrators
type: ENTITLEMENT
description: null
source:
id: 2c9180855c45b230015c46c19b9c0202
name: EndToEnd-ADSource
privileged: false
attribute: memberOf
value: 'CN=Administrators,CN=Builtin,DC=TestAutomationAD,DC=local'
standalone: false
- id: 2c9180865decdaa5015e06598b293108
name: 'test [cloudRole-1503345085223]'
displayName: test
type: ROLE
description: test
owner:
id: 2c9180865c45e7e3015c46c5030707a0
name: will.albin
displayName: Albin Will
disabled: false
accessCount: 3
accessProfileCount: 1
entitlementCount: 1
roleCount: 1
tags:
- TAG_1
- TAG_2
role:
summary: Role
value:
id: 2c91808c6faadea6016fb4f2bc69077b
name: IT Role
description: IT role
created: '2020-01-17T19:20:15.040Z'
modified: null
synced: '2020-02-18T05:30:20.145Z'
enabled: true
requestable: false
requestCommentsRequired: false
owner:
id: 2c9180a46faadee4016fb4e018c20639
name: Cloud Support
type: IDENTITY
email: thomas.edison@acme-solar.com
accessProfiles:
- id: 2c91809c6faade77016fb4f0b63407ae
name: Admin Access
accessProfileCount: 1
segments:
- id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name: segment-xyz
description: This segment represents xyz
segmentCount: 1
entitlements:
- id: 2c91809c6faade77016fb4f0b63407ae
name: Admin Access
description: Access to everything
privileged: true
hasPermissions: true
entitlementCount: 1
tags:
- TAG_1
- TAG_2
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/segments:
post:
operationId: createSegment
security:
- UserContextAuth:
- 'idn:segment:manage'
tags:
- Segments
summary: Create Segment
description: |-
This API creates a segment.
>**Note:** Segment definitions may take time to propagate to all identities.
A token with ORG_ADMIN or API authority is required to call this API.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The segment's ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: The segment's business name.
example: segment-xyz
created:
type: string
format: date-time
description: The time when the segment is created.
example: '2020-01-01T00:00:00.000000Z'
modified:
type: string
format: date-time
description: The time when the segment is modified.
example: '2020-01-01T00:00:00.000000Z'
description:
type: string
description: The segment's optional description.
example: This segment represents xyz
owner:
type: object
nullable: true
description: The owner of this object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
visibilityCriteria:
allOf:
- type: object
properties:
expression:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: array
nullable: true
description: List of expressions
items:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: string
nullable: true
description: There cannot be anymore nested children. This will always be null.
example: null
example: []
- nullable: true
active:
type: boolean
description: This boolean indicates whether the segment is currently active. Inactive segments have no effect.
default: false
example: true
responses:
'201':
description: Segment created
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The segment's ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: The segment's business name.
example: segment-xyz
created:
type: string
format: date-time
description: The time when the segment is created.
example: '2020-01-01T00:00:00.000000Z'
modified:
type: string
format: date-time
description: The time when the segment is modified.
example: '2020-01-01T00:00:00.000000Z'
description:
type: string
description: The segment's optional description.
example: This segment represents xyz
owner:
type: object
nullable: true
description: The owner of this object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
visibilityCriteria:
allOf:
- type: object
properties:
expression:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: array
nullable: true
description: List of expressions
items:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: string
nullable: true
description: There cannot be anymore nested children. This will always be null.
example: null
example: []
- nullable: true
active:
type: boolean
description: This boolean indicates whether the segment is currently active. Inactive segments have no effect.
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
operationId: listSegments
security:
- UserContextAuth:
- 'idn:segment:read'
- 'idn:segment:manage'
tags:
- Segments
summary: List Segments
description: |-
This API returns a list of all segments.
A token with ORG_ADMIN or API authority is required to call this API.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: List of all segments
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The segment's ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: The segment's business name.
example: segment-xyz
created:
type: string
format: date-time
description: The time when the segment is created.
example: '2020-01-01T00:00:00.000000Z'
modified:
type: string
format: date-time
description: The time when the segment is modified.
example: '2020-01-01T00:00:00.000000Z'
description:
type: string
description: The segment's optional description.
example: This segment represents xyz
owner:
type: object
nullable: true
description: The owner of this object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
visibilityCriteria:
allOf:
- type: object
properties:
expression:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: array
nullable: true
description: List of expressions
items:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: string
nullable: true
description: There cannot be anymore nested children. This will always be null.
example: null
example: []
- nullable: true
active:
type: boolean
description: This boolean indicates whether the segment is currently active. Inactive segments have no effect.
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/segments/{id}':
get:
operationId: getSegment
security:
- UserContextAuth:
- 'idn:segment:read'
- 'idn:segment:manage'
tags:
- Segments
summary: Get Segment by ID
description: |-
This API returns the segment specified by the given ID.
A token with ORG_ADMIN or API authority is required to call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The segment ID to retrieve.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: Segment
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The segment's ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: The segment's business name.
example: segment-xyz
created:
type: string
format: date-time
description: The time when the segment is created.
example: '2020-01-01T00:00:00.000000Z'
modified:
type: string
format: date-time
description: The time when the segment is modified.
example: '2020-01-01T00:00:00.000000Z'
description:
type: string
description: The segment's optional description.
example: This segment represents xyz
owner:
type: object
nullable: true
description: The owner of this object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
visibilityCriteria:
allOf:
- type: object
properties:
expression:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: array
nullable: true
description: List of expressions
items:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: string
nullable: true
description: There cannot be anymore nested children. This will always be null.
example: null
example: []
- nullable: true
active:
type: boolean
description: This boolean indicates whether the segment is currently active. Inactive segments have no effect.
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteSegment
security:
- UserContextAuth:
- 'idn:segment:manage'
tags:
- Segments
summary: Delete Segment by ID
description: |-
This API deletes the segment specified by the given ID.
>**Note:** that segment deletion may take some time to become effective.
A token with ORG_ADMIN or API authority is required to call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The segment ID to delete.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'204':
description: No content.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchSegment
security:
- UserContextAuth:
- 'idn:segment:manage'
tags:
- Segments
summary: Update Segment
description: |-
Use this API to update segment fields by using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
>**Note:** Changes to a segment may take some time to propagate to all identities.
A token with ORG_ADMIN or API authority is required to call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The segment ID to modify.
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
description: |
A list of segment update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
The following fields are patchable:
* name
* description
* owner
* visibilityCriteria
* active
content:
application/json-patch+json:
schema:
type: array
items:
type: object
examples:
Set Visibility Criteria:
description: Set the visibility criteria
value:
- op: replace
path: /visibilityCriteria
value:
expression:
operator: AND
children:
- operator: EQUALS
attribute: location
value:
type: STRING
value: Philadelphia
- operator: EQUALS
attribute: department
value:
type: STRING
value: HR
responses:
'200':
description: 'Indicates the PATCH operation succeeded, and returns the segment''s new representation.'
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The segment's ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: The segment's business name.
example: segment-xyz
created:
type: string
format: date-time
description: The time when the segment is created.
example: '2020-01-01T00:00:00.000000Z'
modified:
type: string
format: date-time
description: The time when the segment is modified.
example: '2020-01-01T00:00:00.000000Z'
description:
type: string
description: The segment's optional description.
example: This segment represents xyz
owner:
type: object
nullable: true
description: The owner of this object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
visibilityCriteria:
allOf:
- type: object
properties:
expression:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: array
nullable: true
description: List of expressions
items:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: string
nullable: true
description: There cannot be anymore nested children. This will always be null.
example: null
example: []
- nullable: true
active:
type: boolean
description: This boolean indicates whether the segment is currently active. Inactive segments have no effect.
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/service-desk-integrations:
get:
tags:
- Service Desk Integration
summary: List existing Service Desk Integrations
description: Get a list of ServiceDeskIntegrationDto for existing Service Desk Integrations. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
operationId: getServiceDeskIntegrations
parameters:
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- name: sorters
in: query
required: false
style: form
explode: true
schema:
type: string
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name**
example: name
- name: filters
in: query
required: false
style: form
explode: true
schema:
type: string
format: comma-separated
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq*
**type**: *eq, in*
**cluster**: *eq, in*
example: name eq "John Doe"
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: List of ServiceDeskIntegrationDto
content:
application/json:
schema:
type: array
items:
allOf:
- type: object
description: Service Desk integration's specification.
required:
- name
- description
- type
- attributes
properties:
id:
type: string
description: Unique identifier for the Service Desk integration
example: 62945a496ef440189b1f03e3623411c8
name:
description: Service Desk integration's name. The name must be unique.
type: string
example: Service Desk Integration Name
created:
type: string
format: date-time
description: The date and time the Service Desk integration was created
example: '2024-01-17T18:45:25.994Z'
modified:
type: string
format: date-time
description: The date and time the Service Desk integration was last modified
example: '2024-02-18T18:45:25.994Z'
description:
description: Service Desk integration's description.
type: string
example: A very nice Service Desk integration
type:
description: |
Service Desk integration types:
- ServiceNowSDIM
- ServiceNow
type: string
default: ServiceNowSDIM
example: ServiceNowSDIM
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
clusterRef:
allOf:
- type: object
description: Source cluster.
properties:
type:
type: string
description: Source cluster DTO type.
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Source cluster ID.
example: 2c9180847a7fccdd017aa5896f9f4f6f
name:
type: string
description: Source cluster display name.
example: Training VA
cluster:
description: 'Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility).'
type: string
example: xyzzy999
deprecated: true
nullable: true
managedSources:
description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility).'
type: array
items:
type: string
deprecated: true
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
nullable: true
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
attributes:
description: Service Desk integration's attributes. Validation constraints enforced by the implementation.
type: object
additionalProperties: true
example:
property: value
key: value
beforeProvisioningRule:
allOf:
- type: object
description: Before Provisioning Rule.
properties:
type:
type: string
description: Before Provisioning Rule DTO type.
enum:
- RULE
example: RULE
id:
type: string
description: Before Provisioning Rule ID.
example: 048eb3d55c5a4758bd07dccb87741c78
name:
type: string
description: Rule display name.
example: Before Provisioning Airtable Rule
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:service-desk-admin:read'
- 'idn:service-desk-integration:read'
post:
tags:
- Service Desk Integration
summary: Create new Service Desk integration
description: Create a new Service Desk Integrations. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
operationId: createServiceDeskIntegration
requestBody:
description: The specifics of a new integration to create
content:
application/json:
schema:
allOf:
- type: object
description: Service Desk integration's specification.
required:
- name
- description
- type
- attributes
properties:
id:
type: string
description: Unique identifier for the Service Desk integration
example: 62945a496ef440189b1f03e3623411c8
name:
description: Service Desk integration's name. The name must be unique.
type: string
example: Service Desk Integration Name
created:
type: string
format: date-time
description: The date and time the Service Desk integration was created
example: '2024-01-17T18:45:25.994Z'
modified:
type: string
format: date-time
description: The date and time the Service Desk integration was last modified
example: '2024-02-18T18:45:25.994Z'
description:
description: Service Desk integration's description.
type: string
example: A very nice Service Desk integration
type:
description: |
Service Desk integration types:
- ServiceNowSDIM
- ServiceNow
type: string
default: ServiceNowSDIM
example: ServiceNowSDIM
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
clusterRef:
allOf:
- type: object
description: Source cluster.
properties:
type:
type: string
description: Source cluster DTO type.
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Source cluster ID.
example: 2c9180847a7fccdd017aa5896f9f4f6f
name:
type: string
description: Source cluster display name.
example: Training VA
cluster:
description: 'Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility).'
type: string
example: xyzzy999
deprecated: true
nullable: true
managedSources:
description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility).'
type: array
items:
type: string
deprecated: true
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
nullable: true
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
attributes:
description: Service Desk integration's attributes. Validation constraints enforced by the implementation.
type: object
additionalProperties: true
example:
property: value
key: value
beforeProvisioningRule:
allOf:
- type: object
description: Before Provisioning Rule.
properties:
type:
type: string
description: Before Provisioning Rule DTO type.
enum:
- RULE
example: RULE
id:
type: string
description: Before Provisioning Rule ID.
example: 048eb3d55c5a4758bd07dccb87741c78
name:
type: string
description: Rule display name.
example: Before Provisioning Airtable Rule
required: true
responses:
'200':
description: details of the created integration
content:
application/json:
schema:
allOf:
- type: object
description: Service Desk integration's specification.
required:
- name
- description
- type
- attributes
properties:
id:
type: string
description: Unique identifier for the Service Desk integration
example: 62945a496ef440189b1f03e3623411c8
name:
description: Service Desk integration's name. The name must be unique.
type: string
example: Service Desk Integration Name
created:
type: string
format: date-time
description: The date and time the Service Desk integration was created
example: '2024-01-17T18:45:25.994Z'
modified:
type: string
format: date-time
description: The date and time the Service Desk integration was last modified
example: '2024-02-18T18:45:25.994Z'
description:
description: Service Desk integration's description.
type: string
example: A very nice Service Desk integration
type:
description: |
Service Desk integration types:
- ServiceNowSDIM
- ServiceNow
type: string
default: ServiceNowSDIM
example: ServiceNowSDIM
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
clusterRef:
allOf:
- type: object
description: Source cluster.
properties:
type:
type: string
description: Source cluster DTO type.
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Source cluster ID.
example: 2c9180847a7fccdd017aa5896f9f4f6f
name:
type: string
description: Source cluster display name.
example: Training VA
cluster:
description: 'Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility).'
type: string
example: xyzzy999
deprecated: true
nullable: true
managedSources:
description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility).'
type: array
items:
type: string
deprecated: true
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
nullable: true
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
attributes:
description: Service Desk integration's attributes. Validation constraints enforced by the implementation.
type: object
additionalProperties: true
example:
property: value
key: value
beforeProvisioningRule:
allOf:
- type: object
description: Before Provisioning Rule.
properties:
type:
type: string
description: Before Provisioning Rule DTO type.
enum:
- RULE
example: RULE
id:
type: string
description: Before Provisioning Rule ID.
example: 048eb3d55c5a4758bd07dccb87741c78
name:
type: string
description: Rule display name.
example: Before Provisioning Airtable Rule
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:service-desk-admin:manage'
- 'idn:service-desk-integration:manage'
'/service-desk-integrations/{id}':
get:
tags:
- Service Desk Integration
summary: Get a Service Desk integration
description: Get an existing Service Desk integration by ID. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
operationId: getServiceDeskIntegration
parameters:
- name: id
in: path
description: ID of the Service Desk integration to get
required: true
style: simple
explode: false
schema:
type: string
example: anId
responses:
'200':
description: ServiceDeskIntegrationDto with the given ID
content:
application/json:
schema:
allOf:
- type: object
description: Service Desk integration's specification.
required:
- name
- description
- type
- attributes
properties:
id:
type: string
description: Unique identifier for the Service Desk integration
example: 62945a496ef440189b1f03e3623411c8
name:
description: Service Desk integration's name. The name must be unique.
type: string
example: Service Desk Integration Name
created:
type: string
format: date-time
description: The date and time the Service Desk integration was created
example: '2024-01-17T18:45:25.994Z'
modified:
type: string
format: date-time
description: The date and time the Service Desk integration was last modified
example: '2024-02-18T18:45:25.994Z'
description:
description: Service Desk integration's description.
type: string
example: A very nice Service Desk integration
type:
description: |
Service Desk integration types:
- ServiceNowSDIM
- ServiceNow
type: string
default: ServiceNowSDIM
example: ServiceNowSDIM
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
clusterRef:
allOf:
- type: object
description: Source cluster.
properties:
type:
type: string
description: Source cluster DTO type.
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Source cluster ID.
example: 2c9180847a7fccdd017aa5896f9f4f6f
name:
type: string
description: Source cluster display name.
example: Training VA
cluster:
description: 'Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility).'
type: string
example: xyzzy999
deprecated: true
nullable: true
managedSources:
description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility).'
type: array
items:
type: string
deprecated: true
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
nullable: true
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
attributes:
description: Service Desk integration's attributes. Validation constraints enforced by the implementation.
type: object
additionalProperties: true
example:
property: value
key: value
beforeProvisioningRule:
allOf:
- type: object
description: Before Provisioning Rule.
properties:
type:
type: string
description: Before Provisioning Rule DTO type.
enum:
- RULE
example: RULE
id:
type: string
description: Before Provisioning Rule ID.
example: 048eb3d55c5a4758bd07dccb87741c78
name:
type: string
description: Rule display name.
example: Before Provisioning Airtable Rule
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:service-desk-admin:read'
- 'idn:service-desk-integration:read'
put:
tags:
- Service Desk Integration
summary: Update a Service Desk integration
description: Update an existing Service Desk integration by ID with updated value in JSON form as the request body. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
operationId: putServiceDeskIntegration
parameters:
- name: id
in: path
description: ID of the Service Desk integration to update
required: true
style: simple
explode: false
schema:
type: string
example: anId
requestBody:
description: The specifics of the integration to update
content:
application/json:
schema:
allOf:
- type: object
description: Service Desk integration's specification.
required:
- name
- description
- type
- attributes
properties:
id:
type: string
description: Unique identifier for the Service Desk integration
example: 62945a496ef440189b1f03e3623411c8
name:
description: Service Desk integration's name. The name must be unique.
type: string
example: Service Desk Integration Name
created:
type: string
format: date-time
description: The date and time the Service Desk integration was created
example: '2024-01-17T18:45:25.994Z'
modified:
type: string
format: date-time
description: The date and time the Service Desk integration was last modified
example: '2024-02-18T18:45:25.994Z'
description:
description: Service Desk integration's description.
type: string
example: A very nice Service Desk integration
type:
description: |
Service Desk integration types:
- ServiceNowSDIM
- ServiceNow
type: string
default: ServiceNowSDIM
example: ServiceNowSDIM
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
clusterRef:
allOf:
- type: object
description: Source cluster.
properties:
type:
type: string
description: Source cluster DTO type.
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Source cluster ID.
example: 2c9180847a7fccdd017aa5896f9f4f6f
name:
type: string
description: Source cluster display name.
example: Training VA
cluster:
description: 'Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility).'
type: string
example: xyzzy999
deprecated: true
nullable: true
managedSources:
description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility).'
type: array
items:
type: string
deprecated: true
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
nullable: true
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
attributes:
description: Service Desk integration's attributes. Validation constraints enforced by the implementation.
type: object
additionalProperties: true
example:
property: value
key: value
beforeProvisioningRule:
allOf:
- type: object
description: Before Provisioning Rule.
properties:
type:
type: string
description: Before Provisioning Rule DTO type.
enum:
- RULE
example: RULE
id:
type: string
description: Before Provisioning Rule ID.
example: 048eb3d55c5a4758bd07dccb87741c78
name:
type: string
description: Rule display name.
example: Before Provisioning Airtable Rule
required: true
responses:
'200':
description: ServiceDeskIntegrationDto as updated
content:
application/json:
schema:
allOf:
- type: object
description: Service Desk integration's specification.
required:
- name
- description
- type
- attributes
properties:
id:
type: string
description: Unique identifier for the Service Desk integration
example: 62945a496ef440189b1f03e3623411c8
name:
description: Service Desk integration's name. The name must be unique.
type: string
example: Service Desk Integration Name
created:
type: string
format: date-time
description: The date and time the Service Desk integration was created
example: '2024-01-17T18:45:25.994Z'
modified:
type: string
format: date-time
description: The date and time the Service Desk integration was last modified
example: '2024-02-18T18:45:25.994Z'
description:
description: Service Desk integration's description.
type: string
example: A very nice Service Desk integration
type:
description: |
Service Desk integration types:
- ServiceNowSDIM
- ServiceNow
type: string
default: ServiceNowSDIM
example: ServiceNowSDIM
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
clusterRef:
allOf:
- type: object
description: Source cluster.
properties:
type:
type: string
description: Source cluster DTO type.
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Source cluster ID.
example: 2c9180847a7fccdd017aa5896f9f4f6f
name:
type: string
description: Source cluster display name.
example: Training VA
cluster:
description: 'Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility).'
type: string
example: xyzzy999
deprecated: true
nullable: true
managedSources:
description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility).'
type: array
items:
type: string
deprecated: true
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
nullable: true
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
attributes:
description: Service Desk integration's attributes. Validation constraints enforced by the implementation.
type: object
additionalProperties: true
example:
property: value
key: value
beforeProvisioningRule:
allOf:
- type: object
description: Before Provisioning Rule.
properties:
type:
type: string
description: Before Provisioning Rule DTO type.
enum:
- RULE
example: RULE
id:
type: string
description: Before Provisioning Rule ID.
example: 048eb3d55c5a4758bd07dccb87741c78
name:
type: string
description: Rule display name.
example: Before Provisioning Airtable Rule
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:service-desk-admin:manage'
- 'idn:service-desk-integration:manage'
delete:
tags:
- Service Desk Integration
summary: Delete a Service Desk integration
description: Delete an existing Service Desk integration by ID. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
operationId: deleteServiceDeskIntegration
parameters:
- name: id
in: path
description: ID of Service Desk integration to delete
required: true
style: simple
explode: false
schema:
type: string
example: anId
responses:
'204':
description: Service Desk integration with the given ID successfully deleted
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:service-desk-admin:manage'
- 'idn:service-desk-integration:manage'
patch:
operationId: patchServiceDeskIntegration
tags:
- Service Desk Integration
summary: Service Desk Integration Update PATCH
description: Update an existing ServiceDeskIntegration by ID with a PATCH request.
parameters:
- name: id
in: path
description: ID of the Service Desk integration to update
required: true
style: simple
explode: false
schema:
type: string
example: anId
requestBody:
required: true
description: |
A list of SDIM update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
Only `replace` operations are accepted by this endpoint.
A 403 Forbidden Error indicates that you attempted to PATCH a operation that is not allowed.
content:
application/json-patch+json:
schema:
type: object
description: 'A JSONPatch document as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902). Only `replace` operations are accepted by this endpoint.'
properties:
operations:
description: Operations to be applied
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example: |-
[
{
"op": "replace",
"path": "/ownerRef",
"value": {
"id": "2c9180867d05b227017d09921a205b4d",
"type": "IDENTITY",
"name": "Angelo2 tester"
}
}
]
responses:
'200':
description: ServiceDeskIntegrationDto as updated
content:
application/json:
schema:
allOf:
- type: object
description: Service Desk integration's specification.
required:
- name
- description
- type
- attributes
properties:
id:
type: string
description: Unique identifier for the Service Desk integration
example: 62945a496ef440189b1f03e3623411c8
name:
description: Service Desk integration's name. The name must be unique.
type: string
example: Service Desk Integration Name
created:
type: string
format: date-time
description: The date and time the Service Desk integration was created
example: '2024-01-17T18:45:25.994Z'
modified:
type: string
format: date-time
description: The date and time the Service Desk integration was last modified
example: '2024-02-18T18:45:25.994Z'
description:
description: Service Desk integration's description.
type: string
example: A very nice Service Desk integration
type:
description: |
Service Desk integration types:
- ServiceNowSDIM
- ServiceNow
type: string
default: ServiceNowSDIM
example: ServiceNowSDIM
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
clusterRef:
allOf:
- type: object
description: Source cluster.
properties:
type:
type: string
description: Source cluster DTO type.
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Source cluster ID.
example: 2c9180847a7fccdd017aa5896f9f4f6f
name:
type: string
description: Source cluster display name.
example: Training VA
cluster:
description: 'Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility).'
type: string
example: xyzzy999
deprecated: true
nullable: true
managedSources:
description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility).'
type: array
items:
type: string
deprecated: true
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
nullable: true
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
attributes:
description: Service Desk integration's attributes. Validation constraints enforced by the implementation.
type: object
additionalProperties: true
example:
property: value
key: value
beforeProvisioningRule:
allOf:
- type: object
description: Before Provisioning Rule.
properties:
type:
type: string
description: Before Provisioning Rule DTO type.
enum:
- RULE
example: RULE
id:
type: string
description: Before Provisioning Rule ID.
example: 048eb3d55c5a4758bd07dccb87741c78
name:
type: string
description: Rule display name.
example: Before Provisioning Airtable Rule
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:service-desk-admin:manage'
- 'idn:service-desk-integration:manage'
/service-desk-integrations/types:
get:
tags:
- Service Desk Integration
summary: Service Desk Integration Types List.
description: This API endpoint returns the current list of supported Service Desk integration types. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
operationId: getServiceDeskIntegrationTypes
responses:
'200':
description: Responds with an array of the currently supported Service Desk integration types.
content:
application/json:
schema:
type: array
items:
description: This represents a Service Desk Integration template type.
required:
- type
- scriptName
type: object
properties:
name:
description: This is the name of the type.
example: aName
type: string
type:
description: This is the type value for the type.
example: aType
type: string
scriptName:
description: This is the scriptName attribute value for the type.
example: aScriptName
type: string
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:service-desk-admin:read'
- 'idn:service-desk-integration:read'
'/service-desk-integrations/templates/{scriptName}':
get:
tags:
- Service Desk Integration
summary: Service Desk integration template by scriptName.
description: This API endpoint returns an existing Service Desk integration template by scriptName. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
operationId: getServiceDeskIntegrationTemplate
parameters:
- name: scriptName
in: path
description: The scriptName value of the Service Desk integration template to get
required: true
style: simple
explode: false
schema:
type: string
example: aScriptName
responses:
'200':
description: Responds with the ServiceDeskIntegrationTemplateDto with the specified scriptName.
content:
application/json:
schema:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
description: 'This is the model for a Service Desk integration template, used to create and edit Service Desk Integrations.'
required:
- type
- attributes
- provisioningConfig
properties:
type:
description: The 'type' property specifies the type of the Service Desk integration template.
type: string
example: Web Service SDIM
default: Web Service SDIM
attributes:
description: The 'attributes' property value is a map of attributes available for integrations using this Service Desk integration template.
type: object
additionalProperties: true
example:
property: value
key: value
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations using the template.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
nullable: true
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:service-desk-admin:read'
- 'idn:service-desk-integration:read'
/service-desk-integrations/status-check-configuration:
get:
tags:
- Service Desk Integration
summary: Get the time check configuration
description: Get the time check configuration of queued SDIM tickets. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
operationId: getStatusCheckDetails
responses:
'200':
description: QueuedCheckConfigDetails containing the configured values
content:
application/json:
schema:
description: Configuration of maximum number days and interval for checking Service Desk integration queue status
required:
- provisioningStatusCheckIntervalMinutes
- provisioningMaxStatusCheckDays
type: object
properties:
provisioningStatusCheckIntervalMinutes:
description: interval in minutes between status checks
type: string
example: '30'
provisioningMaxStatusCheckDays:
description: maximum number of days to check
type: string
example: '2'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:service-desk-admin:read'
- 'idn:service-desk-integration:read'
put:
tags:
- Service Desk Integration
summary: Update the time check configuration
description: Update the time check configuration of queued SDIM tickets. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
operationId: updateStatusCheckDetails
requestBody:
description: the modified time check configuration
content:
application/json:
schema:
description: Configuration of maximum number days and interval for checking Service Desk integration queue status
required:
- provisioningStatusCheckIntervalMinutes
- provisioningMaxStatusCheckDays
type: object
properties:
provisioningStatusCheckIntervalMinutes:
description: interval in minutes between status checks
type: string
example: '30'
provisioningMaxStatusCheckDays:
description: maximum number of days to check
type: string
example: '2'
required: true
responses:
'200':
description: QueuedCheckConfigDetails as updated
content:
application/json:
schema:
description: Configuration of maximum number days and interval for checking Service Desk integration queue status
required:
- provisioningStatusCheckIntervalMinutes
- provisioningMaxStatusCheckDays
type: object
properties:
provisioningStatusCheckIntervalMinutes:
description: interval in minutes between status checks
type: string
example: '30'
provisioningMaxStatusCheckDays:
description: maximum number of days to check
type: string
example: '2'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:service-desk-admin:manage'
- 'idn:service-desk-integration:manage'
/query-password-info:
post:
operationId: queryPasswordInfo
tags:
- Password Management
summary: Query Password Info
description: |
This API is used to query password related information.
A token with [API authority](https://developer.sailpoint.com/idn/api/authentication#client-credentials-grant-flow)
is required to call this API. "API authority" refers to a token that only has the "client_credentials"
grant type, and therefore no user context. A [personal access token](https://developer.sailpoint.com/idn/api/authentication#personal-access-tokens)
or a token generated with the [authorization_code](https://developer.sailpoint.com/idn/api/authentication#authorization-code-grant-flow)
grant type will **NOT** work on this endpoint, and a `403 Forbidden` response
will be returned.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
userName:
type: string
description: The login name of the user
example: Abby.Smith
sourceName:
type: string
description: The display name of the source
example: My-AD
responses:
'200':
description: Reference to the password info.
content:
application/json:
schema:
type: object
properties:
identityId:
type: string
description: Identity ID
example: 2c918085744fec4301746f9a5bce4605
sourceId:
type: string
description: source ID
example: 2c918083746f642c01746f990884012a
publicKeyId:
type: string
description: public key ID
example: N2M1OTJiMGEtMDJlZS00ZWU3LTkyYTEtNjA5YmI5NWE3ZWVh
publicKey:
type: string
description: User's public key with Base64 encoding
example: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGFkWi2J75TztpbaPKd36bJnIB3J8gZ6UcoS9oSDYsqBzPpTsfZXYaEf4Y4BKGgJIXmE/lwhwuj7mU1itdZ2qTSNFtnXA8Fn75c3UUkk+h+wdZbkuSmqlsJo3R1OnJkwkJggcAy9Jvk9jlcrNLWorpQ1w9raUvxtvfgkSdq153KxotenQ1HciSyZ0nA/Kw0UaucLnho8xdRowZs11afXGXA9IT9H6D8T6zUdtSxm0nAyH+mluma5LdTfaM50W3l/L8q56Vrqmx2pZIiwdx/0+g3Y++jV70zom0ZBkC1MmSoLMrQYG5OICNjr72f78B2PaGXfarQHqARLjKpMVt9YIQIDAQAB
accounts:
type: array
description: Account info related to queried identity and source
items:
type: object
properties:
accountId:
type: string
description: 'Account ID of the account. This is specified per account schema in the source configuration. It is used to distinguish accounts. More info can be found here https://community.sailpoint.com/t5/IdentityNow-Connectors/How-do-I-designate-an-account-attribute-as-the-Account-ID-for-a/ta-p/80350'
example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com'
accountName:
type: string
description: 'Display name of the account. This is specified per account schema in the source configuration. It is used to display name of the account. More info can be found here https://community.sailpoint.com/t5/IdentityNow-Connectors/How-do-I-designate-an-account-attribute-as-the-Account-Name-for/ta-p/74008'
example: Abby.Smith
policies:
type: array
description: Password constraints
items:
type: string
example:
- passwordRepeatedChar is 3
- passwordMinAlpha is 1
- passwordMinLength is 5
- passwordMinNumeric is 1
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/set-password:
post:
operationId: setPassword
tags:
- Password Management
summary: Set Identity's Password
description: |
This API is used to set a password for an identity.
An identity can change their own password (as well as any of their accounts' passwords) if they use a token generated by their ISC user, such as a [personal access token](https://developer.sailpoint.com/idn/api/authentication#personal-access-tokens) or ["authorization_code" derived OAuth token](https://developer.sailpoint.com/idn/api/authentication#authorization-code-grant-flow).
A token with [API authority](https://developer.sailpoint.com/idn/api/authentication#client-credentials-grant-flow) can be used to change **any** identity's password or the password of any of the identity's accounts.
"API authority" refers to a token that only has the "client_credentials" grant type.
>**Note: If you want to set an identity's source account password, you must enable `PASSWORD` as one of the source's features. You can use the [PATCH Source endpoint](https://developer.sailpoint.com/docs/api/v3/update-source) to add the `PASSWORD` feature.**
You can use this endpoint to generate an `encryptedPassword` (RSA encrypted using publicKey).
To do so, follow these steps:
1. Use [Query Password Info](https://developer.sailpoint.com/idn/api/v3/query-password-info) to get the following information: `identityId`, `sourceId`, `publicKeyId`, `publicKey`, `accounts`, and `policies`.
2. Choose an account from the previous response that you will provide as an `accountId` in your request to set an encrypted password.
3. Use [Set Identity's Password](https://developer.sailpoint.com/idn/api/v3/set-password) and provide the information you got from your earlier query. Then add this code to your request to get the encrypted password:
```java
import javax.crypto.Cipher;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.spec.X509EncodedKeySpec;
import java util.Base64;
String encrypt(String publicKey, String toEncrypt) throws Exception {
byte[] publicKeyBytes = Base64.getDecoder().decode(publicKey);
byte[] encryptedBytes = encryptRsa(publicKeyBytes, toEncrypt.getBytes("UTF-8"));
return Base64.getEncoder().encodeToString(encryptedBytes);
}
private byte[] encryptRsa(byte[] publicKeyBytes, byte[] toEncryptBytes) throws Exception {
PublicKey key = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(publicKeyBytes));
String transformation = "RSA/ECB/PKCS1Padding";
Cipher cipher = Cipher.getInstance(transformation);
cipher.init(1, key);
return cipher.doFinal(toEncryptBytes);
}
```
In this example, `toEncrypt` refers to the plain text password you are setting and then encrypting, and the `publicKey` refers to the publicKey you got from the first request you sent.
You can then use [Get Password Change Request Status](https://developer.sailpoint.com/idn/api/v3/get-password-change-status) to check the password change request status. To do so, you must provide the `requestId` from your earlier request to set the password.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
identityId:
type: string
description: The identity ID that requested the password change
example: 8a807d4c73c545510173c545f0a002ff
encryptedPassword:
type: string
description: The RSA encrypted password
example: XzN+YwKgr2C+InkMYFMBG3UtjMEw5ZIql/XFlXo8cJNeslmkplx6vn4kd4/43IF9STBk5RnzR6XmjpEO+FwHDoiBwYZAkAZK/Iswxk4OdybG6Y4MStJCOCiK8osKr35IMMSV/mbO4wAeltoCk7daTWzTGLiI6UaT5tf+F2EgdjJZ7YqM8W8r7aUWsm3p2Xt01Y46ZRx0QaM91QruiIx2rECFT2pUO0wr+7oQ77jypATyGWRtADsu3YcvCk/6U5MqCnXMzKBcRas7NnZdSL/d5H1GglVGz3VLPMaivG4/oL4chOMmFCRl/zVsGxZ9RhN8rxsRGFFKn+rhExTi+bax3A==
publicKeyId:
type: string
description: The encryption key ID
example: YWQ2NjQ4MTItZjY0NC00MWExLWFjMjktOGNmMzU3Y2VlNjk2
accountId:
type: string
description: 'Account ID of the account This is specified per account schema in the source configuration. It is used to distinguish accounts. More info can be found here https://community.sailpoint.com/t5/IdentityNow-Connectors/How-do-I-designate-an-account-attribute-as-the-Account-ID-for-a/ta-p/80350'
example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com'
sourceId:
type: string
description: The ID of the source for which identity is requesting the password change
example: 8a807d4c73c545510173c545d4b60246
responses:
'202':
description: Reference to the password change.
content:
application/json:
schema:
type: object
properties:
requestId:
type: string
nullable: true
description: The password change request ID
example: 089899f13a8f4da7824996191587bab9
state:
type: string
enum:
- IN_PROGRESS
- FINISHED
- FAILED
description: Password change state
example: IN_PROGRESS
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/password-change-status/{id}':
get:
operationId: getPasswordChangeStatus
tags:
- Password Management
summary: Get Password Change Request Status
description: This API returns the status of a password change request. A token with identity owner or trusted API client application authority is required to call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
example: 089899f13a8f4da7824996191587bab9
description: Password change request ID
responses:
'200':
description: Status of the password change request
content:
application/json:
schema:
type: object
properties:
requestId:
type: string
nullable: true
description: The password change request ID
example: 089899f13a8f4da7824996191587bab9
state:
type: string
enum:
- IN_PROGRESS
- FINISHED
- FAILED
description: Password change state
example: IN_PROGRESS
errors:
type: array
items:
type: string
description: The errors during the password change request
example:
- The password change payload is invalid
sourceIds:
type: array
items:
type: string
description: List of source IDs in the password change request
example:
- 2c918083746f642c01746f990884012a
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/password-dictionary:
get:
operationId: getPasswordDictionary
tags:
- Password Dictionary
summary: Get Password Dictionary
description: |-
This gets password dictionary for the organization.
A token with ORG_ADMIN authority is required to call this API.
The password dictionary file can contain lines that are:
1. comment lines - the first character is '#', can be 128 Unicode codepoints in length, and are ignored during processing
2. empty lines
3. locale line - the first line that starts with "locale=" is considered to be locale line, the rest are treated as normal content lines
4. line containing the password dictionary word - it must start with non-whitespace character and only non-whitespace characters are allowed;
maximum length of the line is 128 Unicode codepoints
Password dictionary file may not contain more than 2,500 lines (not counting whitespace lines, comment lines and locale line).
Password dict file must contain UTF-8 characters only.
# Sample password text file
```
# Password dictionary small test file
locale=en_US
# Password dictionary prohibited words
qwerty
abcd
aaaaa
password
qazxsws
```
security:
- UserContextAuth:
- 'idn:password-dictionary-management:read'
responses:
'200':
description: A password dictionary response
content:
text/plain:
schema:
type: string
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putPasswordDictionary
tags:
- Password Dictionary
summary: Update Password Dictionary
description: |-
This updates password dictionary for the organization.
A token with ORG_ADMIN authority is required to call this API.
The password dictionary file can contain lines that are:
1. comment lines - the first character is '#', can be 128 Unicode codepoints in length, and are ignored during processing
2. empty lines
3. locale line - the first line that starts with "locale=" is considered to be locale line, the rest are treated as normal content lines
4. line containing the password dictionary word - it must start with non-whitespace character and only non-whitespace characters are allowed;
maximum length of the line is 128 Unicode codepoints
Password dictionary file may not contain more than 2,500 lines (not counting whitespace lines, comment lines and locale line).
Password dict file must contain UTF-8 characters only.
# Sample password text file
```
# Password dictionary small test file
locale=en_US
# Password dictionary prohibited words
qwerty
abcd
aaaaa
password
qazxsws
```
security:
- UserContextAuth:
- 'idn:password-dictionary:manage'
requestBody:
required: true
description: The password dictionary file to be uploaded.
content:
multipart/form-data:
schema:
type: object
properties:
file:
type: string
format: binary
responses:
'200':
description: Successfully updated.
'201':
description: Created.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/password-org-config:
get:
operationId: getPasswordOrgConfig
tags:
- Password Configuration
summary: Get Password Org Config
description: 'This API returns the password org config . Requires ORG_ADMIN, API role or authorization scope of ''idn:password-org-config:read'''
security:
- UserContextAuth:
- 'idn:password-org-config:read'
responses:
'200':
description: Reference to the password org config.
content:
application/json:
schema:
type: object
properties:
customInstructionsEnabled:
type: boolean
description: Indicator whether custom password instructions feature is enabled. The default value is false.
default: false
example: true
digitTokenEnabled:
type: boolean
description: Indicator whether "digit token" feature is enabled. The default value is false.
default: false
example: true
digitTokenDurationMinutes:
type: integer
format: int32
description: The duration of "digit token" in minutes. The default value is 5.
minimum: 1
maximum: 60
default: 5
example: 10
digitTokenLength:
type: integer
format: int32
description: The length of "digit token". The default value is 6.
minimum: 6
maximum: 18
default: 6
example: 9
example:
customInstructionsEnabled: true
digitTokenDurationMinutes: 9
digitTokenEnabled: false
digitTokenLength: 6
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putPasswordOrgConfig
tags:
- Password Configuration
summary: Update Password Org Config
description: |-
This API updates the password org config for specified fields. Other fields will keep original value.
You must set the `customInstructionsEnabled` field to "true" to be able to use custom password instructions.
Requires ORG_ADMIN, API role or authorization scope of 'idn:password-org-config:write'
security:
- UserContextAuth:
- 'idn:password-org-config:write'
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
customInstructionsEnabled:
type: boolean
description: Indicator whether custom password instructions feature is enabled. The default value is false.
default: false
example: true
digitTokenEnabled:
type: boolean
description: Indicator whether "digit token" feature is enabled. The default value is false.
default: false
example: true
digitTokenDurationMinutes:
type: integer
format: int32
description: The duration of "digit token" in minutes. The default value is 5.
minimum: 1
maximum: 60
default: 5
example: 10
digitTokenLength:
type: integer
format: int32
description: The length of "digit token". The default value is 6.
minimum: 6
maximum: 18
default: 6
example: 9
example:
digitTokenEnabled: true
digitTokenDurationMinutes: 12
responses:
'200':
description: Reference to the password org config.
content:
application/json:
schema:
type: object
properties:
customInstructionsEnabled:
type: boolean
description: Indicator whether custom password instructions feature is enabled. The default value is false.
default: false
example: true
digitTokenEnabled:
type: boolean
description: Indicator whether "digit token" feature is enabled. The default value is false.
default: false
example: true
digitTokenDurationMinutes:
type: integer
format: int32
description: The duration of "digit token" in minutes. The default value is 5.
minimum: 1
maximum: 60
default: 5
example: 10
digitTokenLength:
type: integer
format: int32
description: The length of "digit token". The default value is 6.
minimum: 6
maximum: 18
default: 6
example: 9
example:
customInstructionsEnabled: true
digitTokenDurationMinutes: 12
digitTokenEnabled: true
digitTokenLength: 6
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createPasswordOrgConfig
tags:
- Password Configuration
summary: Create Password Org Config
description: |-
This API creates the password org config. Unspecified fields will use default value.
To be able to use the custom password instructions, you must set the `customInstructionsEnabled` field to "true".
Requires ORG_ADMIN, API role or authorization scope of 'idn:password-org-config:write'
security:
- UserContextAuth:
- 'idn:password-org-config:write'
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
customInstructionsEnabled:
type: boolean
description: Indicator whether custom password instructions feature is enabled. The default value is false.
default: false
example: true
digitTokenEnabled:
type: boolean
description: Indicator whether "digit token" feature is enabled. The default value is false.
default: false
example: true
digitTokenDurationMinutes:
type: integer
format: int32
description: The duration of "digit token" in minutes. The default value is 5.
minimum: 1
maximum: 60
default: 5
example: 10
digitTokenLength:
type: integer
format: int32
description: The length of "digit token". The default value is 6.
minimum: 6
maximum: 18
default: 6
example: 9
example:
customInstructionsEnabled: true
digitTokenEnabled: true
digitTokenDurationMinutes: 12
digitTokenLength: 9
responses:
'200':
description: Reference to the password org config.
content:
application/json:
schema:
type: object
properties:
customInstructionsEnabled:
type: boolean
description: Indicator whether custom password instructions feature is enabled. The default value is false.
default: false
example: true
digitTokenEnabled:
type: boolean
description: Indicator whether "digit token" feature is enabled. The default value is false.
default: false
example: true
digitTokenDurationMinutes:
type: integer
format: int32
description: The duration of "digit token" in minutes. The default value is 5.
minimum: 1
maximum: 60
default: 5
example: 10
digitTokenLength:
type: integer
format: int32
description: The length of "digit token". The default value is 6.
minimum: 6
maximum: 18
default: 6
example: 9
example:
customInstructionsEnabled: true
digitTokenDurationMinutes: 9
digitTokenEnabled: true
digitTokenLength: 12
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/reports/{taskResultId}/result':
get:
tags:
- Reports Data Extraction
description: Get the report results for a report that was run or is running. Returns empty report result in case there are no active task definitions with used in payload task definition name.
operationId: getReportResult
summary: Get Report Result
security:
- UserContextAuth:
- 'sp:report-result:read'
parameters:
- in: path
name: taskResultId
schema:
type: string
required: true
description: Unique identifier of the task result which handled report
example: ef38f94347e94562b5bb8424a56397d8
- in: query
name: completed
schema:
type: boolean
default: false
required: false
description: state of task result to apply ordering when results are fetching from the DB
example: true
responses:
'200':
description: Details about report that was run or is running.
content:
application/json:
schema:
type: object
description: Details about report result or current state.
properties:
reportType:
type: string
enum:
- ACCOUNTS
- IDENTITIES_DETAILS
- IDENTITIES
- IDENTITY_PROFILE_IDENTITY_ERROR
- ORPHAN_IDENTITIES
- SEARCH_EXPORT
- UNCORRELATED_ACCOUNTS
description: Use this property to define what report should be processed in the RDE service.
example: IDENTITIES_DETAILS
taskDefName:
type: string
description: Name of the task definition which is started to process requesting report. Usually the same as report name
example: Identities Details Report
id:
type: string
description: Unique task definition identifier.
example: a248c16fe22222b2bd49615481311111
created:
type: string
description: Report processing start date
format: date-time
example: '2020-09-07T42:14:00.364Z'
status:
type: string
enum:
- SUCCESS
- FAILURE
- WARNING
- TERMINATED
description: Report current state or result status.
example: SUCCESS
duration:
type: integer
format: int64
description: Report processing time in ms.
example: 342
rows:
type: integer
format: int64
description: Report size in rows.
example: 37
availableFormats:
type: array
items:
type: string
enum:
- CSV
- PDF
description: 'Output report file formats. This are formats for calling get endpoint as a query parameter ''fileFormat''. In case report won''t have this argument there will be [''CSV'', ''PDF''] as default.'
example:
- CSV
examples:
identityDetailsReport:
summary: Identities Details Report result.
value:
reportType: IDENTITIES_DETAILS
taskDefName: Identities Details Report
id: 1e01d272b8084c4fa12fcf8fa898102d
created: '2023-09-07T42:14:05.122Z'
status: SUCCESS
duration: 3681
rows: 193
availableFormats:
- CSV
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/reports/run:
post:
tags:
- Reports Data Extraction
description: 'Runs a report according to input report details. If non-concurrent task is already running then it returns, otherwise new task creates and returns.'
operationId: startReport
summary: Run Report
security:
- UserContextAuth:
- 'sp:report:create'
requestBody:
content:
application/json:
schema:
type: object
description: Details about report to be processed.
properties:
reportType:
type: string
enum:
- ACCOUNTS
- IDENTITIES_DETAILS
- IDENTITIES
- IDENTITY_PROFILE_IDENTITY_ERROR
- ORPHAN_IDENTITIES
- SEARCH_EXPORT
- UNCORRELATED_ACCOUNTS
description: Use this property to define what report should be processed in the RDE service.
example: IDENTITIES_DETAILS
arguments:
oneOf:
- title: ACCOUNTS
type: object
description: Arguments for Account Export (ACCOUNTS)
required:
- application
- sourceName
- defaultS3Bucket
properties:
application:
type: string
description: Id of the authoritative source to export related accounts e.g. identities
example: 2c9180897eSourceIde781782f705b9
sourceName:
type: string
description: Name of the authoritative source for accounts export
example: DataScienceSourceName
defaultS3Bucket:
type: boolean
description: Use it to set default s3 bucket where generated report will be saved. In case this argument is false and 's3Bucket' argument is null or absent there will be default s3Bucket assigned to the report.
example: true
s3Bucket:
type: string
description: If you want to be specific you could use this argument with defaultS3Bucket = false.
example: the-dev-bucket
- title: IDENTITIES_DETAILS
type: object
description: Arguments for Identities details report (IDENTITIES_DETAILS)
required:
- defaultS3Bucket
- correlatedOnly
properties:
correlatedOnly:
type: boolean
description: Boolean FLAG to specify if only correlated identities should be used in report processing
default: false
example: true
defaultS3Bucket:
type: boolean
description: Use it to set default s3 bucket where generated report will be saved. In case this argument is false and 's3Bucket' argument is null or absent there will be default s3Bucket assigned to the report.
example: true
s3Bucket:
type: string
description: If you want to be specific you could use this argument with defaultS3Bucket = false.
example: the-dev-bucket
- title: IDENTITIES
type: object
description: Arguments for Identities report (IDENTITIES)
required:
- defaultS3Bucket
properties:
correlatedOnly:
type: boolean
description: Boolean FLAG to specify if only correlated identities should be used in report processing
default: false
example: true
defaultS3Bucket:
type: boolean
description: Use it to set default s3 bucket where generated report will be saved. In case this argument is false and 's3Bucket' argument is null or absent there will be default s3Bucket assigned to the report.
example: true
s3Bucket:
type: string
description: If you want to be specific you could use this argument with defaultS3Bucket = false.
example: the-dev-bucket
- title: IDENTITY_PROFILE_IDENTITY_ERROR
type: object
description: Arguments for Identity Profile Identity Error report (IDENTITY_PROFILE_IDENTITY_ERROR)
required:
- authoritativeSource
- defaultS3Bucket
properties:
authoritativeSource:
type: string
description: Source Id to be checked on errors of identity profiles aggregation
example: 1234sourceId5678902
defaultS3Bucket:
type: boolean
description: Use it to set default s3 bucket where generated report will be saved. In case this argument is false and 's3Bucket' argument is null or absent there will be default s3Bucket assigned to the report.
example: true
s3Bucket:
type: string
description: If you want to be specific you could use this argument with defaultS3Bucket = false.
example: the-dev-bucket
- title: ORPHAN_IDENTITIES & UNCORRELATED_ACCOUNTS
type: object
description: Arguments for Orphan Identities report (ORPHAN_IDENTITIES) and Uncorrelated Accounts report (UNCORRELATED_ACCOUNTS)
required:
- defaultS3Bucket
properties:
selectedFormats:
type: array
items:
type: string
enum:
- CSV
- PDF
description: 'Output report file formats. This are formats for calling get endpoint as a query parameter ''fileFormat''. In case report won''t have this argument there will be [''CSV'', ''PDF''] as default.'
example:
- CSV
defaultS3Bucket:
type: boolean
description: Use it to set default s3 bucket where generated report will be saved. In case this argument is false and 's3Bucket' argument is null or absent there will be default s3Bucket assigned to the report.
example: true
s3Bucket:
type: string
description: If you want to be specific you could use this argument with defaultS3Bucket = false.
example: the-dev-bucket
- title: SEARCH_EXPORT
type: object
description: Arguments for Search Export report (SEARCH_EXPORT)
required:
- query
- defaultS3Bucket
properties:
indices:
description: 'The names of the Elasticsearch indices in which to search. If none are provided, then all indices will be searched.'
externalDocs:
description: Learn more about search indices here.
url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html'
type: array
items:
description: |-
Enum representing the currently supported indices.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofiles
- accountactivities
- entitlements
- events
- identities
- roles
- '*'
example: identities
example:
- entitlements
filters:
description: The filters to be applied for each filtered field name.
type: object
additionalProperties:
type: object
properties:
type:
description: |-
Enum representing the currently supported filter types.
Additional values may be added in the future without notice.
type: string
enum:
- EXISTS
- RANGE
- TERMS
example: RANGE
range:
type: object
description: The range of values to be filtered.
properties:
lower:
description: The lower bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
upper:
description: The upper bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
terms:
description: The terms to be filtered.
type: array
items:
type: string
example: account_count
exclude:
description: Indicates if the filter excludes results.
type: boolean
default: false
example: false
example:
source.id:
type: TERMS
terms:
- 2c9180897termsId780bd2920576
source.name.exact:
type: TERMS
terms:
- IdentityNow
exclude: true
query:
type: object
description: Query parameters used to construct an Elasticsearch query object.
properties:
query:
description: 'The query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.'
type: string
example: 'name:a*'
fields:
description: |-
The fields the query will be applied to. Fields provide you with a simple way to add additional fields to search, without making the query too complicated. For example, you can use the fields to specify that you want your query of "a*" to be applied to "name", "firstName", and the "source.name". The response will include all results matching the "a*" query found in those three fields.
A field's availability depends on the indices being searched. For example, if you are searching "identities", you can apply your search to the "firstName" field, but you couldn't use "firstName" with a search on "access profiles". Refer to the response schema for the respective lists of available fields.
type: array
items:
type: string
example:
- name
timeZone:
description: The time zone to be applied to any range query related to dates.
type: string
example: America/Chicago
innerHit:
description: The innerHit query object returns a flattened list of results for the specified nested type.
type: object
required:
- query
- type
properties:
query:
description: 'The search query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.'
type: string
example: 'source.name:\"Active Directory\"'
type:
description: 'The nested type to use in the inner hits query. The nested type [Nested Type](https://www.elastic.co/guide/en/elasticsearch/reference/current/nested.html) refers to a document "nested" within another document. For example, an identity can have nested documents for access, accounts, and apps.'
type: string
example: access
includeNested:
description: Indicates whether nested objects from returned search results should be included.
type: boolean
default: true
example: true
sort:
description: The fields to be used to sort the search results. Use + or - to specify the sort direction.
type: array
items:
type: string
example:
- displayName
- +id
defaultS3Bucket:
type: boolean
description: Use it to set default s3 bucket where generated report will be saved. In case this argument is false and 's3Bucket' argument is null or absent there will be default s3Bucket assigned to the report.
example: true
s3Bucket:
type: string
description: If you want to be specific you could use this argument with defaultS3Bucket = false.
example: the-dev-bucket
example:
application: 2c9180897e7742b2017e781782f705b9
sourceName: DataScienceWorkday
defaultS3Bucket: true
description: The string-object map(dictionary) with the arguments needed for report processing.
examples:
Identities Details Report:
summary: Identities Details report
value:
reportType: IDENTITIES_DETAILS
arguments:
defaultS3Bucket: true
correlatedOnly: true
required: true
responses:
'200':
description: Details about running report task.
content:
application/json:
schema:
type: object
description: 'Details about job or task type, state and lifecycle.'
properties:
type:
type: string
enum:
- QUARTZ
- QPOC
- MENTOS
- QUEUED_TASK
description: 'Type of the job or task underlying in the report processing. It could be a quartz task, QPOC or MENTOS jobs or a refresh/sync task.'
example: MENTOS
id:
type: string
description: Unique task definition identifier.
example: a248c16fe22222b2bd49615481311111
reportType:
enum:
- ACCOUNTS
- IDENTITIES_DETAILS
- IDENTITIES
- IDENTITY_PROFILE_IDENTITY_ERROR
- ORPHAN_IDENTITIES
- SEARCH_EXPORT
- UNCORRELATED_ACCOUNTS
description: Use this property to define what report should be processed in the RDE service.
example: IDENTITIES_DETAILS
description:
type: string
description: Description of the report purpose and/or contents.
example: A detailed view of the identities in the system.
parentName:
type: string
nullable: true
description: Name of the parent task/report if exists.
example: Audit Report
launcher:
type: string
description: Name of the report processing initiator.
example: cloudadmin
created:
type: string
description: Report creation date
format: date-time
example: '2020-09-07T42:14:00.364Z'
launched:
type: string
nullable: true
format: date-time
description: Report start date
example: '2020-09-07T42:14:00.521Z'
completed:
type: string
nullable: true
format: date-time
description: Report completion date
example: '2020-09-07T42:14:01.137Z'
completionStatus:
type: string
nullable: true
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMP_ERROR
description: Report completion status.
example: Success
messages:
type: array
description: List of the messages dedicated to the report. From task definition perspective here usually should be warnings or errors.
example: []
items:
type: object
properties:
type:
type: string
description: Type of the message.
enum:
- INFO
- WARN
- ERROR
example: WARN
error:
type: boolean
default: false
description: Flag whether message is an error.
example: false
warning:
type: boolean
default: false
description: Flag whether message is a warning.
example: true
key:
type: string
description: Message string identifier.
example: 'The following account(s) failed to correlate: A,B,C'
localizedText:
type: string
description: Message context with the locale based language.
example: 'The following account(s) failed to correlate: A,B,C'
returns:
type: array
description: 'Task definition results, if necessary.'
example: []
items:
type: object
properties:
displayLabel:
type: string
description: Attribute description.
example: ' '
attributeName:
type: string
description: System or database attribute name.
example: ' '
attributes:
type: object
description: Extra attributes map(dictionary) needed for the report.
additionalProperties:
type: object
example:
org: an-org
progress:
type: string
nullable: true
description: Current report state.
example: Initializing...
examples:
identityDetailsReport:
summary: Identities Details Report task result.
value:
reportType: IDENTITIES_DETAILS
taskDefName: Identities Details Report
type: QUARTZ
id: a248c16fe22222b2bd49615481311111
created: '2023-09-07T42:14:00.364Z'
description: A detailed view of the identities in the system.
parentName: Audit Report
launcher: '9832285'
launched: '2023-09-07T42:14:00.521Z'
completed: '2023-09-07T42:14:01.137Z'
messages: []
returns: []
attributes:
org: an-org
progress: Initializing...
searchExportReport:
summary: Identities Details Report task result.
value:
reportType: SEARCH_EXPORT
taskDefName: Search Export
type: QUARTZ
id: a248c16fe22222b2bd49615481311111
created: '2023-09-07T42:14:11.137Z'
description: Extract query data from ElasticSearch to CSV
parentName: null
launcher: T05293
launched: '2020-09-07T42:14:11.137Z'
completed: '2020-09-07T42:14:13.451Z'
messages: []
returns: []
attributes:
queryHash: 5e12cf79c67d92e23d4d8cb3e974f87d164e86d4a48d32ecf89645cacfd3f2
org: an-org
queryParams:
columns: 'displayName,firstName,lastName,email,created,attributes.cloudLifecycleState,tags,access.spread,apps.pread,accounts.spread'
indices: identities
ownerId: 95ecba5c5444439c999aec638ce2a777
query: 700007
sort: displayName
progress: Initializing...
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/reports/{id}/cancel':
post:
tags:
- Reports Data Extraction
description: Cancels a running report.
operationId: cancelReport
summary: Cancel Report
security:
- UserContextAuth:
- 'sp:report:delete'
parameters:
- name: id
in: path
description: ID of the running Report to cancel
required: true
style: simple
explode: false
schema:
type: string
example: a1ed223247144cc29d23c632624b4767
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/reports/{taskResultId}':
get:
tags:
- Reports Data Extraction
description: Gets a report in file format.
operationId: getReport
summary: Get Report File
security:
- UserContextAuth:
- 'sp:report:read'
parameters:
- in: path
name: taskResultId
schema:
type: string
required: true
description: Unique identifier of the task result which handled report
example: ef38f94347e94562b5bb8424a56397d8
- in: query
name: fileFormat
schema:
type: string
enum:
- csv
- pdf
required: true
description: Output format of the requested report file
example: csv
- in: query
name: name
required: false
schema:
type: string
example: Identities Details Report
description: 'preferred Report file name, by default will be used report name from task result.'
- in: query
name: auditable
required: false
schema:
type: boolean
default: false
example: true
description: Enables auditing for current report download. Will create an audit event and sent it to the REPORT cloud-audit kafka topic. Event will be created if there is any result present by requested taskResultId.
responses:
'200':
description: Report file in selected format. CSV by default.
content:
application/csv:
schema:
type: string
format: binary
application/pdf:
schema:
type: string
format: binary
headers:
Content-disposition:
description: The requested report's filename
schema:
type: string
example: attachment;filename=\"fileName"
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text:
File Not Found - 404 Error
The requested file was not found.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/sod-policies:
post:
security:
- UserContextAuth:
- 'idn:sod-policy:write'
operationId: createSodPolicy
tags:
- SOD Policies
summary: Create SOD policy
description: |-
This creates both General and Conflicting Access Based policy, with a limit of 50 entitlements for each (left & right) criteria for Conflicting Access Based SOD policy.
Requires role of ORG_ADMIN.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Policy id
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
name:
type: string
description: Policy Business Name
example: policy-xyz
created:
type: string
format: date-time
description: The time when this SOD policy is created.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
modified:
type: string
format: date-time
description: The time when this SOD policy is modified.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
description:
type: string
description: Optional description of the SOD policy
example: This policy ensures compliance of xyz
nullable: true
ownerRef:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
externalPolicyReference:
type: string
description: Optional External Policy Reference
example: XYZ policy
nullable: true
policyQuery:
type: string
description: Search query of the SOD policy
example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)'
compensatingControls:
type: string
description: Optional compensating controls(Mitigating Controls)
example: Have a manager review the transaction decisions for their "out of compliance" employee
nullable: true
correctionAdvice:
type: string
description: Optional correction advice
example: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
nullable: true
state:
type: string
description: whether the policy is enforced or not
enum:
- ENFORCED
- NOT_ENFORCED
example: ENFORCED
tags:
type: array
description: tags for this policy object
example:
- TAG1
- TAG2
items:
type: string
creatorId:
type: string
description: Policy's creator ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
modifierId:
type: string
description: Policy's modifier ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
nullable: true
readOnly: true
violationOwnerAssignmentConfig:
nullable: true
type: object
properties:
assignmentRule:
type: string
enum:
- MANAGER
- STATIC
- null
description: |-
Details about the violations owner.
MANAGER - identity's manager
STATIC - Governance Group or Identity
example: MANAGER
nullable: true
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
- nullable: true
scheduled:
type: boolean
description: defines whether a policy has been scheduled or not
example: true
default: false
type:
type: string
description: whether a policy is query based or conflicting access based
default: GENERAL
enum:
- GENERAL
- CONFLICTING_ACCESS_BASED
example: GENERAL
conflictingAccessCriteria:
allOf:
- type: object
properties:
leftCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
minItems: 1
maxItems: 50
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: Type of the propery to which this reference applies to
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
rightCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
minItems: 1
maxItems: 50
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: Type of the propery to which this reference applies to
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
- nullable: true
examples:
Conflicting Access Based Policy:
value:
name: Conflicting-Policy-Name
description: This policy ensures compliance of xyz
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Owner Name
externalPolicyReference: XYZ policy
compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee
correctionAdvice: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
state: ENFORCED
tags:
- string
creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
violationOwnerAssignmentConfig:
assignmentRule: MANAGER
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Violation Owner Name
scheduled: true
type: CONFLICTING_ACCESS_BASED
conflictingAccessCriteria:
leftCriteria:
name: money-in
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
rightCriteria:
name: money-out
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a68
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a69
General Policy:
value:
description: Description
ownerRef:
type: IDENTITY
id: 2c918087682f9a86016839c05e8f1aff
name: Owner Name
externalPolicyReference: New policy
policyQuery: policy query implementation
compensatingControls: Compensating controls
correctionAdvice: Correction advice
tags: []
state: ENFORCED
scheduled: false
creatorId: 2c918087682f9a86016839c05e8f1aff
modifierId: null
violationOwnerAssignmentConfig: null
name: General-Policy-Name
responses:
'201':
description: SOD policy created
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Policy id
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
name:
type: string
description: Policy Business Name
example: policy-xyz
created:
type: string
format: date-time
description: The time when this SOD policy is created.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
modified:
type: string
format: date-time
description: The time when this SOD policy is modified.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
description:
type: string
description: Optional description of the SOD policy
example: This policy ensures compliance of xyz
nullable: true
ownerRef:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
externalPolicyReference:
type: string
description: Optional External Policy Reference
example: XYZ policy
nullable: true
policyQuery:
type: string
description: Search query of the SOD policy
example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)'
compensatingControls:
type: string
description: Optional compensating controls(Mitigating Controls)
example: Have a manager review the transaction decisions for their "out of compliance" employee
nullable: true
correctionAdvice:
type: string
description: Optional correction advice
example: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
nullable: true
state:
type: string
description: whether the policy is enforced or not
enum:
- ENFORCED
- NOT_ENFORCED
example: ENFORCED
tags:
type: array
description: tags for this policy object
example:
- TAG1
- TAG2
items:
type: string
creatorId:
type: string
description: Policy's creator ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
modifierId:
type: string
description: Policy's modifier ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
nullable: true
readOnly: true
violationOwnerAssignmentConfig:
nullable: true
type: object
properties:
assignmentRule:
type: string
enum:
- MANAGER
- STATIC
- null
description: |-
Details about the violations owner.
MANAGER - identity's manager
STATIC - Governance Group or Identity
example: MANAGER
nullable: true
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
- nullable: true
scheduled:
type: boolean
description: defines whether a policy has been scheduled or not
example: true
default: false
type:
type: string
description: whether a policy is query based or conflicting access based
default: GENERAL
enum:
- GENERAL
- CONFLICTING_ACCESS_BASED
example: GENERAL
conflictingAccessCriteria:
allOf:
- type: object
properties:
leftCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
minItems: 1
maxItems: 50
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: Type of the propery to which this reference applies to
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
rightCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
minItems: 1
maxItems: 50
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: Type of the propery to which this reference applies to
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
- nullable: true
examples:
Conflicting Access Based Policy:
value:
id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name: Conflicting-Policy-Name
created: '2020-01-01T00:00:00.000000Z'
modified: '2020-01-01T00:00:00.000000Z'
description: This policy ensures compliance of xyz
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Owner Name
externalPolicyReference: XYZ policy
policyQuery: '@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)'
compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee
correctionAdvice: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
state: ENFORCED
tags:
- string
creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
violationOwnerAssignmentConfig:
assignmentRule: MANAGER
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Violation Owner Name
scheduled: true
type: CONFLICTING_ACCESS_BASED
conflictingAccessCriteria:
leftCriteria:
name: money-in
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
rightCriteria:
name: money-out
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a68
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a69
General Policy:
value:
description: Description
ownerRef:
type: IDENTITY
id: 2c918087682f9a86016839c05e8f1aff
name: Owner Name
externalPolicyReference: New policy
policyQuery: policy query implementation
compensatingControls: Compensating controls
correctionAdvice: Correction advice
tags: []
state: ENFORCED
scheduled: false
creatorId: 2c918087682f9a86016839c05e8f1aff
modifierId: null
violationOwnerAssignmentConfig: null
type: GENERAL
conflictingAccessCriteria: null
id: 52c11db4-733e-4c31-949a-766c95ec95f1
name: General-Policy-Name
created: '2020-05-12T19:47:38Z'
modified: '2020-05-12T19:47:38Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
security:
- UserContextAuth:
- 'idn:sod-policy:read'
operationId: listSodPolicies
tags:
- SOD Policies
summary: List SOD policies
description: |-
This gets list of all SOD policies.
Requires role of ORG_ADMIN
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq*
**name**: *eq*
**state**: *eq*
example: id eq "bc693f07e7b645539626c25954c58554"
required: false
responses:
'200':
description: List of all SOD policies.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: Policy id
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
name:
type: string
description: Policy Business Name
example: policy-xyz
created:
type: string
format: date-time
description: The time when this SOD policy is created.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
modified:
type: string
format: date-time
description: The time when this SOD policy is modified.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
description:
type: string
description: Optional description of the SOD policy
example: This policy ensures compliance of xyz
nullable: true
ownerRef:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
externalPolicyReference:
type: string
description: Optional External Policy Reference
example: XYZ policy
nullable: true
policyQuery:
type: string
description: Search query of the SOD policy
example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)'
compensatingControls:
type: string
description: Optional compensating controls(Mitigating Controls)
example: Have a manager review the transaction decisions for their "out of compliance" employee
nullable: true
correctionAdvice:
type: string
description: Optional correction advice
example: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
nullable: true
state:
type: string
description: whether the policy is enforced or not
enum:
- ENFORCED
- NOT_ENFORCED
example: ENFORCED
tags:
type: array
description: tags for this policy object
example:
- TAG1
- TAG2
items:
type: string
creatorId:
type: string
description: Policy's creator ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
modifierId:
type: string
description: Policy's modifier ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
nullable: true
readOnly: true
violationOwnerAssignmentConfig:
nullable: true
type: object
properties:
assignmentRule:
type: string
enum:
- MANAGER
- STATIC
- null
description: |-
Details about the violations owner.
MANAGER - identity's manager
STATIC - Governance Group or Identity
example: MANAGER
nullable: true
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
- nullable: true
scheduled:
type: boolean
description: defines whether a policy has been scheduled or not
example: true
default: false
type:
type: string
description: whether a policy is query based or conflicting access based
default: GENERAL
enum:
- GENERAL
- CONFLICTING_ACCESS_BASED
example: GENERAL
conflictingAccessCriteria:
allOf:
- type: object
properties:
leftCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
minItems: 1
maxItems: 50
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: Type of the propery to which this reference applies to
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
rightCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
minItems: 1
maxItems: 50
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: Type of the propery to which this reference applies to
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
- nullable: true
example:
- id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name: Conflicting-Policy-Name
created: '2020-01-01T00:00:00.000000Z'
modified: '2020-01-01T00:00:00.000000Z'
description: This policy ensures compliance of xyz
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Owner Name
externalPolicyReference: XYZ policy
policyQuery: '@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)'
compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee
correctionAdvice: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
state: ENFORCED
tags:
- string
creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
violationOwnerAssignmentConfig:
assignmentRule: MANAGER
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Violation Owner Name
scheduled: true
type: CONFLICTING_ACCESS_BASED
conflictingAccessCriteria:
leftCriteria:
name: money-in
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
rightCriteria:
name: money-out
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a68
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a69
- description: Description
ownerRef:
type: IDENTITY
id: 2c918087682f9a86016839c05e8f1aff
name: Owner Name
externalPolicyReference: New policy
policyQuery: policy query implementation
compensatingControls: Compensating controls
correctionAdvice: Correction advice
tags: []
state: ENFORCED
scheduled: false
creatorId: 2c918087682f9a86016839c05e8f1aff
modifierId: null
violationOwnerAssignmentConfig: null
type: GENERAL
conflictingAccessCriteria: null
id: 52c11db4-733e-4c31-949a-766c95ec95f1
name: General-Policy-Name
created: '2020-05-12T19:47:38Z'
modified: '2020-05-12T19:47:38Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sod-policies/{id}':
get:
security:
- UserContextAuth:
- 'idn:sod-policy:read'
operationId: getSodPolicy
tags:
- SOD Policies
summary: Get SOD policy by ID
description: |-
This gets specified SOD policy.
Requires role of ORG_ADMIN.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the SOD Policy to retrieve.
example: ef38f943-47e9-4562-b5bb-8424a56397d8
responses:
'200':
description: SOD policy ID.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Policy id
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
name:
type: string
description: Policy Business Name
example: policy-xyz
created:
type: string
format: date-time
description: The time when this SOD policy is created.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
modified:
type: string
format: date-time
description: The time when this SOD policy is modified.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
description:
type: string
description: Optional description of the SOD policy
example: This policy ensures compliance of xyz
nullable: true
ownerRef:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
externalPolicyReference:
type: string
description: Optional External Policy Reference
example: XYZ policy
nullable: true
policyQuery:
type: string
description: Search query of the SOD policy
example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)'
compensatingControls:
type: string
description: Optional compensating controls(Mitigating Controls)
example: Have a manager review the transaction decisions for their "out of compliance" employee
nullable: true
correctionAdvice:
type: string
description: Optional correction advice
example: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
nullable: true
state:
type: string
description: whether the policy is enforced or not
enum:
- ENFORCED
- NOT_ENFORCED
example: ENFORCED
tags:
type: array
description: tags for this policy object
example:
- TAG1
- TAG2
items:
type: string
creatorId:
type: string
description: Policy's creator ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
modifierId:
type: string
description: Policy's modifier ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
nullable: true
readOnly: true
violationOwnerAssignmentConfig:
nullable: true
type: object
properties:
assignmentRule:
type: string
enum:
- MANAGER
- STATIC
- null
description: |-
Details about the violations owner.
MANAGER - identity's manager
STATIC - Governance Group or Identity
example: MANAGER
nullable: true
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
- nullable: true
scheduled:
type: boolean
description: defines whether a policy has been scheduled or not
example: true
default: false
type:
type: string
description: whether a policy is query based or conflicting access based
default: GENERAL
enum:
- GENERAL
- CONFLICTING_ACCESS_BASED
example: GENERAL
conflictingAccessCriteria:
allOf:
- type: object
properties:
leftCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
minItems: 1
maxItems: 50
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: Type of the propery to which this reference applies to
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
rightCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
minItems: 1
maxItems: 50
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: Type of the propery to which this reference applies to
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
- nullable: true
examples:
Conflicting Access Based Policy:
value:
id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name: Conflicting-Policy-Name
created: '2020-01-01T00:00:00.000000Z'
modified: '2020-01-01T00:00:00.000000Z'
description: This policy ensures compliance of xyz
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Owner Name
externalPolicyReference: XYZ policy
policyQuery: '@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)'
compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee
correctionAdvice: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
state: ENFORCED
tags:
- string
creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
violationOwnerAssignmentConfig:
assignmentRule: MANAGER
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Violation Owner Name
scheduled: true
type: CONFLICTING_ACCESS_BASED
conflictingAccessCriteria:
leftCriteria:
name: money-in
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
rightCriteria:
name: money-out
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a68
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a69
General Policy:
value:
description: Description
ownerRef:
type: IDENTITY
id: 2c918087682f9a86016839c05e8f1aff
name: Owner Name
externalPolicyReference: New policy
policyQuery: policy query implementation
compensatingControls: Compensating controls
correctionAdvice: Correction advice
tags: []
state: ENFORCED
scheduled: false
creatorId: 2c918087682f9a86016839c05e8f1aff
modifierId: null
violationOwnerAssignmentConfig: null
type: GENERAL
conflictingAccessCriteria: null
id: 52c11db4-733e-4c31-949a-766c95ec95f1
name: General-Policy-Name
created: '2020-05-12T19:47:38Z'
modified: '2020-05-12T19:47:38Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
security:
- UserContextAuth:
- 'idn:sod-policy:write'
operationId: putSodPolicy
tags:
- SOD Policies
summary: Update SOD policy by ID
description: |-
This updates a specified SOD policy.
Requires role of ORG_ADMIN.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the SOD policy to update.
example: ef38f943-47e9-4562-b5bb-8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Policy id
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
name:
type: string
description: Policy Business Name
example: policy-xyz
created:
type: string
format: date-time
description: The time when this SOD policy is created.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
modified:
type: string
format: date-time
description: The time when this SOD policy is modified.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
description:
type: string
description: Optional description of the SOD policy
example: This policy ensures compliance of xyz
nullable: true
ownerRef:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
externalPolicyReference:
type: string
description: Optional External Policy Reference
example: XYZ policy
nullable: true
policyQuery:
type: string
description: Search query of the SOD policy
example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)'
compensatingControls:
type: string
description: Optional compensating controls(Mitigating Controls)
example: Have a manager review the transaction decisions for their "out of compliance" employee
nullable: true
correctionAdvice:
type: string
description: Optional correction advice
example: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
nullable: true
state:
type: string
description: whether the policy is enforced or not
enum:
- ENFORCED
- NOT_ENFORCED
example: ENFORCED
tags:
type: array
description: tags for this policy object
example:
- TAG1
- TAG2
items:
type: string
creatorId:
type: string
description: Policy's creator ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
modifierId:
type: string
description: Policy's modifier ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
nullable: true
readOnly: true
violationOwnerAssignmentConfig:
nullable: true
type: object
properties:
assignmentRule:
type: string
enum:
- MANAGER
- STATIC
- null
description: |-
Details about the violations owner.
MANAGER - identity's manager
STATIC - Governance Group or Identity
example: MANAGER
nullable: true
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
- nullable: true
scheduled:
type: boolean
description: defines whether a policy has been scheduled or not
example: true
default: false
type:
type: string
description: whether a policy is query based or conflicting access based
default: GENERAL
enum:
- GENERAL
- CONFLICTING_ACCESS_BASED
example: GENERAL
conflictingAccessCriteria:
allOf:
- type: object
properties:
leftCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
minItems: 1
maxItems: 50
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: Type of the propery to which this reference applies to
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
rightCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
minItems: 1
maxItems: 50
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: Type of the propery to which this reference applies to
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
- nullable: true
examples:
Conflicting Access Based Policy:
value:
name: Conflicting-Policy-Name
description: Modified Description
externalPolicyReference: XYZ policy
compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee
correctionAdvice: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
state: ENFORCED
tags:
- string
violationOwnerAssignmentConfig:
assignmentRule: MANAGER
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Violation Owner Name
scheduled: true
type: CONFLICTING_ACCESS_BASED
conflictingAccessCriteria:
leftCriteria:
name: money-in
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
rightCriteria:
name: money-out
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a68
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a69
General Policy:
value:
description: Modified Description
ownerRef:
type: IDENTITY
id: 2c918087682f9a86016839c05e8f1aff
name: Owner Name
externalPolicyReference: New policy
policyQuery: policy query implementation
compensatingControls: Compensating controls
correctionAdvice: Correction advice
tags: []
state: ENFORCED
scheduled: false
creatorId: 2c918087682f9a86016839c05e8f1aff
modifierId: null
violationOwnerAssignmentConfig: null
type: GENERAL
conflictingAccessCriteria: null
id: 52c11db4-733e-4c31-949a-766c95ec95f1
name: General-Policy-Name
created: '2020-05-12T19:47:38Z'
modified: '2020-05-12T19:47:38Z'
responses:
'200':
description: SOD Policy by ID
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Policy id
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
name:
type: string
description: Policy Business Name
example: policy-xyz
created:
type: string
format: date-time
description: The time when this SOD policy is created.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
modified:
type: string
format: date-time
description: The time when this SOD policy is modified.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
description:
type: string
description: Optional description of the SOD policy
example: This policy ensures compliance of xyz
nullable: true
ownerRef:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
externalPolicyReference:
type: string
description: Optional External Policy Reference
example: XYZ policy
nullable: true
policyQuery:
type: string
description: Search query of the SOD policy
example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)'
compensatingControls:
type: string
description: Optional compensating controls(Mitigating Controls)
example: Have a manager review the transaction decisions for their "out of compliance" employee
nullable: true
correctionAdvice:
type: string
description: Optional correction advice
example: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
nullable: true
state:
type: string
description: whether the policy is enforced or not
enum:
- ENFORCED
- NOT_ENFORCED
example: ENFORCED
tags:
type: array
description: tags for this policy object
example:
- TAG1
- TAG2
items:
type: string
creatorId:
type: string
description: Policy's creator ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
modifierId:
type: string
description: Policy's modifier ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
nullable: true
readOnly: true
violationOwnerAssignmentConfig:
nullable: true
type: object
properties:
assignmentRule:
type: string
enum:
- MANAGER
- STATIC
- null
description: |-
Details about the violations owner.
MANAGER - identity's manager
STATIC - Governance Group or Identity
example: MANAGER
nullable: true
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
- nullable: true
scheduled:
type: boolean
description: defines whether a policy has been scheduled or not
example: true
default: false
type:
type: string
description: whether a policy is query based or conflicting access based
default: GENERAL
enum:
- GENERAL
- CONFLICTING_ACCESS_BASED
example: GENERAL
conflictingAccessCriteria:
allOf:
- type: object
properties:
leftCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
minItems: 1
maxItems: 50
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: Type of the propery to which this reference applies to
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
rightCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
minItems: 1
maxItems: 50
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: Type of the propery to which this reference applies to
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
- nullable: true
examples:
Conflicting Access Based Policy:
value:
id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name: Conflicting-Policy-Name
created: '2020-01-01T00:00:00.000000Z'
modified: '2020-01-01T00:00:00.000000Z'
description: Modified description
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Owner Name
externalPolicyReference: XYZ policy
policyQuery: '@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)'
compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee
correctionAdvice: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
state: ENFORCED
tags:
- string
creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
violationOwnerAssignmentConfig:
assignmentRule: MANAGER
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Violation Owner Name
scheduled: true
type: CONFLICTING_ACCESS_BASED
conflictingAccessCriteria:
leftCriteria:
name: money-in
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
rightCriteria:
name: money-out
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a68
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a69
General Policy:
value:
description: Modified Description
ownerRef:
type: IDENTITY
id: 2c918087682f9a86016839c05e8f1aff
name: Owner Name
externalPolicyReference: New policy
policyQuery: policy query implementation
compensatingControls: Compensating controls
correctionAdvice: Correction advice
tags: []
state: ENFORCED
scheduled: false
creatorId: 2c918087682f9a86016839c05e8f1aff
modifierId: null
violationOwnerAssignmentConfig: null
type: GENERAL
conflictingAccessCriteria: null
id: 52c11db4-733e-4c31-949a-766c95ec95f1
name: General-Policy-Name
created: '2020-05-12T19:47:38Z'
modified: '2020-05-12T19:47:38Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
security:
- UserContextAuth:
- 'idn:sod-policy:write'
operationId: deleteSodPolicy
tags:
- SOD Policies
summary: Delete SOD policy by ID
description: |-
This deletes a specified SOD policy.
Requires role of ORG_ADMIN.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the SOD Policy to delete.
example: ef38f943-47e9-4562-b5bb-8424a56397d8
- in: query
name: logical
schema:
type: boolean
default: true
description: Indicates whether this is a soft delete (logical true) or a hard delete. Soft delete marks the policy as deleted and just save it with this status. It could be fully deleted or recovered further. Hard delete vise versa permanently delete SOD request during this call.
example: true
required: false
responses:
'204':
description: No content.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
security:
- UserContextAuth:
- 'idn:sod-policy:write'
operationId: patchSodPolicy
tags:
- SOD Policies
summary: Patch SOD policy by ID
description: |-
Allows updating SOD Policy fields other than ["id","created","creatorId","policyQuery","type"] using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
Requires role of ORG_ADMIN.
This endpoint can only patch CONFLICTING_ACCESS_BASED type policies. Do not use this endpoint to patch general policies - doing so will build an API exception.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the SOD policy being modified.
example: 2c918083-5d19-1a86-015d-28455b4a2329
requestBody:
required: true
description: |
A list of SOD Policy update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
The following fields are patchable:
* name
* description
* ownerRef
* externalPolicyReference
* compensatingControls
* correctionAdvice
* state
* tags
* violationOwnerAssignmentConfig
* scheduled
* conflictingAccessCriteria
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
examples:
Conflicting Access Based Policy:
value:
- op: replace
path: /description
value: Modified description
- op: replace
path: /conflictingAccessCriteria/leftCriteria/name
value: money-in-modified
- op: replace
path: /conflictingAccessCriteria/rightCriteria
value:
name: money-out-modified
criteriaList:
- type: ENTITLEMENT
id: 2c918087682f9a86016839c0509c1ab2
General Policy:
value:
- op: replace
path: /description
value: Modified description
responses:
'200':
description: 'Indicates the PATCH operation succeeded, and returns the SOD policy''s new representation.'
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Policy id
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
name:
type: string
description: Policy Business Name
example: policy-xyz
created:
type: string
format: date-time
description: The time when this SOD policy is created.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
modified:
type: string
format: date-time
description: The time when this SOD policy is modified.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
description:
type: string
description: Optional description of the SOD policy
example: This policy ensures compliance of xyz
nullable: true
ownerRef:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
externalPolicyReference:
type: string
description: Optional External Policy Reference
example: XYZ policy
nullable: true
policyQuery:
type: string
description: Search query of the SOD policy
example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)'
compensatingControls:
type: string
description: Optional compensating controls(Mitigating Controls)
example: Have a manager review the transaction decisions for their "out of compliance" employee
nullable: true
correctionAdvice:
type: string
description: Optional correction advice
example: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
nullable: true
state:
type: string
description: whether the policy is enforced or not
enum:
- ENFORCED
- NOT_ENFORCED
example: ENFORCED
tags:
type: array
description: tags for this policy object
example:
- TAG1
- TAG2
items:
type: string
creatorId:
type: string
description: Policy's creator ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
modifierId:
type: string
description: Policy's modifier ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
nullable: true
readOnly: true
violationOwnerAssignmentConfig:
nullable: true
type: object
properties:
assignmentRule:
type: string
enum:
- MANAGER
- STATIC
- null
description: |-
Details about the violations owner.
MANAGER - identity's manager
STATIC - Governance Group or Identity
example: MANAGER
nullable: true
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
- nullable: true
scheduled:
type: boolean
description: defines whether a policy has been scheduled or not
example: true
default: false
type:
type: string
description: whether a policy is query based or conflicting access based
default: GENERAL
enum:
- GENERAL
- CONFLICTING_ACCESS_BASED
example: GENERAL
conflictingAccessCriteria:
allOf:
- type: object
properties:
leftCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
minItems: 1
maxItems: 50
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: Type of the propery to which this reference applies to
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
rightCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
minItems: 1
maxItems: 50
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: Type of the propery to which this reference applies to
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
- nullable: true
examples:
Conflicting Access Based Policy:
value:
id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name: Conflicting-Policy-Name
created: '2020-01-01T00:00:00.000000Z'
modified: '2020-01-01T00:00:00.000000Z'
description: Modified description
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Owner Name
externalPolicyReference: XYZ policy
policyQuery: '@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c918087682f9a86016839c0509c1ab2)'
compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee
correctionAdvice: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
state: ENFORCED
tags:
- string
creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
violationOwnerAssignmentConfig:
assignmentRule: MANAGER
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Violation Owner Name
scheduled: true
type: CONFLICTING_ACCESS_BASED
conflictingAccessCriteria:
leftCriteria:
name: money-in-modified
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
rightCriteria:
name: money-out-modified
criteriaList:
- type: ENTITLEMENT
id: 2c918087682f9a86016839c0509c1ab2
General Policy:
value:
description: Modified description
ownerRef:
type: IDENTITY
id: 2c918087682f9a86016839c05e8f1aff
name: Owner Name
externalPolicyReference: New policy
policyQuery: policy query implementation
compensatingControls: Compensating controls
correctionAdvice: Correction advice
tags: []
state: ENFORCED
scheduled: false
creatorId: 2c918087682f9a86016839c05e8f1aff
modifierId: null
violationOwnerAssignmentConfig: null
type: GENERAL
conflictingAccessCriteria: null
id: 52c11db4-733e-4c31-949a-766c95ec95f1
name: General-Policy-Name
created: '2020-05-12T19:47:38Z'
modified: '2020-05-12T19:47:38Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sod-policies/{id}/evaluate':
post:
security:
- UserContextAuth:
- 'idn:sod-violation:write'
operationId: startEvaluateSodPolicy
tags:
- SOD Policies
summary: Evaluate one policy by ID
description: Runs the scheduled report for the policy retrieved by passed policy ID. The report schedule is fetched from the policy retrieved by ID.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The SOD policy ID to run.
example: ef38f943-47e9-4562-b5bb-8424a56397d8
responses:
'200':
description: Reference to the violation report run task.
content:
application/json:
schema:
allOf:
- type: object
description: SOD policy violation report result.
properties:
type:
type: string
description: SOD policy violation report result DTO type.
enum:
- REPORT_RESULT
example: REPORT_RESULT
id:
type: string
description: SOD policy violation report result ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of the SOD policy violation report result.
example: SOD Policy 1 Violation
- type: object
properties:
status:
type: string
description: Status of a SOD policy violation report.
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMP_ERROR
- PENDING
example: PENDING
example:
status: PENDING
type: REPORT_RESULT
id: 37b3b32a-f394-46f8-acad-b5223969fa68
name: Multi Query Report
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sod-policies/{id}/schedule':
get:
security:
- UserContextAuth:
- 'idn:sod-policy:read'
operationId: getSodPolicySchedule
tags:
- SOD Policies
summary: Get SOD policy schedule
description: This endpoint gets a specified SOD policy's schedule.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the SOD policy schedule to retrieve.
example: ef38f943-47e9-4562-b5bb-8424a56397d8
responses:
'200':
description: SOD policy schedule.
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: SOD Policy schedule name
example: SCH-1584312283015
created:
type: string
format: date-time
description: The time when this SOD policy schedule is created.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
modified:
type: string
format: date-time
description: The time when this SOD policy schedule is modified.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
description:
type: string
description: SOD Policy schedule description
example: Schedule for policy xyz
schedule:
type: object
description: The schedule information.
properties:
type:
description: |
Enum representing the currently supported schedule types.
Additional values may be added in the future without notice.
type: string
enum:
- DAILY
- WEEKLY
- MONTHLY
- CALENDAR
- ANNUALLY
example: WEEKLY
months:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The months to execute the search. This only applies to schedules with a type of `ANNUALLY`.
example:
type: LIST
values:
- '3'
- '6'
- '9'
- '12'
nullable: true
days:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The days to execute the search.
If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.
If `type` is `MONTHLY` or `ANNUALLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month.
example:
type: LIST
values:
- MON
- WED
- FRI
nullable: true
hours:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: The hours selected.
example:
type: RANGE
values:
- '9'
- '18'
interval: 3
expiration:
description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000'''
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
timeZoneId:
description: 'The canonical TZ identifier the schedule will run in (ex. America/New_York). If no timezone is specified, the org''s default timezone is used.'
nullable: true
type: string
example: America/Chicago
required:
- type
- hours
recipients:
type: array
items:
type: object
description: SOD policy recipient.
properties:
type:
type: string
description: SOD policy recipient DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: SOD policy recipient's identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: SOD policy recipient's display name.
example: Michael Michaels
emailEmptyResults:
type: boolean
description: Indicates if empty results need to be emailed
example: false
default: false
creatorId:
type: string
description: Policy's creator ID
example: 0f11f2a47c944bf3a2bd742580fe3bde
readOnly: true
modifierId:
type: string
description: Policy's modifier ID
example: 0f11f2a47c944bf3a2bd742580fe3bde
readOnly: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
security:
- UserContextAuth:
- 'idn:sod-policy:write'
operationId: putPolicySchedule
tags:
- SOD Policies
summary: Update SOD Policy schedule
description: This updates schedule for a specified SOD policy.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the SOD policy to update its schedule.
example: ef38f943-47e9-4562-b5bb-8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: SOD Policy schedule name
example: SCH-1584312283015
created:
type: string
format: date-time
description: The time when this SOD policy schedule is created.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
modified:
type: string
format: date-time
description: The time when this SOD policy schedule is modified.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
description:
type: string
description: SOD Policy schedule description
example: Schedule for policy xyz
schedule:
type: object
description: The schedule information.
properties:
type:
description: |
Enum representing the currently supported schedule types.
Additional values may be added in the future without notice.
type: string
enum:
- DAILY
- WEEKLY
- MONTHLY
- CALENDAR
- ANNUALLY
example: WEEKLY
months:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The months to execute the search. This only applies to schedules with a type of `ANNUALLY`.
example:
type: LIST
values:
- '3'
- '6'
- '9'
- '12'
nullable: true
days:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The days to execute the search.
If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.
If `type` is `MONTHLY` or `ANNUALLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month.
example:
type: LIST
values:
- MON
- WED
- FRI
nullable: true
hours:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: The hours selected.
example:
type: RANGE
values:
- '9'
- '18'
interval: 3
expiration:
description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000'''
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
timeZoneId:
description: 'The canonical TZ identifier the schedule will run in (ex. America/New_York). If no timezone is specified, the org''s default timezone is used.'
nullable: true
type: string
example: America/Chicago
required:
- type
- hours
recipients:
type: array
items:
type: object
description: SOD policy recipient.
properties:
type:
type: string
description: SOD policy recipient DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: SOD policy recipient's identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: SOD policy recipient's display name.
example: Michael Michaels
emailEmptyResults:
type: boolean
description: Indicates if empty results need to be emailed
example: false
default: false
creatorId:
type: string
description: Policy's creator ID
example: 0f11f2a47c944bf3a2bd742580fe3bde
readOnly: true
modifierId:
type: string
description: Policy's modifier ID
example: 0f11f2a47c944bf3a2bd742580fe3bde
readOnly: true
responses:
'200':
description: Created or updated SOD policy schedule.
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: SOD Policy schedule name
example: SCH-1584312283015
created:
type: string
format: date-time
description: The time when this SOD policy schedule is created.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
modified:
type: string
format: date-time
description: The time when this SOD policy schedule is modified.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
description:
type: string
description: SOD Policy schedule description
example: Schedule for policy xyz
schedule:
type: object
description: The schedule information.
properties:
type:
description: |
Enum representing the currently supported schedule types.
Additional values may be added in the future without notice.
type: string
enum:
- DAILY
- WEEKLY
- MONTHLY
- CALENDAR
- ANNUALLY
example: WEEKLY
months:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The months to execute the search. This only applies to schedules with a type of `ANNUALLY`.
example:
type: LIST
values:
- '3'
- '6'
- '9'
- '12'
nullable: true
days:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The days to execute the search.
If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.
If `type` is `MONTHLY` or `ANNUALLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month.
example:
type: LIST
values:
- MON
- WED
- FRI
nullable: true
hours:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: The hours selected.
example:
type: RANGE
values:
- '9'
- '18'
interval: 3
expiration:
description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000'''
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
timeZoneId:
description: 'The canonical TZ identifier the schedule will run in (ex. America/New_York). If no timezone is specified, the org''s default timezone is used.'
nullable: true
type: string
example: America/Chicago
required:
- type
- hours
recipients:
type: array
items:
type: object
description: SOD policy recipient.
properties:
type:
type: string
description: SOD policy recipient DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: SOD policy recipient's identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: SOD policy recipient's display name.
example: Michael Michaels
emailEmptyResults:
type: boolean
description: Indicates if empty results need to be emailed
example: false
default: false
creatorId:
type: string
description: Policy's creator ID
example: 0f11f2a47c944bf3a2bd742580fe3bde
readOnly: true
modifierId:
type: string
description: Policy's modifier ID
example: 0f11f2a47c944bf3a2bd742580fe3bde
readOnly: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
security:
- UserContextAuth:
- 'idn:sod-policy:write'
operationId: deleteSodPolicySchedule
tags:
- SOD Policies
summary: Delete SOD policy schedule
description: This deletes schedule for a specified SOD policy by ID.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the SOD policy the schedule must be deleted for.
example: ef38f943-47e9-4562-b5bb-8424a56397d8
responses:
'204':
description: No content response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sod-policies/{id}/violation-report/run':
post:
security:
- UserContextAuth:
- 'idn:sod-violation:write'
operationId: startSodPolicy
tags:
- SOD Policies
summary: Runs SOD policy violation report
description: 'This invokes processing of violation report for given SOD policy. If the policy reports more than 5000 violations, the report returns with violation limit exceeded message.'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The SOD policy ID to run.
example: ef38f943-47e9-4562-b5bb-8424a56397d8
responses:
'200':
description: Reference to the violation report run task.
content:
application/json:
schema:
allOf:
- type: object
description: SOD policy violation report result.
properties:
type:
type: string
description: SOD policy violation report result DTO type.
enum:
- REPORT_RESULT
example: REPORT_RESULT
id:
type: string
description: SOD policy violation report result ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of the SOD policy violation report result.
example: SOD Policy 1 Violation
- type: object
properties:
status:
type: string
description: Status of a SOD policy violation report.
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMP_ERROR
- PENDING
example: PENDING
example:
status: PENDING
type: REPORT_RESULT
id: 2e8d8180-24bc-4d21-91c6-7affdb473b0d
name: policy-xyz
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sod-policies/{id}/violation-report':
get:
security:
- UserContextAuth:
- 'idn:sod-violation:read'
operationId: getSodViolationReportStatus
tags:
- SOD Policies
summary: Get SOD violation report status
description: This gets the status for a violation report run task that has already been invoked.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the violation report to retrieve status for.
example: ef38f943-47e9-4562-b5bb-8424a56397d8
responses:
'200':
description: Status of the violation report run task.
content:
application/json:
schema:
allOf:
- type: object
description: SOD policy violation report result.
properties:
type:
type: string
description: SOD policy violation report result DTO type.
enum:
- REPORT_RESULT
example: REPORT_RESULT
id:
type: string
description: SOD policy violation report result ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of the SOD policy violation report result.
example: SOD Policy 1 Violation
- type: object
properties:
status:
type: string
description: Status of a SOD policy violation report.
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMP_ERROR
- PENDING
example: PENDING
example:
status: SUCCESS
type: REPORT_RESULT
id: 2e8d8180-24bc-4d21-91c6-7affdb473b0d
name: policy-xyz
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sod-policies/sod-violation-report-status/{reportResultId}':
get:
security:
- UserContextAuth:
- 'idn:sod-violation:read'
operationId: getSodViolationReportRunStatus
tags:
- SOD Policies
summary: Get violation report run status
description: This gets the status for a violation report run task that has already been invoked.
parameters:
- in: path
name: reportResultId
schema:
type: string
required: true
description: The ID of the report reference to retrieve.
example: 2e8d8180-24bc-4d21-91c6-7affdb473b0d
responses:
'200':
description: Status of the violation report run task.
content:
application/json:
schema:
allOf:
- type: object
description: SOD policy violation report result.
properties:
type:
type: string
description: SOD policy violation report result DTO type.
enum:
- REPORT_RESULT
example: REPORT_RESULT
id:
type: string
description: SOD policy violation report result ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of the SOD policy violation report result.
example: SOD Policy 1 Violation
- type: object
properties:
status:
type: string
description: Status of a SOD policy violation report.
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMP_ERROR
- PENDING
example: PENDING
example:
status: SUCCESS
type: REPORT_RESULT
id: 2e8d8180-24bc-4d21-91c6-7affdb473b0d
name: policy-xyz
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/sod-violations/predict:
post:
security:
- UserContextAuth:
- 'idn:sod-violation:read'
operationId: startPredictSodViolations
tags:
- SOD Violations
summary: Predict SOD violations for identity.
description: |-
This API is used to check if granting some additional accesses would cause the subject to be in violation of any SOD policies. Returns the violations that would be caused.
A token with ORG_ADMIN or API authority is required to call this API.
requestBody:
required: true
content:
application/json:
schema:
description: An identity with a set of access to be added
required:
- identityId
- accessRefs
type: object
properties:
identityId:
description: Identity id to be checked.
type: string
example: 2c91808568c529c60168cca6f90c1313
accessRefs:
description: The list of entitlements to consider for possible violations in a preventive check.
type: array
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
example:
- type: ENTITLEMENT
id: 2c918087682f9a86016839c050861ab1
name: 'CN=Information Access,OU=test,OU=test-service,DC=TestAD,DC=local'
- type: ENTITLEMENT
id: 2c918087682f9a86016839c0509c1ab2
name: 'CN=Information Technology,OU=test,OU=test-service,DC=TestAD,DC=local'
example:
identityId: 2c91808568c529c60168cca6f90c1313
accessRefs:
- type: ENTITLEMENT
id: 2c918087682f9a86016839c050861ab1
name: 'CN=Information Access,OU=test,OU=test-service,DC=TestAD,DC=local'
- type: ENTITLEMENT
id: 2c918087682f9a86016839c0509c1ab2
name: 'CN=Information Technology,OU=test,OU=test-service,DC=TestAD,DC=local'
responses:
'200':
description: Violation Contexts
content:
application/json:
schema:
description: An object containing a listing of the SOD violation reasons detected by this check.
required:
- requestId
type: object
properties:
violationContexts:
type: array
description: List of Violation Contexts
items:
type: object
properties:
policy:
allOf:
- type: object
description: SOD policy.
properties:
type:
type: string
description: SOD policy DTO type.
enum:
- SOD_POLICY
example: SOD_POLICY
id:
type: string
description: SOD policy ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: SOD policy display name.
example: Business SOD Policy
- type: object
properties:
type:
type: string
example: SOD_POLICY
name:
type: string
example: A very cool policy name
description: The types of objects supported for SOD violations
properties:
type:
enum:
- ENTITLEMENT
example: ENTITLEMENT
description: The type of object that is referenced
conflictingAccessCriteria:
nullable: false
description: The object which contains the left and right hand side of the entitlements that got violated according to the policy.
type: object
properties:
leftCriteria:
type: object
properties:
criteriaList:
type: array
description: List of exception criteria. There is a min of 1 and max of 50 items in the list.
items:
allOf:
- type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: 'CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local'
existing:
type: boolean
description: Whether the subject identity already had that access or not
default: false
example: true
description: Access reference with addition of boolean existing flag to indicate whether the access was extant
description: The types of objects supported for SOD violations
properties:
type:
enum:
- ENTITLEMENT
example: ENTITLEMENT
description: The type of object that is referenced
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
existing: true
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
existing: false
rightCriteria:
type: object
properties:
criteriaList:
type: array
description: List of exception criteria. There is a min of 1 and max of 50 items in the list.
items:
allOf:
- type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: 'CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local'
existing:
type: boolean
description: Whether the subject identity already had that access or not
default: false
example: true
description: Access reference with addition of boolean existing flag to indicate whether the access was extant
description: The types of objects supported for SOD violations
properties:
type:
enum:
- ENTITLEMENT
example: ENTITLEMENT
description: The type of object that is referenced
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
existing: true
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
existing: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/sod-violations/check:
post:
security:
- UserContextAuth:
- 'idn:sod-violation:read'
operationId: startViolationCheck
tags:
- SOD Violations
summary: Check SOD violations
description: |-
This API initiates a SOD policy verification asynchronously.
A token with ORG_ADMIN authority is required to call this API.
requestBody:
required: true
content:
application/json:
schema:
description: An identity with a set of access to be added
required:
- identityId
- accessRefs
type: object
properties:
identityId:
description: Set of identity IDs to be checked.
type: string
example: 2c91809050db617d0150e0bf3215385e
accessRefs:
description: The bundle of access profiles to be added to the identities specified. All references must be ENTITLEMENT type.
type: array
items:
allOf:
- type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
clientMetadata:
type: object
additionalProperties:
type: string
description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check.
example:
clientName: client1
clientId: 2c91808f7892918f0178b78da4a305a1
example:
identityId: 2c91808568c529c60168cca6f90c1313
accessRefs:
- type: ENTITLEMENT
id: 2c918087682f9a86016839c050861ab1
name: 'CN=Information Access,OU=test,OU=test-service,DC=TestAD,DC=local'
- type: ENTITLEMENT
id: 2c918087682f9a86016839c0509c1ab2
name: 'CN=Information Technology,OU=test,OU=test-service,DC=TestAD,DC=local'
clientMetadata:
additionalProp1: string
additionalProp2: string
additionalProp3: string
responses:
'202':
description: Request ID with a timestamp.
content:
application/json:
schema:
description: An object referencing an SOD violation check
required:
- requestId
type: object
properties:
requestId:
description: The id of the original request
example: 089899f13a8f4da7824996191587bab9
type: string
created:
type: string
format: date-time
readOnly: true
description: The date-time when this request was created.
example: '2020-01-01T00:00:00.000000Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/sod-violation-report/run:
post:
security:
- UserContextAuth:
- 'idn:sod-violation:write'
operationId: startSodAllPoliciesForOrg
tags:
- SOD Policy
summary: Runs all policies for org
description: 'Runs multi-policy report for the org. If a policy reports more than 5000 violations, the report mentions that the violation limit was exceeded for that policy. If the request is empty, the report runs for all policies. Otherwise, the report runs for only the filtered policy list provided.'
requestBody:
required: false
content:
application/json:
schema:
type: object
properties:
filteredPolicyList:
type: array
description: Multi-policy report will be run for this list of ids
items:
type: string
example:
- b868cd40-ffa4-4337-9c07-1a51846cfa94
- 63a07a7b-39a4-48aa-956d-50c827deba2a
example:
filteredPolicyList:
- b868cd40-ffa4-4337-9c07-1a51846cfa94
- 63a07a7b-39a4-48aa-956d-50c827deba2a
responses:
'200':
description: Reference to the violation report run task.
content:
application/json:
schema:
allOf:
- type: object
description: SOD policy violation report result.
properties:
type:
type: string
description: SOD policy violation report result DTO type.
enum:
- REPORT_RESULT
example: REPORT_RESULT
id:
type: string
description: SOD policy violation report result ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of the SOD policy violation report result.
example: SOD Policy 1 Violation
- type: object
properties:
status:
type: string
description: Status of a SOD policy violation report.
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMP_ERROR
- PENDING
example: PENDING
example:
status: PENDING
type: REPORT_RESULT
id: 37b3b32a-f394-46f8-acad-b5223969fa68
name: Multi Query Report
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/sod-violation-report:
get:
security:
- UserContextAuth:
- 'idn:sod-violation:read'
operationId: getSodAllReportRunStatus
tags:
- SOD Policy
summary: Get multi-report run task status
description: This endpoint gets the status for a violation report for all policy run.
responses:
'200':
description: Status of the violation report run task for all policy run.
content:
application/json:
schema:
allOf:
- type: object
description: SOD policy violation report result.
properties:
type:
type: string
description: SOD policy violation report result DTO type.
enum:
- REPORT_RESULT
example: REPORT_RESULT
id:
type: string
description: SOD policy violation report result ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of the SOD policy violation report result.
example: SOD Policy 1 Violation
- type: object
properties:
status:
type: string
description: Status of a SOD policy violation report.
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMP_ERROR
- PENDING
example: PENDING
example:
status: SUCCESS
type: REPORT_RESULT
id: 37b3b32a-f394-46f8-acad-b5223969fa68
name: Multi Query Report
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sod-violation-report/{reportResultId}/download':
get:
security:
- UserContextAuth:
- 'idn:sod-violation:read'
operationId: getDefaultViolationReport
tags:
- SOD Policy
summary: Download violation report
description: This allows to download a violation report for a given report reference.
parameters:
- in: path
name: reportResultId
schema:
type: string
required: true
description: The ID of the report reference to download.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: Returns the PolicyReport.zip that contains the violation report file.
content:
application/zip:
schema:
type: string
format: binary
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sod-violation-report/{reportResultId}/download/{fileName}':
get:
security:
- UserContextAuth:
- 'idn:sod-violation:read'
operationId: getCustomViolationReport
tags:
- SOD Policy
summary: Download custom violation report
description: This allows to download a specified named violation report for a given report reference.
parameters:
- in: path
name: reportResultId
schema:
type: string
required: true
description: The ID of the report reference to download.
example: ef38f94347e94562b5bb8424a56397d8
- in: path
name: fileName
schema:
type: string
required: true
description: Custom Name for the file.
example: custom-name
responses:
'200':
description: Returns the zip file with given custom name that contains the violation report file.
content:
application/zip:
schema:
type: string
format: binary
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/sources:
get:
operationId: listSources
security:
- UserContextAuth:
- 'idn:sources:read'
tags:
- Sources
summary: Lists all sources in IdentityNow.
description: |-
This end-point lists all the sources in IdentityNow.
A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or ROLE_SUBADMIN authority is required to call this API.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
example: name eq "Employees"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in, ge, gt, le, lt, ne, isnull, sw*
**name**: *co, eq, in, sw, ge, gt, ne, isnull*
**type**: *eq, in, ge, gt, ne, isnull, sw*
**owner.id**: *eq, in, ge, gt, le, lt, ne, isnull, sw*
**features**: *ca, co*
**created**: *eq, ge, gt, in, le, lt, ne, isnull, sw*
**modified**: *eq, ge, gt, in, le, lt, ne, isnull, sw*
**managementWorkgroup.id**: *eq, ge, gt, in, le, lt, ne, isnull, sw*
**description**: *eq, sw*
**authoritative**: *eq, ne, isnull*
**healthy**: *isnull*
**status**: *eq, in, ge, gt, le, lt, ne, isnull, sw*
**connectionType**: *eq, ge, gt, in, le, lt, ne, isnull, sw*
**connectorName**: *eq, ge, gt, in, ne, isnull, sw*
**category**: *co, eq, ge, gt, in, le, lt, ne, sw*
- in: query
name: sorters
schema:
type: string
format: comma-separated
example: name
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **type, created, modified, name, owner.name, healthy, status, id, description, owner.id, accountCorrelationConfig.id, accountCorrelationConfig.name, managerCorrelationRule.type, managerCorrelationRule.id, managerCorrelationRule.name, authoritative, managementWorkgroup.id, connectorName, connectionType**
- in: query
name: for-subadmin
schema:
type: string
example: name
description: |-
Filter the returned list of sources for the identity specified by the parameter, which is the id of an identity with the role SOURCE_SUBADMIN. By convention, the value **me** indicates the identity id of the current user.
Subadmins may only view Sources which they are able to administer; all other Sources will be filtered out when this parameter is set. If the current user is a SOURCE_SUBADMIN but fails to pass a valid value for this parameter, a 403 Forbidden is returned.
responses:
'200':
description: List of Source objects
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
readOnly: true
description: the id of the Source
example: 2c91808568c529c60168cca6f90c1324
name:
type: string
description: Human-readable name of the source
example: My Source
description:
type: string
description: Human-readable description of the source
example: This is the corporate directory.
owner:
description: Reference to an owning Identity Object
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of the identity
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the identity
example: MyName
cluster:
description: Reference to the associated Cluster
type: object
nullable: true
required:
- name
- id
- type
properties:
type:
description: The type of object being referenced
type: string
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: ID of the cluster
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Human-readable display name of the cluster
example: Corporate Cluster
accountCorrelationConfig:
description: Reference to an Account Correlation Config object
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
example: ACCOUNT_CORRELATION_CONFIG
id:
type: string
description: ID of the account correlation config
example: 2c9180855d191c59015d28583727245a
name:
type: string
description: Human-readable display name of the account correlation config
example: 'Directory [source-62867] Account Correlation'
accountCorrelationRule:
description: 'Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can''t be used.'
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- RULE
example: RULE
id:
type: string
description: ID of the rule
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Human-readable display name of the rule
example: Example Rule
managerCorrelationMapping:
allOf:
- type: object
properties:
accountAttributeName:
type: string
description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
example: manager
identityAttributeName:
type: string
description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
example: manager
- nullable: true
description: |
Filter Object used during manager correlation to match incoming manager values to an existing manager's
Account/Identity
managerCorrelationRule:
description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.'
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- RULE
example: RULE
id:
type: string
description: ID of the rule
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Human-readable display name of the rule
example: Example Rule
beforeProvisioningRule:
description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- RULE
example: RULE
id:
type: string
description: ID of the rule
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Human-readable display name of the rule
example: Example Rule
schemas:
type: array
items:
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: ID of the schema
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Human-readable display name of the schema
example: MySchema
description: List of references to Schema objects
example:
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232a
name: account
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232b
name: group
passwordPolicies:
type: array
nullable: true
items:
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- PASSWORD_POLICY
example: PASSWORD_POLICY
id:
type: string
description: ID of the policy
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Human-readable display name of the policy
example: My Password Policy
description: List of references to the associated PasswordPolicy objects.
example:
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb053980
name: Corporate Password Policy
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb057777
name: Vendor Password Policy
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
type:
type: string
description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. '
example: OpenLDAP - Direct
connector:
type: string
description: Connector script name.
example: active-directory
connectorClass:
type: string
description: The fully qualified name of the Java class that implements the connector interface.
example: sailpoint.connector.LDAPConnector
connectorAttributes:
type: object
description: Connector specific configuration; will differ from type to type.
example:
healthCheckTimeout: 30
authSearchAttributes:
- cn
- uid
- mail
deleteThreshold:
type: integer
format: int32
description: Number from 0 to 100 that specifies when to skip the delete phase.
example: 10
authoritative:
type: boolean
description: When true indicates the source is referenced by an IdentityProfile.
default: false
example: false
managementWorkgroup:
description: Reference to Management Workgroup for this Source
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- GOVERNANCE_GROUP
example: GOVERNANCE_GROUP
id:
type: string
description: ID of the management workgroup
example: 2c91808568c529c60168cca6f90c2222
name:
type: string
description: Human-readable display name of the management workgroup
example: My Management Workgroup
healthy:
type: boolean
description: When true indicates a healthy source
default: false
example: true
status:
type: string
description: 'A status identifier, giving specific information on why a source is healthy or not'
example: SOURCE_STATE_HEALTHY
since:
type: string
description: Timestamp showing when a source health check was last performed
example: '2021-09-28T15:48:29.3801666300Z'
connectorId:
type: string
description: The id of connector
example: active-directory
connectorName:
type: string
description: The name of the connector that was chosen on source creation
example: Active Directory
connectionType:
type: string
description: The type of connection (direct or file)
example: file
connectorImplementationId:
type: string
description: The connector implementation id
example: delimited-file
created:
type: string
description: The date-time when the source was created
format: date-time
example: 2022-02-08T14:50:03.827Z
modified:
type: string
description: The date-time when the source was last modified
format: date-time
example: 2024-01-23T18:08:50.897Z
credentialProviderEnabled:
type: boolean
description: Enables credential provider for this source. If credentialProvider is turned on then source can use credential provider(s) to fetch credentials.
default: false
example: false
category:
type: string
nullable: true
default: null
description: 'The category of source (e.g. null, CredentialProvider)'
example: CredentialProvider
required:
- name
- owner
- connector
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createSource
security:
- UserContextAuth:
- 'idn:sources:manage'
tags:
- Sources
summary: Creates a source in IdentityNow.
description: |-
This creates a specific source with a full source JSON representation. Any passwords are submitted as plain-text and encrypted upon receipt in IdentityNow.
A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
parameters:
- in: query
name: provisionAsCsv
description: 'If this parameter is `true`, it configures the source as a Delimited File (CSV) source. Setting this to `true` will automatically set the `type` of the source to `DelimitedFile`. You must use this query parameter to create a Delimited File source as you would in the UI. If you don''t set this query parameter and you attempt to set the `type` attribute directly, the request won''t correctly generate the source. '
schema:
type: boolean
required: false
example: false
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
readOnly: true
description: the id of the Source
example: 2c91808568c529c60168cca6f90c1324
name:
type: string
description: Human-readable name of the source
example: My Source
description:
type: string
description: Human-readable description of the source
example: This is the corporate directory.
owner:
description: Reference to an owning Identity Object
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of the identity
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the identity
example: MyName
cluster:
description: Reference to the associated Cluster
type: object
nullable: true
required:
- name
- id
- type
properties:
type:
description: The type of object being referenced
type: string
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: ID of the cluster
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Human-readable display name of the cluster
example: Corporate Cluster
accountCorrelationConfig:
description: Reference to an Account Correlation Config object
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
example: ACCOUNT_CORRELATION_CONFIG
id:
type: string
description: ID of the account correlation config
example: 2c9180855d191c59015d28583727245a
name:
type: string
description: Human-readable display name of the account correlation config
example: 'Directory [source-62867] Account Correlation'
accountCorrelationRule:
description: 'Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can''t be used.'
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- RULE
example: RULE
id:
type: string
description: ID of the rule
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Human-readable display name of the rule
example: Example Rule
managerCorrelationMapping:
allOf:
- type: object
properties:
accountAttributeName:
type: string
description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
example: manager
identityAttributeName:
type: string
description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
example: manager
- nullable: true
description: |
Filter Object used during manager correlation to match incoming manager values to an existing manager's
Account/Identity
managerCorrelationRule:
description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.'
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- RULE
example: RULE
id:
type: string
description: ID of the rule
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Human-readable display name of the rule
example: Example Rule
beforeProvisioningRule:
description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- RULE
example: RULE
id:
type: string
description: ID of the rule
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Human-readable display name of the rule
example: Example Rule
schemas:
type: array
items:
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: ID of the schema
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Human-readable display name of the schema
example: MySchema
description: List of references to Schema objects
example:
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232a
name: account
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232b
name: group
passwordPolicies:
type: array
nullable: true
items:
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- PASSWORD_POLICY
example: PASSWORD_POLICY
id:
type: string
description: ID of the policy
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Human-readable display name of the policy
example: My Password Policy
description: List of references to the associated PasswordPolicy objects.
example:
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb053980
name: Corporate Password Policy
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb057777
name: Vendor Password Policy
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
type:
type: string
description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. '
example: OpenLDAP - Direct
connector:
type: string
description: Connector script name.
example: active-directory
connectorClass:
type: string
description: The fully qualified name of the Java class that implements the connector interface.
example: sailpoint.connector.LDAPConnector
connectorAttributes:
type: object
description: Connector specific configuration; will differ from type to type.
example:
healthCheckTimeout: 30
authSearchAttributes:
- cn
- uid
- mail
deleteThreshold:
type: integer
format: int32
description: Number from 0 to 100 that specifies when to skip the delete phase.
example: 10
authoritative:
type: boolean
description: When true indicates the source is referenced by an IdentityProfile.
default: false
example: false
managementWorkgroup:
description: Reference to Management Workgroup for this Source
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- GOVERNANCE_GROUP
example: GOVERNANCE_GROUP
id:
type: string
description: ID of the management workgroup
example: 2c91808568c529c60168cca6f90c2222
name:
type: string
description: Human-readable display name of the management workgroup
example: My Management Workgroup
healthy:
type: boolean
description: When true indicates a healthy source
default: false
example: true
status:
type: string
description: 'A status identifier, giving specific information on why a source is healthy or not'
example: SOURCE_STATE_HEALTHY
since:
type: string
description: Timestamp showing when a source health check was last performed
example: '2021-09-28T15:48:29.3801666300Z'
connectorId:
type: string
description: The id of connector
example: active-directory
connectorName:
type: string
description: The name of the connector that was chosen on source creation
example: Active Directory
connectionType:
type: string
description: The type of connection (direct or file)
example: file
connectorImplementationId:
type: string
description: The connector implementation id
example: delimited-file
created:
type: string
description: The date-time when the source was created
format: date-time
example: 2022-02-08T14:50:03.827Z
modified:
type: string
description: The date-time when the source was last modified
format: date-time
example: 2024-01-23T18:08:50.897Z
credentialProviderEnabled:
type: boolean
description: Enables credential provider for this source. If credentialProvider is turned on then source can use credential provider(s) to fetch credentials.
default: false
example: false
category:
type: string
nullable: true
default: null
description: 'The category of source (e.g. null, CredentialProvider)'
example: CredentialProvider
required:
- name
- owner
- connector
responses:
'201':
description: 'Created Source object. Any passwords will only show the the encrypted cipher-text, as they are not decrypt-able in IdentityNow cloud-based services, per IdentityNow security design.'
content:
application/json:
schema:
type: object
properties:
id:
type: string
readOnly: true
description: the id of the Source
example: 2c91808568c529c60168cca6f90c1324
name:
type: string
description: Human-readable name of the source
example: My Source
description:
type: string
description: Human-readable description of the source
example: This is the corporate directory.
owner:
description: Reference to an owning Identity Object
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of the identity
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the identity
example: MyName
cluster:
description: Reference to the associated Cluster
type: object
nullable: true
required:
- name
- id
- type
properties:
type:
description: The type of object being referenced
type: string
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: ID of the cluster
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Human-readable display name of the cluster
example: Corporate Cluster
accountCorrelationConfig:
description: Reference to an Account Correlation Config object
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
example: ACCOUNT_CORRELATION_CONFIG
id:
type: string
description: ID of the account correlation config
example: 2c9180855d191c59015d28583727245a
name:
type: string
description: Human-readable display name of the account correlation config
example: 'Directory [source-62867] Account Correlation'
accountCorrelationRule:
description: 'Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can''t be used.'
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- RULE
example: RULE
id:
type: string
description: ID of the rule
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Human-readable display name of the rule
example: Example Rule
managerCorrelationMapping:
allOf:
- type: object
properties:
accountAttributeName:
type: string
description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
example: manager
identityAttributeName:
type: string
description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
example: manager
- nullable: true
description: |
Filter Object used during manager correlation to match incoming manager values to an existing manager's
Account/Identity
managerCorrelationRule:
description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.'
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- RULE
example: RULE
id:
type: string
description: ID of the rule
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Human-readable display name of the rule
example: Example Rule
beforeProvisioningRule:
description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- RULE
example: RULE
id:
type: string
description: ID of the rule
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Human-readable display name of the rule
example: Example Rule
schemas:
type: array
items:
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: ID of the schema
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Human-readable display name of the schema
example: MySchema
description: List of references to Schema objects
example:
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232a
name: account
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232b
name: group
passwordPolicies:
type: array
nullable: true
items:
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- PASSWORD_POLICY
example: PASSWORD_POLICY
id:
type: string
description: ID of the policy
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Human-readable display name of the policy
example: My Password Policy
description: List of references to the associated PasswordPolicy objects.
example:
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb053980
name: Corporate Password Policy
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb057777
name: Vendor Password Policy
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
type:
type: string
description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. '
example: OpenLDAP - Direct
connector:
type: string
description: Connector script name.
example: active-directory
connectorClass:
type: string
description: The fully qualified name of the Java class that implements the connector interface.
example: sailpoint.connector.LDAPConnector
connectorAttributes:
type: object
description: Connector specific configuration; will differ from type to type.
example:
healthCheckTimeout: 30
authSearchAttributes:
- cn
- uid
- mail
deleteThreshold:
type: integer
format: int32
description: Number from 0 to 100 that specifies when to skip the delete phase.
example: 10
authoritative:
type: boolean
description: When true indicates the source is referenced by an IdentityProfile.
default: false
example: false
managementWorkgroup:
description: Reference to Management Workgroup for this Source
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- GOVERNANCE_GROUP
example: GOVERNANCE_GROUP
id:
type: string
description: ID of the management workgroup
example: 2c91808568c529c60168cca6f90c2222
name:
type: string
description: Human-readable display name of the management workgroup
example: My Management Workgroup
healthy:
type: boolean
description: When true indicates a healthy source
default: false
example: true
status:
type: string
description: 'A status identifier, giving specific information on why a source is healthy or not'
example: SOURCE_STATE_HEALTHY
since:
type: string
description: Timestamp showing when a source health check was last performed
example: '2021-09-28T15:48:29.3801666300Z'
connectorId:
type: string
description: The id of connector
example: active-directory
connectorName:
type: string
description: The name of the connector that was chosen on source creation
example: Active Directory
connectionType:
type: string
description: The type of connection (direct or file)
example: file
connectorImplementationId:
type: string
description: The connector implementation id
example: delimited-file
created:
type: string
description: The date-time when the source was created
format: date-time
example: 2022-02-08T14:50:03.827Z
modified:
type: string
description: The date-time when the source was last modified
format: date-time
example: 2024-01-23T18:08:50.897Z
credentialProviderEnabled:
type: boolean
description: Enables credential provider for this source. If credentialProvider is turned on then source can use credential provider(s) to fetch credentials.
default: false
example: false
category:
type: string
nullable: true
default: null
description: 'The category of source (e.g. null, CredentialProvider)'
example: CredentialProvider
required:
- name
- owner
- connector
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{id}':
get:
operationId: getSource
security:
- UserContextAuth:
- 'idn:sources:read'
tags:
- Sources
summary: Get Source by ID
description: |-
This end-point gets a specific source in IdentityNow.
A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The Source id
example: 2c9180835d191a86015d28455b4a2329
responses:
'200':
description: A Source object
content:
application/json:
schema:
type: object
properties:
id:
type: string
readOnly: true
description: the id of the Source
example: 2c91808568c529c60168cca6f90c1324
name:
type: string
description: Human-readable name of the source
example: My Source
description:
type: string
description: Human-readable description of the source
example: This is the corporate directory.
owner:
description: Reference to an owning Identity Object
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of the identity
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the identity
example: MyName
cluster:
description: Reference to the associated Cluster
type: object
nullable: true
required:
- name
- id
- type
properties:
type:
description: The type of object being referenced
type: string
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: ID of the cluster
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Human-readable display name of the cluster
example: Corporate Cluster
accountCorrelationConfig:
description: Reference to an Account Correlation Config object
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
example: ACCOUNT_CORRELATION_CONFIG
id:
type: string
description: ID of the account correlation config
example: 2c9180855d191c59015d28583727245a
name:
type: string
description: Human-readable display name of the account correlation config
example: 'Directory [source-62867] Account Correlation'
accountCorrelationRule:
description: 'Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can''t be used.'
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- RULE
example: RULE
id:
type: string
description: ID of the rule
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Human-readable display name of the rule
example: Example Rule
managerCorrelationMapping:
allOf:
- type: object
properties:
accountAttributeName:
type: string
description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
example: manager
identityAttributeName:
type: string
description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
example: manager
- nullable: true
description: |
Filter Object used during manager correlation to match incoming manager values to an existing manager's
Account/Identity
managerCorrelationRule:
description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.'
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- RULE
example: RULE
id:
type: string
description: ID of the rule
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Human-readable display name of the rule
example: Example Rule
beforeProvisioningRule:
description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- RULE
example: RULE
id:
type: string
description: ID of the rule
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Human-readable display name of the rule
example: Example Rule
schemas:
type: array
items:
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: ID of the schema
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Human-readable display name of the schema
example: MySchema
description: List of references to Schema objects
example:
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232a
name: account
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232b
name: group
passwordPolicies:
type: array
nullable: true
items:
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- PASSWORD_POLICY
example: PASSWORD_POLICY
id:
type: string
description: ID of the policy
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Human-readable display name of the policy
example: My Password Policy
description: List of references to the associated PasswordPolicy objects.
example:
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb053980
name: Corporate Password Policy
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb057777
name: Vendor Password Policy
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
type:
type: string
description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. '
example: OpenLDAP - Direct
connector:
type: string
description: Connector script name.
example: active-directory
connectorClass:
type: string
description: The fully qualified name of the Java class that implements the connector interface.
example: sailpoint.connector.LDAPConnector
connectorAttributes:
type: object
description: Connector specific configuration; will differ from type to type.
example:
healthCheckTimeout: 30
authSearchAttributes:
- cn
- uid
- mail
deleteThreshold:
type: integer
format: int32
description: Number from 0 to 100 that specifies when to skip the delete phase.
example: 10
authoritative:
type: boolean
description: When true indicates the source is referenced by an IdentityProfile.
default: false
example: false
managementWorkgroup:
description: Reference to Management Workgroup for this Source
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- GOVERNANCE_GROUP
example: GOVERNANCE_GROUP
id:
type: string
description: ID of the management workgroup
example: 2c91808568c529c60168cca6f90c2222
name:
type: string
description: Human-readable display name of the management workgroup
example: My Management Workgroup
healthy:
type: boolean
description: When true indicates a healthy source
default: false
example: true
status:
type: string
description: 'A status identifier, giving specific information on why a source is healthy or not'
example: SOURCE_STATE_HEALTHY
since:
type: string
description: Timestamp showing when a source health check was last performed
example: '2021-09-28T15:48:29.3801666300Z'
connectorId:
type: string
description: The id of connector
example: active-directory
connectorName:
type: string
description: The name of the connector that was chosen on source creation
example: Active Directory
connectionType:
type: string
description: The type of connection (direct or file)
example: file
connectorImplementationId:
type: string
description: The connector implementation id
example: delimited-file
created:
type: string
description: The date-time when the source was created
format: date-time
example: 2022-02-08T14:50:03.827Z
modified:
type: string
description: The date-time when the source was last modified
format: date-time
example: 2024-01-23T18:08:50.897Z
credentialProviderEnabled:
type: boolean
description: Enables credential provider for this source. If credentialProvider is turned on then source can use credential provider(s) to fetch credentials.
default: false
example: false
category:
type: string
nullable: true
default: null
description: 'The category of source (e.g. null, CredentialProvider)'
example: CredentialProvider
required:
- name
- owner
- connector
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putSource
security:
- UserContextAuth:
- 'idn:sources:manage'
tags:
- Sources
summary: Update Source (Full)
description: |
This API updates a source in IdentityNow, using a full object representation. In other words, the existing Source
configuration is completely replaced.
Some fields are immutable and cannot be changed, such as:
* id
* type
* authoritative
* connector
* connectorClass
* passwordPolicies
Attempts to modify these fields will result in a 400 error.
A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The Source id
example: 2c9180835d191a86015d28455b4a2329
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
readOnly: true
description: the id of the Source
example: 2c91808568c529c60168cca6f90c1324
name:
type: string
description: Human-readable name of the source
example: My Source
description:
type: string
description: Human-readable description of the source
example: This is the corporate directory.
owner:
description: Reference to an owning Identity Object
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of the identity
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the identity
example: MyName
cluster:
description: Reference to the associated Cluster
type: object
nullable: true
required:
- name
- id
- type
properties:
type:
description: The type of object being referenced
type: string
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: ID of the cluster
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Human-readable display name of the cluster
example: Corporate Cluster
accountCorrelationConfig:
description: Reference to an Account Correlation Config object
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
example: ACCOUNT_CORRELATION_CONFIG
id:
type: string
description: ID of the account correlation config
example: 2c9180855d191c59015d28583727245a
name:
type: string
description: Human-readable display name of the account correlation config
example: 'Directory [source-62867] Account Correlation'
accountCorrelationRule:
description: 'Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can''t be used.'
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- RULE
example: RULE
id:
type: string
description: ID of the rule
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Human-readable display name of the rule
example: Example Rule
managerCorrelationMapping:
allOf:
- type: object
properties:
accountAttributeName:
type: string
description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
example: manager
identityAttributeName:
type: string
description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
example: manager
- nullable: true
description: |
Filter Object used during manager correlation to match incoming manager values to an existing manager's
Account/Identity
managerCorrelationRule:
description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.'
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- RULE
example: RULE
id:
type: string
description: ID of the rule
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Human-readable display name of the rule
example: Example Rule
beforeProvisioningRule:
description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- RULE
example: RULE
id:
type: string
description: ID of the rule
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Human-readable display name of the rule
example: Example Rule
schemas:
type: array
items:
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: ID of the schema
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Human-readable display name of the schema
example: MySchema
description: List of references to Schema objects
example:
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232a
name: account
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232b
name: group
passwordPolicies:
type: array
nullable: true
items:
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- PASSWORD_POLICY
example: PASSWORD_POLICY
id:
type: string
description: ID of the policy
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Human-readable display name of the policy
example: My Password Policy
description: List of references to the associated PasswordPolicy objects.
example:
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb053980
name: Corporate Password Policy
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb057777
name: Vendor Password Policy
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
type:
type: string
description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. '
example: OpenLDAP - Direct
connector:
type: string
description: Connector script name.
example: active-directory
connectorClass:
type: string
description: The fully qualified name of the Java class that implements the connector interface.
example: sailpoint.connector.LDAPConnector
connectorAttributes:
type: object
description: Connector specific configuration; will differ from type to type.
example:
healthCheckTimeout: 30
authSearchAttributes:
- cn
- uid
- mail
deleteThreshold:
type: integer
format: int32
description: Number from 0 to 100 that specifies when to skip the delete phase.
example: 10
authoritative:
type: boolean
description: When true indicates the source is referenced by an IdentityProfile.
default: false
example: false
managementWorkgroup:
description: Reference to Management Workgroup for this Source
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- GOVERNANCE_GROUP
example: GOVERNANCE_GROUP
id:
type: string
description: ID of the management workgroup
example: 2c91808568c529c60168cca6f90c2222
name:
type: string
description: Human-readable display name of the management workgroup
example: My Management Workgroup
healthy:
type: boolean
description: When true indicates a healthy source
default: false
example: true
status:
type: string
description: 'A status identifier, giving specific information on why a source is healthy or not'
example: SOURCE_STATE_HEALTHY
since:
type: string
description: Timestamp showing when a source health check was last performed
example: '2021-09-28T15:48:29.3801666300Z'
connectorId:
type: string
description: The id of connector
example: active-directory
connectorName:
type: string
description: The name of the connector that was chosen on source creation
example: Active Directory
connectionType:
type: string
description: The type of connection (direct or file)
example: file
connectorImplementationId:
type: string
description: The connector implementation id
example: delimited-file
created:
type: string
description: The date-time when the source was created
format: date-time
example: 2022-02-08T14:50:03.827Z
modified:
type: string
description: The date-time when the source was last modified
format: date-time
example: 2024-01-23T18:08:50.897Z
credentialProviderEnabled:
type: boolean
description: Enables credential provider for this source. If credentialProvider is turned on then source can use credential provider(s) to fetch credentials.
default: false
example: false
category:
type: string
nullable: true
default: null
description: 'The category of source (e.g. null, CredentialProvider)'
example: CredentialProvider
required:
- name
- owner
- connector
responses:
'200':
description: 'Updated Source object. Any passwords will only show the the encrypted cipher-text, as they are not decrypt-able in IdentityNow cloud-based services, per IdentityNow security design.'
content:
application/json:
schema:
type: object
properties:
id:
type: string
readOnly: true
description: the id of the Source
example: 2c91808568c529c60168cca6f90c1324
name:
type: string
description: Human-readable name of the source
example: My Source
description:
type: string
description: Human-readable description of the source
example: This is the corporate directory.
owner:
description: Reference to an owning Identity Object
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of the identity
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the identity
example: MyName
cluster:
description: Reference to the associated Cluster
type: object
nullable: true
required:
- name
- id
- type
properties:
type:
description: The type of object being referenced
type: string
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: ID of the cluster
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Human-readable display name of the cluster
example: Corporate Cluster
accountCorrelationConfig:
description: Reference to an Account Correlation Config object
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
example: ACCOUNT_CORRELATION_CONFIG
id:
type: string
description: ID of the account correlation config
example: 2c9180855d191c59015d28583727245a
name:
type: string
description: Human-readable display name of the account correlation config
example: 'Directory [source-62867] Account Correlation'
accountCorrelationRule:
description: 'Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can''t be used.'
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- RULE
example: RULE
id:
type: string
description: ID of the rule
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Human-readable display name of the rule
example: Example Rule
managerCorrelationMapping:
allOf:
- type: object
properties:
accountAttributeName:
type: string
description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
example: manager
identityAttributeName:
type: string
description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
example: manager
- nullable: true
description: |
Filter Object used during manager correlation to match incoming manager values to an existing manager's
Account/Identity
managerCorrelationRule:
description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.'
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- RULE
example: RULE
id:
type: string
description: ID of the rule
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Human-readable display name of the rule
example: Example Rule
beforeProvisioningRule:
description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- RULE
example: RULE
id:
type: string
description: ID of the rule
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Human-readable display name of the rule
example: Example Rule
schemas:
type: array
items:
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: ID of the schema
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Human-readable display name of the schema
example: MySchema
description: List of references to Schema objects
example:
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232a
name: account
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232b
name: group
passwordPolicies:
type: array
nullable: true
items:
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- PASSWORD_POLICY
example: PASSWORD_POLICY
id:
type: string
description: ID of the policy
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Human-readable display name of the policy
example: My Password Policy
description: List of references to the associated PasswordPolicy objects.
example:
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb053980
name: Corporate Password Policy
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb057777
name: Vendor Password Policy
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
type:
type: string
description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. '
example: OpenLDAP - Direct
connector:
type: string
description: Connector script name.
example: active-directory
connectorClass:
type: string
description: The fully qualified name of the Java class that implements the connector interface.
example: sailpoint.connector.LDAPConnector
connectorAttributes:
type: object
description: Connector specific configuration; will differ from type to type.
example:
healthCheckTimeout: 30
authSearchAttributes:
- cn
- uid
- mail
deleteThreshold:
type: integer
format: int32
description: Number from 0 to 100 that specifies when to skip the delete phase.
example: 10
authoritative:
type: boolean
description: When true indicates the source is referenced by an IdentityProfile.
default: false
example: false
managementWorkgroup:
description: Reference to Management Workgroup for this Source
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- GOVERNANCE_GROUP
example: GOVERNANCE_GROUP
id:
type: string
description: ID of the management workgroup
example: 2c91808568c529c60168cca6f90c2222
name:
type: string
description: Human-readable display name of the management workgroup
example: My Management Workgroup
healthy:
type: boolean
description: When true indicates a healthy source
default: false
example: true
status:
type: string
description: 'A status identifier, giving specific information on why a source is healthy or not'
example: SOURCE_STATE_HEALTHY
since:
type: string
description: Timestamp showing when a source health check was last performed
example: '2021-09-28T15:48:29.3801666300Z'
connectorId:
type: string
description: The id of connector
example: active-directory
connectorName:
type: string
description: The name of the connector that was chosen on source creation
example: Active Directory
connectionType:
type: string
description: The type of connection (direct or file)
example: file
connectorImplementationId:
type: string
description: The connector implementation id
example: delimited-file
created:
type: string
description: The date-time when the source was created
format: date-time
example: 2022-02-08T14:50:03.827Z
modified:
type: string
description: The date-time when the source was last modified
format: date-time
example: 2024-01-23T18:08:50.897Z
credentialProviderEnabled:
type: boolean
description: Enables credential provider for this source. If credentialProvider is turned on then source can use credential provider(s) to fetch credentials.
default: false
example: false
category:
type: string
nullable: true
default: null
description: 'The category of source (e.g. null, CredentialProvider)'
example: CredentialProvider
required:
- name
- owner
- connector
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: updateSource
security:
- UserContextAuth:
- 'idn:sources:manage'
tags:
- Sources
summary: Update Source (Partial)
description: |
This API partially updates a source in IdentityNow, using a list of patch operations according to the
[JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
Some fields are immutable and cannot be changed, such as:
* id
* type
* authoritative
* created
* modified
* connector
* connectorClass
* passwordPolicies
Attempts to modify these fields will result in a 400 error.
A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or API authority is required to call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The Source id
example: 2c9180835d191a86015d28455b4a2329
requestBody:
required: true
description: 'A list of account update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Any password changes are submitted as plain-text and encrypted upon receipt in IdentityNow.'
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
examples:
Edit the source description:
description: This example shows how to edit a source description.
value:
- op: replace
path: /description
value: new description
Edit the source cluster:
description: This example shows how to edit a source cluster by id.
value:
- op: replace
path: /cluster/id
value: 2c918087813a902001813f3f85736b45
Edit source features:
description: This example illustrates how you can update source supported features.
value:
- op: replace
path: /features
value:
- PASSWORD
- PROVISIONING
- ENABLE
- AUTHENTICATE
Change a source description and cluster in One Call:
description: This example shows how multiple fields may be updated with a single patch call.
value:
- op: replace
path: /description
value: new description
- op: replace
path: /cluster/id
value: 2c918087813a902001813f3f85736b45
Add a filter string to the connector:
description: 'This example shows how you can add a filter to incoming accounts during the account aggregation process. In the example below, any account that does not have an "m" or "d" in the id will be aggregated.'
value:
- op: add
path: /connectorAttributes/filterString
value: '!( id.contains( "m" ) ) || !( id.contains( "d" ) )'
Update connector attribute for specific operation type:
description: This example shows how you can update the 3rd object in the connection parameters operationType. This will change it from a standard group aggregation to a group aggregation on the "test" entitlement type.
value:
- op: replace
path: /connectorAttributes/connectionParameters/2/operationType
value: Group Aggregation-test
responses:
'200':
description: 'Updated Source object. Any passwords will only show the the encrypted cipher-text, as they are not decrypt-able in IdentityNow cloud-based services, per IdentityNow security design.'
content:
application/json:
schema:
type: object
properties:
id:
type: string
readOnly: true
description: the id of the Source
example: 2c91808568c529c60168cca6f90c1324
name:
type: string
description: Human-readable name of the source
example: My Source
description:
type: string
description: Human-readable description of the source
example: This is the corporate directory.
owner:
description: Reference to an owning Identity Object
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of the identity
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the identity
example: MyName
cluster:
description: Reference to the associated Cluster
type: object
nullable: true
required:
- name
- id
- type
properties:
type:
description: The type of object being referenced
type: string
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: ID of the cluster
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Human-readable display name of the cluster
example: Corporate Cluster
accountCorrelationConfig:
description: Reference to an Account Correlation Config object
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
example: ACCOUNT_CORRELATION_CONFIG
id:
type: string
description: ID of the account correlation config
example: 2c9180855d191c59015d28583727245a
name:
type: string
description: Human-readable display name of the account correlation config
example: 'Directory [source-62867] Account Correlation'
accountCorrelationRule:
description: 'Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can''t be used.'
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- RULE
example: RULE
id:
type: string
description: ID of the rule
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Human-readable display name of the rule
example: Example Rule
managerCorrelationMapping:
allOf:
- type: object
properties:
accountAttributeName:
type: string
description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
example: manager
identityAttributeName:
type: string
description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
example: manager
- nullable: true
description: |
Filter Object used during manager correlation to match incoming manager values to an existing manager's
Account/Identity
managerCorrelationRule:
description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.'
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- RULE
example: RULE
id:
type: string
description: ID of the rule
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Human-readable display name of the rule
example: Example Rule
beforeProvisioningRule:
description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- RULE
example: RULE
id:
type: string
description: ID of the rule
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Human-readable display name of the rule
example: Example Rule
schemas:
type: array
items:
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: ID of the schema
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Human-readable display name of the schema
example: MySchema
description: List of references to Schema objects
example:
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232a
name: account
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232b
name: group
passwordPolicies:
type: array
nullable: true
items:
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- PASSWORD_POLICY
example: PASSWORD_POLICY
id:
type: string
description: ID of the policy
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Human-readable display name of the policy
example: My Password Policy
description: List of references to the associated PasswordPolicy objects.
example:
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb053980
name: Corporate Password Policy
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb057777
name: Vendor Password Policy
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
type:
type: string
description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. '
example: OpenLDAP - Direct
connector:
type: string
description: Connector script name.
example: active-directory
connectorClass:
type: string
description: The fully qualified name of the Java class that implements the connector interface.
example: sailpoint.connector.LDAPConnector
connectorAttributes:
type: object
description: Connector specific configuration; will differ from type to type.
example:
healthCheckTimeout: 30
authSearchAttributes:
- cn
- uid
- mail
deleteThreshold:
type: integer
format: int32
description: Number from 0 to 100 that specifies when to skip the delete phase.
example: 10
authoritative:
type: boolean
description: When true indicates the source is referenced by an IdentityProfile.
default: false
example: false
managementWorkgroup:
description: Reference to Management Workgroup for this Source
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- GOVERNANCE_GROUP
example: GOVERNANCE_GROUP
id:
type: string
description: ID of the management workgroup
example: 2c91808568c529c60168cca6f90c2222
name:
type: string
description: Human-readable display name of the management workgroup
example: My Management Workgroup
healthy:
type: boolean
description: When true indicates a healthy source
default: false
example: true
status:
type: string
description: 'A status identifier, giving specific information on why a source is healthy or not'
example: SOURCE_STATE_HEALTHY
since:
type: string
description: Timestamp showing when a source health check was last performed
example: '2021-09-28T15:48:29.3801666300Z'
connectorId:
type: string
description: The id of connector
example: active-directory
connectorName:
type: string
description: The name of the connector that was chosen on source creation
example: Active Directory
connectionType:
type: string
description: The type of connection (direct or file)
example: file
connectorImplementationId:
type: string
description: The connector implementation id
example: delimited-file
created:
type: string
description: The date-time when the source was created
format: date-time
example: 2022-02-08T14:50:03.827Z
modified:
type: string
description: The date-time when the source was last modified
format: date-time
example: 2024-01-23T18:08:50.897Z
credentialProviderEnabled:
type: boolean
description: Enables credential provider for this source. If credentialProvider is turned on then source can use credential provider(s) to fetch credentials.
default: false
example: false
category:
type: string
nullable: true
default: null
description: 'The category of source (e.g. null, CredentialProvider)'
example: CredentialProvider
required:
- name
- owner
- connector
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteSource
security:
- UserContextAuth:
- 'idn:sources:manage'
tags:
- Sources
summary: Delete Source by ID
description: |-
This end-point deletes a specific source in IdentityNow.
A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
All of accounts on the source will be removed first, then the source will be deleted. Actual status of task execution can be retrieved via method GET `/task-status/{id}`
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The Source id
example: 2c9180835d191a86015d28455b4a2329
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- TASK_RESULT
example: TASK_RESULT
id:
type: string
description: ID of the task result
example: 2c91808779ecf55b0179f720942f181a
name:
type: string
description: Human-readable display name of the task result (should be null/empty)
example: null
examples:
deleteSource:
summary: Response returned when deleting a source
value:
type: TASK_RESULT
id: 2c91808779ecf55b0179f720942f181a
name: null
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{sourceId}/provisioning-policies':
get:
operationId: listProvisioningPolicies
tags:
- Sources
summary: Lists ProvisioningPolicies
description: |-
This end-point lists all the ProvisioningPolicies in IdentityNow.
A token with API, or ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:provisioning-policy:read'
- 'idn:provisioning-policy:manage'
parameters:
- in: path
name: sourceId
required: true
schema:
type: string
description: The Source id
example: 2c9180835d191a86015d28455b4a2329
responses:
'200':
description: List of ProvisioningPolicyDto objects
content:
application/json:
schema:
type: array
items:
type: object
required:
- name
properties:
name:
type: string
description: the provisioning policy name
example: example provisioning policy for inactive identities
description:
type: string
description: the description of the provisioning policy
example: this provisioning policy creates access based on an identity going inactive
usageType:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
fields:
type: array
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: userName
transform:
type: object
description: The transform to apply to the field
example:
type: rule
attributes:
name: Create Unique LDAP Attribute
default: {}
attributes:
type: object
description: Attributes required for the transform
example:
template: '${firstname}.${lastname}${uniqueCounter}'
cloudMaxUniqueChecks: '50'
cloudMaxSize: '20'
cloudRequired: 'true'
isRequired:
type: boolean
readOnly: true
description: Flag indicating whether or not the attribute is required.
default: false
example: false
type:
type: string
description: The type of the attribute.
example: string
isMultiValued:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
default: false
example: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createProvisioningPolicy
tags:
- Sources
summary: Create Provisioning Policy
description: |-
This API generates a create policy/template based on field value transforms. This API is intended for use when setting up JDBC Provisioning type sources, but it will also work on other source types.
Transforms can be used in the provisioning policy to create a new attribute that you only need during provisioning.
Refer to [Transforms in Provisioning Policies](https://developer.sailpoint.com/idn/docs/transforms/guides/transforms-in-provisioning-policies) for more information.
A token with ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:provisioning-policy:manage'
parameters:
- in: path
name: sourceId
required: true
schema:
type: string
description: The Source id
example: 2c9180835d191a86015d28455b4a2329
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- name
properties:
name:
type: string
description: the provisioning policy name
example: example provisioning policy for inactive identities
description:
type: string
description: the description of the provisioning policy
example: this provisioning policy creates access based on an identity going inactive
usageType:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
fields:
type: array
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: userName
transform:
type: object
description: The transform to apply to the field
example:
type: rule
attributes:
name: Create Unique LDAP Attribute
default: {}
attributes:
type: object
description: Attributes required for the transform
example:
template: '${firstname}.${lastname}${uniqueCounter}'
cloudMaxUniqueChecks: '50'
cloudMaxSize: '20'
cloudRequired: 'true'
isRequired:
type: boolean
readOnly: true
description: Flag indicating whether or not the attribute is required.
default: false
example: false
type:
type: string
description: The type of the attribute.
example: string
isMultiValued:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
default: false
example: false
examples:
Create Account Provisioning Policy:
value:
name: Account
description: Account Provisioning Policy
usageType: CREATE
fields:
- name: displayName
transform:
type: identityAttribute
attributes:
name: displayName
attributes: {}
isRequired: false
type: string
isMultiValued: false
- name: distinguishedName
transform:
type: usernameGenerator
attributes:
sourceCheck: true
patterns:
- 'CN=$fi $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- 'CN=$fti $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- 'CN=$fn $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- 'CN=$fn$ln${uniqueCounter},OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
fn:
type: identityAttribute
attributes:
name: firstname
ln:
type: identityAttribute
attributes:
name: lastname
fi:
type: substring
attributes:
input:
type: identityAttribute
attributes:
name: firstname
begin: 0
end: 1
fti:
type: substring
attributes:
input:
type: identityAttribute
attributes:
name: firstname
begin: 0
end: 2
attributes:
cloudMaxUniqueChecks: '5'
cloudMaxSize: '100'
cloudRequired: 'true'
isRequired: false
type: ''
isMultiValued: false
- name: description
transform:
type: static
attributes:
value: ''
attributes: {}
isRequired: false
type: string
isMultiValued: false
responses:
'201':
description: Created ProvisioningPolicyDto object
content:
application/json:
schema:
type: object
required:
- name
properties:
name:
type: string
description: the provisioning policy name
example: example provisioning policy for inactive identities
description:
type: string
description: the description of the provisioning policy
example: this provisioning policy creates access based on an identity going inactive
usageType:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
fields:
type: array
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: userName
transform:
type: object
description: The transform to apply to the field
example:
type: rule
attributes:
name: Create Unique LDAP Attribute
default: {}
attributes:
type: object
description: Attributes required for the transform
example:
template: '${firstname}.${lastname}${uniqueCounter}'
cloudMaxUniqueChecks: '50'
cloudMaxSize: '20'
cloudRequired: 'true'
isRequired:
type: boolean
readOnly: true
description: Flag indicating whether or not the attribute is required.
default: false
example: false
type:
type: string
description: The type of the attribute.
example: string
isMultiValued:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
default: false
example: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{sourceId}/provisioning-policies/{usageType}':
get:
operationId: getProvisioningPolicy
tags:
- Sources
summary: Get Provisioning Policy by UsageType
description: |-
This end-point retrieves the ProvisioningPolicy with the specified usage on the specified Source in IdentityNow.
A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:provisioning-policy:read'
- 'idn:provisioning-policy-source:read'
- 'idn:provisioning-policy:manage'
- 'idn:provisioning-policy-source-admin-operations:manage'
parameters:
- in: path
name: sourceId
required: true
schema:
type: string
description: The Source ID.
example: 2c9180835d191a86015d28455b4a2329
- in: path
name: usageType
required: true
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
example: CREATE
schema:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
responses:
'200':
description: The requested ProvisioningPolicyDto was successfully retrieved.
content:
application/json:
schema:
type: object
required:
- name
properties:
name:
type: string
description: the provisioning policy name
example: example provisioning policy for inactive identities
description:
type: string
description: the description of the provisioning policy
example: this provisioning policy creates access based on an identity going inactive
usageType:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
fields:
type: array
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: userName
transform:
type: object
description: The transform to apply to the field
example:
type: rule
attributes:
name: Create Unique LDAP Attribute
default: {}
attributes:
type: object
description: Attributes required for the transform
example:
template: '${firstname}.${lastname}${uniqueCounter}'
cloudMaxUniqueChecks: '50'
cloudMaxSize: '20'
cloudRequired: 'true'
isRequired:
type: boolean
readOnly: true
description: Flag indicating whether or not the attribute is required.
default: false
example: false
type:
type: string
description: The type of the attribute.
example: string
isMultiValued:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
default: false
example: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putProvisioningPolicy
tags:
- Sources
summary: Update Provisioning Policy by UsageType
description: |-
This end-point updates the provisioning policy with the specified usage on the specified source in IdentityNow.
Transforms can be used in the provisioning policy to create a new attribute that you only need during provisioning.
Refer to [Transforms in Provisioning Policies](https://developer.sailpoint.com/idn/docs/transforms/guides/transforms-in-provisioning-policies) for more information.
A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:provisioning-policy:manage'
- 'idn:provisioning-policy-source-admin-operations:manage'
parameters:
- in: path
name: sourceId
required: true
schema:
type: string
description: The Source ID.
example: 2c9180835d191a86015d28455b4a2329
- in: path
name: usageType
required: true
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
example: CREATE
schema:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- name
properties:
name:
type: string
description: the provisioning policy name
example: example provisioning policy for inactive identities
description:
type: string
description: the description of the provisioning policy
example: this provisioning policy creates access based on an identity going inactive
usageType:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
fields:
type: array
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: userName
transform:
type: object
description: The transform to apply to the field
example:
type: rule
attributes:
name: Create Unique LDAP Attribute
default: {}
attributes:
type: object
description: Attributes required for the transform
example:
template: '${firstname}.${lastname}${uniqueCounter}'
cloudMaxUniqueChecks: '50'
cloudMaxSize: '20'
cloudRequired: 'true'
isRequired:
type: boolean
readOnly: true
description: Flag indicating whether or not the attribute is required.
default: false
example: false
type:
type: string
description: The type of the attribute.
example: string
isMultiValued:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
default: false
example: false
responses:
'200':
description: The ProvisioningPolicyDto was successfully replaced.
content:
application/json:
schema:
type: object
required:
- name
properties:
name:
type: string
description: the provisioning policy name
example: example provisioning policy for inactive identities
description:
type: string
description: the description of the provisioning policy
example: this provisioning policy creates access based on an identity going inactive
usageType:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
fields:
type: array
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: userName
transform:
type: object
description: The transform to apply to the field
example:
type: rule
attributes:
name: Create Unique LDAP Attribute
default: {}
attributes:
type: object
description: Attributes required for the transform
example:
template: '${firstname}.${lastname}${uniqueCounter}'
cloudMaxUniqueChecks: '50'
cloudMaxSize: '20'
cloudRequired: 'true'
isRequired:
type: boolean
readOnly: true
description: Flag indicating whether or not the attribute is required.
default: false
example: false
type:
type: string
description: The type of the attribute.
example: string
isMultiValued:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
default: false
example: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: updateProvisioningPolicy
tags:
- Sources
summary: Partial update of Provisioning Policy
description: |-
This API selectively updates an existing Provisioning Policy using a JSONPatch payload.
Transforms can be used in the provisioning policy to create a new attribute that you only need during provisioning.
Refer to [Transforms in Provisioning Policies](https://developer.sailpoint.com/idn/docs/transforms/guides/transforms-in-provisioning-policies) for more information.
A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:provisioning-policy:update'
parameters:
- in: path
name: sourceId
required: true
schema:
type: string
description: The Source id.
example: 2c9180835d191a86015d28455b4a2329
- in: path
name: usageType
required: true
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
example: CREATE
schema:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
requestBody:
required: true
description: The JSONPatch payload used to update the schema.
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
examples:
add-field:
summary: Add a field to the beginning of the list
value:
- op: add
path: /fields/0
value:
name: email
transform:
type: identityAttribute
attributes:
name: email
attributes: {}
isRequired: false
type: string
isMultiValued: false
responses:
'200':
description: The ProvisioningPolicyDto was successfully updated.
content:
application/json:
schema:
type: object
required:
- name
properties:
name:
type: string
description: the provisioning policy name
example: example provisioning policy for inactive identities
description:
type: string
description: the description of the provisioning policy
example: this provisioning policy creates access based on an identity going inactive
usageType:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
fields:
type: array
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: userName
transform:
type: object
description: The transform to apply to the field
example:
type: rule
attributes:
name: Create Unique LDAP Attribute
default: {}
attributes:
type: object
description: Attributes required for the transform
example:
template: '${firstname}.${lastname}${uniqueCounter}'
cloudMaxUniqueChecks: '50'
cloudMaxSize: '20'
cloudRequired: 'true'
isRequired:
type: boolean
readOnly: true
description: Flag indicating whether or not the attribute is required.
default: false
example: false
type:
type: string
description: The type of the attribute.
example: string
isMultiValued:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
default: false
example: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteProvisioningPolicy
tags:
- Sources
summary: Delete Provisioning Policy by UsageType
description: |-
Deletes the provisioning policy with the specified usage on an application.
A token with API, or ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:provisioning-policy:manage'
parameters:
- in: path
name: sourceId
required: true
schema:
type: string
description: The Source ID.
example: 2c9180835d191a86015d28455b4a2329
- in: path
name: usageType
required: true
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
example: CREATE
schema:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
responses:
'204':
description: The ProvisioningPolicyDto was successfully deleted.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{sourceId}/provisioning-policies/bulk-update':
post:
operationId: updateProvisioningPoliciesInBulk
tags:
- Sources
summary: Bulk Update Provisioning Policies
description: |-
This end-point updates a list of provisioning policies on the specified source in IdentityNow.
A token with API, or ORG_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:provisioning-policy:manage'
parameters:
- in: path
name: sourceId
required: true
schema:
type: string
description: The Source id.
example: 2c9180835d191a86015d28455b4a2329
requestBody:
required: true
content:
application/json:
schema:
type: array
items:
type: object
required:
- name
properties:
name:
type: string
description: the provisioning policy name
example: example provisioning policy for inactive identities
description:
type: string
description: the description of the provisioning policy
example: this provisioning policy creates access based on an identity going inactive
usageType:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
fields:
type: array
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: userName
transform:
type: object
description: The transform to apply to the field
example:
type: rule
attributes:
name: Create Unique LDAP Attribute
default: {}
attributes:
type: object
description: Attributes required for the transform
example:
template: '${firstname}.${lastname}${uniqueCounter}'
cloudMaxUniqueChecks: '50'
cloudMaxSize: '20'
cloudRequired: 'true'
isRequired:
type: boolean
readOnly: true
description: Flag indicating whether or not the attribute is required.
default: false
example: false
type:
type: string
description: The type of the attribute.
example: string
isMultiValued:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
default: false
example: false
responses:
'200':
description: A list of the ProvisioningPolicyDto was successfully replaced.
content:
application/json:
schema:
type: array
items:
type: object
required:
- name
properties:
name:
type: string
description: the provisioning policy name
example: example provisioning policy for inactive identities
description:
type: string
description: the description of the provisioning policy
example: this provisioning policy creates access based on an identity going inactive
usageType:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
fields:
type: array
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: userName
transform:
type: object
description: The transform to apply to the field
example:
type: rule
attributes:
name: Create Unique LDAP Attribute
default: {}
attributes:
type: object
description: Attributes required for the transform
example:
template: '${firstname}.${lastname}${uniqueCounter}'
cloudMaxUniqueChecks: '50'
cloudMaxSize: '20'
cloudRequired: 'true'
isRequired:
type: boolean
readOnly: true
description: Flag indicating whether or not the attribute is required.
default: false
example: false
type:
type: string
description: The type of the attribute.
example: string
isMultiValued:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
default: false
example: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{sourceId}/schemas':
get:
operationId: listSourceSchemas
tags:
- Sources
summary: List Schemas on a Source
description: |
Lists the Schemas that exist on the specified Source in IdentityNow.
parameters:
- in: path
name: sourceId
required: true
schema:
type: string
description: The Source ID.
example: 2c9180835d191a86015d28455b4a2329
- in: query
name: include-types
required: false
schema:
type: string
description: 'If set to ''group'', then the account schema is filtered and only group schemas are returned. Only a value of ''group'' is recognized.'
example: group
responses:
'200':
description: The Schemas were successfully retrieved.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The id of the Schema.
example: 2c9180835d191a86015d28455b4a2329
name:
type: string
description: The name of the Schema.
example: account
nativeObjectType:
type: string
description: The name of the object type on the native system that the schema represents.
example: User
identityAttribute:
type: string
description: The name of the attribute used to calculate the unique identifier for an object in the schema.
example: sAMAccountName
displayAttribute:
type: string
description: The name of the attribute used to calculate the display value for an object in the schema.
example: distinguishedName
hierarchyAttribute:
type: string
description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
example: memberOf
includePermissions:
type: boolean
description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
example: false
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
configuration:
type: object
description: Holds any extra configuration data that the schema may require.
example:
groupMemberAttribute: member
attributes:
type: array
description: The attribute definitions which form the schema.
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: sAMAccountName
type:
description: The type of the attribute.
example: STRING
type: string
enum:
- STRING
- LONG
- INT
- BOOLEAN
schema:
description: A reference to the schema on the source to the attribute values map to.
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: The object ID this reference applies to.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The human-readable display name of the object.
example: group
description:
type: string
description: A human-readable description of the attribute.
example: SAM Account Name
isMulti:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
example: false
default: false
isEntitlement:
type: boolean
description: Flag indicating whether or not the attribute is an entitlement.
example: false
default: false
isGroup:
type: boolean
description: |
Flag indicating whether or not the attribute represents a group.
This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..
example: false
default: false
example:
- name: sAMAccountName
type: STRING
isMultiValued: false
isEntitlement: false
isGroup: false
- name: memberOf
type: STRING
schema:
type: CONNECTOR_SCHEMA
id: 2c9180887671ff8c01767b4671fc7d60
name: group
description: Group membership
isMultiValued: true
isEntitlement: true
isGroup: true
created:
type: string
description: The date the Schema was created.
format: date-time
example: '2019-12-24T22:32:58.104Z'
modified:
type: string
description: The date the Schema was last modified.
format: date-time
example: '2019-12-31T20:22:28.104Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createSourceSchema
tags:
- Sources
summary: Create Schema on a Source
description: |
Creates a new Schema on the specified Source in IdentityNow.
parameters:
- in: path
name: sourceId
required: true
schema:
type: string
description: The Source id.
example: 2c9180835d191a86015d28455b4a2329
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The id of the Schema.
example: 2c9180835d191a86015d28455b4a2329
name:
type: string
description: The name of the Schema.
example: account
nativeObjectType:
type: string
description: The name of the object type on the native system that the schema represents.
example: User
identityAttribute:
type: string
description: The name of the attribute used to calculate the unique identifier for an object in the schema.
example: sAMAccountName
displayAttribute:
type: string
description: The name of the attribute used to calculate the display value for an object in the schema.
example: distinguishedName
hierarchyAttribute:
type: string
description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
example: memberOf
includePermissions:
type: boolean
description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
example: false
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
configuration:
type: object
description: Holds any extra configuration data that the schema may require.
example:
groupMemberAttribute: member
attributes:
type: array
description: The attribute definitions which form the schema.
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: sAMAccountName
type:
description: The type of the attribute.
example: STRING
type: string
enum:
- STRING
- LONG
- INT
- BOOLEAN
schema:
description: A reference to the schema on the source to the attribute values map to.
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: The object ID this reference applies to.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The human-readable display name of the object.
example: group
description:
type: string
description: A human-readable description of the attribute.
example: SAM Account Name
isMulti:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
example: false
default: false
isEntitlement:
type: boolean
description: Flag indicating whether or not the attribute is an entitlement.
example: false
default: false
isGroup:
type: boolean
description: |
Flag indicating whether or not the attribute represents a group.
This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..
example: false
default: false
example:
- name: sAMAccountName
type: STRING
isMultiValued: false
isEntitlement: false
isGroup: false
- name: memberOf
type: STRING
schema:
type: CONNECTOR_SCHEMA
id: 2c9180887671ff8c01767b4671fc7d60
name: group
description: Group membership
isMultiValued: true
isEntitlement: true
isGroup: true
created:
type: string
description: The date the Schema was created.
format: date-time
example: '2019-12-24T22:32:58.104Z'
modified:
type: string
description: The date the Schema was last modified.
format: date-time
example: '2019-12-31T20:22:28.104Z'
responses:
'201':
description: The Schema was successfully created on the specified Source.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The id of the Schema.
example: 2c9180835d191a86015d28455b4a2329
name:
type: string
description: The name of the Schema.
example: account
nativeObjectType:
type: string
description: The name of the object type on the native system that the schema represents.
example: User
identityAttribute:
type: string
description: The name of the attribute used to calculate the unique identifier for an object in the schema.
example: sAMAccountName
displayAttribute:
type: string
description: The name of the attribute used to calculate the display value for an object in the schema.
example: distinguishedName
hierarchyAttribute:
type: string
description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
example: memberOf
includePermissions:
type: boolean
description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
example: false
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
configuration:
type: object
description: Holds any extra configuration data that the schema may require.
example:
groupMemberAttribute: member
attributes:
type: array
description: The attribute definitions which form the schema.
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: sAMAccountName
type:
description: The type of the attribute.
example: STRING
type: string
enum:
- STRING
- LONG
- INT
- BOOLEAN
schema:
description: A reference to the schema on the source to the attribute values map to.
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: The object ID this reference applies to.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The human-readable display name of the object.
example: group
description:
type: string
description: A human-readable description of the attribute.
example: SAM Account Name
isMulti:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
example: false
default: false
isEntitlement:
type: boolean
description: Flag indicating whether or not the attribute is an entitlement.
example: false
default: false
isGroup:
type: boolean
description: |
Flag indicating whether or not the attribute represents a group.
This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..
example: false
default: false
example:
- name: sAMAccountName
type: STRING
isMultiValued: false
isEntitlement: false
isGroup: false
- name: memberOf
type: STRING
schema:
type: CONNECTOR_SCHEMA
id: 2c9180887671ff8c01767b4671fc7d60
name: group
description: Group membership
isMultiValued: true
isEntitlement: true
isGroup: true
created:
type: string
description: The date the Schema was created.
format: date-time
example: '2019-12-24T22:32:58.104Z'
modified:
type: string
description: The date the Schema was last modified.
format: date-time
example: '2019-12-31T20:22:28.104Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{sourceId}/schemas/{schemaId}':
get:
operationId: getSourceSchema
tags:
- Sources
summary: Get Source Schema by ID
description: |
Get the Source Schema by ID in IdentityNow.
parameters:
- in: path
name: sourceId
required: true
schema:
type: string
description: The Source id.
example: 2c9180835d191a86015d28455b4a2329
- in: path
name: schemaId
schema:
type: string
required: true
description: The Schema id.
example: 2c9180835d191a86015d28455b4a2329
responses:
'200':
description: The requested Schema was successfully retrieved.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The id of the Schema.
example: 2c9180835d191a86015d28455b4a2329
name:
type: string
description: The name of the Schema.
example: account
nativeObjectType:
type: string
description: The name of the object type on the native system that the schema represents.
example: User
identityAttribute:
type: string
description: The name of the attribute used to calculate the unique identifier for an object in the schema.
example: sAMAccountName
displayAttribute:
type: string
description: The name of the attribute used to calculate the display value for an object in the schema.
example: distinguishedName
hierarchyAttribute:
type: string
description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
example: memberOf
includePermissions:
type: boolean
description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
example: false
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
configuration:
type: object
description: Holds any extra configuration data that the schema may require.
example:
groupMemberAttribute: member
attributes:
type: array
description: The attribute definitions which form the schema.
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: sAMAccountName
type:
description: The type of the attribute.
example: STRING
type: string
enum:
- STRING
- LONG
- INT
- BOOLEAN
schema:
description: A reference to the schema on the source to the attribute values map to.
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: The object ID this reference applies to.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The human-readable display name of the object.
example: group
description:
type: string
description: A human-readable description of the attribute.
example: SAM Account Name
isMulti:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
example: false
default: false
isEntitlement:
type: boolean
description: Flag indicating whether or not the attribute is an entitlement.
example: false
default: false
isGroup:
type: boolean
description: |
Flag indicating whether or not the attribute represents a group.
This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..
example: false
default: false
example:
- name: sAMAccountName
type: STRING
isMultiValued: false
isEntitlement: false
isGroup: false
- name: memberOf
type: STRING
schema:
type: CONNECTOR_SCHEMA
id: 2c9180887671ff8c01767b4671fc7d60
name: group
description: Group membership
isMultiValued: true
isEntitlement: true
isGroup: true
created:
type: string
description: The date the Schema was created.
format: date-time
example: '2019-12-24T22:32:58.104Z'
modified:
type: string
description: The date the Schema was last modified.
format: date-time
example: '2019-12-31T20:22:28.104Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putSourceSchema
tags:
- Sources
summary: Update Source Schema (Full)
description: |
This API will completely replace an existing Schema with the submitted payload. Some fields of the Schema cannot be updated. These fields are listed below.
* id
* name
* created
* modified
Any attempt to modify these fields will result in an error response with a status code of 400.
> `id` must remain in the request body, but it cannot be changed. If `id` is omitted from the request body, the result will be a 400 error.
parameters:
- in: path
name: sourceId
required: true
schema:
type: string
description: The Source id.
example: 2c9180835d191a86015d28455b4a2329
- in: path
name: schemaId
schema:
type: string
required: true
description: The Schema id.
example: 2c9180835d191a86015d28455b4a2329
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The id of the Schema.
example: 2c9180835d191a86015d28455b4a2329
name:
type: string
description: The name of the Schema.
example: account
nativeObjectType:
type: string
description: The name of the object type on the native system that the schema represents.
example: User
identityAttribute:
type: string
description: The name of the attribute used to calculate the unique identifier for an object in the schema.
example: sAMAccountName
displayAttribute:
type: string
description: The name of the attribute used to calculate the display value for an object in the schema.
example: distinguishedName
hierarchyAttribute:
type: string
description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
example: memberOf
includePermissions:
type: boolean
description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
example: false
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
configuration:
type: object
description: Holds any extra configuration data that the schema may require.
example:
groupMemberAttribute: member
attributes:
type: array
description: The attribute definitions which form the schema.
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: sAMAccountName
type:
description: The type of the attribute.
example: STRING
type: string
enum:
- STRING
- LONG
- INT
- BOOLEAN
schema:
description: A reference to the schema on the source to the attribute values map to.
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: The object ID this reference applies to.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The human-readable display name of the object.
example: group
description:
type: string
description: A human-readable description of the attribute.
example: SAM Account Name
isMulti:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
example: false
default: false
isEntitlement:
type: boolean
description: Flag indicating whether or not the attribute is an entitlement.
example: false
default: false
isGroup:
type: boolean
description: |
Flag indicating whether or not the attribute represents a group.
This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..
example: false
default: false
example:
- name: sAMAccountName
type: STRING
isMultiValued: false
isEntitlement: false
isGroup: false
- name: memberOf
type: STRING
schema:
type: CONNECTOR_SCHEMA
id: 2c9180887671ff8c01767b4671fc7d60
name: group
description: Group membership
isMultiValued: true
isEntitlement: true
isGroup: true
created:
type: string
description: The date the Schema was created.
format: date-time
example: '2019-12-24T22:32:58.104Z'
modified:
type: string
description: The date the Schema was last modified.
format: date-time
example: '2019-12-31T20:22:28.104Z'
responses:
'200':
description: The Schema was successfully replaced.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The id of the Schema.
example: 2c9180835d191a86015d28455b4a2329
name:
type: string
description: The name of the Schema.
example: account
nativeObjectType:
type: string
description: The name of the object type on the native system that the schema represents.
example: User
identityAttribute:
type: string
description: The name of the attribute used to calculate the unique identifier for an object in the schema.
example: sAMAccountName
displayAttribute:
type: string
description: The name of the attribute used to calculate the display value for an object in the schema.
example: distinguishedName
hierarchyAttribute:
type: string
description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
example: memberOf
includePermissions:
type: boolean
description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
example: false
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
configuration:
type: object
description: Holds any extra configuration data that the schema may require.
example:
groupMemberAttribute: member
attributes:
type: array
description: The attribute definitions which form the schema.
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: sAMAccountName
type:
description: The type of the attribute.
example: STRING
type: string
enum:
- STRING
- LONG
- INT
- BOOLEAN
schema:
description: A reference to the schema on the source to the attribute values map to.
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: The object ID this reference applies to.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The human-readable display name of the object.
example: group
description:
type: string
description: A human-readable description of the attribute.
example: SAM Account Name
isMulti:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
example: false
default: false
isEntitlement:
type: boolean
description: Flag indicating whether or not the attribute is an entitlement.
example: false
default: false
isGroup:
type: boolean
description: |
Flag indicating whether or not the attribute represents a group.
This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..
example: false
default: false
example:
- name: sAMAccountName
type: STRING
isMultiValued: false
isEntitlement: false
isGroup: false
- name: memberOf
type: STRING
schema:
type: CONNECTOR_SCHEMA
id: 2c9180887671ff8c01767b4671fc7d60
name: group
description: Group membership
isMultiValued: true
isEntitlement: true
isGroup: true
created:
type: string
description: The date the Schema was created.
format: date-time
example: '2019-12-24T22:32:58.104Z'
modified:
type: string
description: The date the Schema was last modified.
format: date-time
example: '2019-12-31T20:22:28.104Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: updateSourceSchema
tags:
- Sources
summary: Update Source Schema (Partial)
description: |
Use this API to selectively update an existing Schema using a JSONPatch payload.
The following schema fields are immutable and cannot be updated:
- id
- name
- created
- modified
To switch an account attribute to a group entitlement, you need to have the following in place:
- `isEntitlement: true`
- Must define a schema for the group and [add it to the source](https://developer.sailpoint.com/idn/api/v3/create-source-schema) before updating the `isGroup` flag. For example, here is the `group` account attribute referencing a schema that defines the group:
```json
{
"name": "groups",
"type": "STRING",
"schema": {
"type": "CONNECTOR_SCHEMA",
"id": "2c9180887671ff8c01767b4671fc7d60",
"name": "group"
},
"description": "The groups, roles etc. that reference account group objects",
"isMulti": true,
"isEntitlement": true,
"isGroup": true
}
```
parameters:
- in: path
name: sourceId
required: true
schema:
type: string
description: The Source id.
example: 2c9180835d191a86015d28455b4a2329
- in: path
name: schemaId
schema:
type: string
required: true
description: The Schema id.
example: 2c9180835d191a86015d28455b4a2329
requestBody:
required: true
description: The JSONPatch payload used to update the schema.
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
examples:
add-attribute:
summary: Add an attribute to the end of the list
value:
- op: add
path: /attributes/-
value:
name: location
type: STRING
schema: null
description: Employee location
isMulti: false
isEntitlement: false
isGroup: false
responses:
'200':
description: The Schema was successfully updated.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The id of the Schema.
example: 2c9180835d191a86015d28455b4a2329
name:
type: string
description: The name of the Schema.
example: account
nativeObjectType:
type: string
description: The name of the object type on the native system that the schema represents.
example: User
identityAttribute:
type: string
description: The name of the attribute used to calculate the unique identifier for an object in the schema.
example: sAMAccountName
displayAttribute:
type: string
description: The name of the attribute used to calculate the display value for an object in the schema.
example: distinguishedName
hierarchyAttribute:
type: string
description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
example: memberOf
includePermissions:
type: boolean
description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
example: false
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
configuration:
type: object
description: Holds any extra configuration data that the schema may require.
example:
groupMemberAttribute: member
attributes:
type: array
description: The attribute definitions which form the schema.
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: sAMAccountName
type:
description: The type of the attribute.
example: STRING
type: string
enum:
- STRING
- LONG
- INT
- BOOLEAN
schema:
description: A reference to the schema on the source to the attribute values map to.
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: The object ID this reference applies to.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The human-readable display name of the object.
example: group
description:
type: string
description: A human-readable description of the attribute.
example: SAM Account Name
isMulti:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
example: false
default: false
isEntitlement:
type: boolean
description: Flag indicating whether or not the attribute is an entitlement.
example: false
default: false
isGroup:
type: boolean
description: |
Flag indicating whether or not the attribute represents a group.
This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..
example: false
default: false
example:
- name: sAMAccountName
type: STRING
isMultiValued: false
isEntitlement: false
isGroup: false
- name: memberOf
type: STRING
schema:
type: CONNECTOR_SCHEMA
id: 2c9180887671ff8c01767b4671fc7d60
name: group
description: Group membership
isMultiValued: true
isEntitlement: true
isGroup: true
created:
type: string
description: The date the Schema was created.
format: date-time
example: '2019-12-24T22:32:58.104Z'
modified:
type: string
description: The date the Schema was last modified.
format: date-time
example: '2019-12-31T20:22:28.104Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteSourceSchema
tags:
- Sources
summary: Delete Source Schema by ID
parameters:
- in: path
name: sourceId
required: true
schema:
type: string
description: The Source id.
example: 2c9180835d191a86015d28455b4a2329
- in: path
name: schemaId
schema:
type: string
required: true
description: The Schema id.
example: 2c9180835d191a86015d28455b4a2329
responses:
'204':
description: The Schema was successfully deleted.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{sourceId}/source-health':
get:
operationId: getSourceHealth
security:
- UserContextAuth:
- 'idn:sources:read'
tags:
- Sources
summary: Fetches source health by id
description: This endpoint fetches source health by source's id
parameters:
- in: path
name: sourceId
required: true
schema:
type: string
description: The Source id.
example: 2c9180835d191a86015d28455b4a2329
responses:
'200':
description: Fetched source health successfully
content:
application/json:
schema:
type: object
description: Dto for source health data
properties:
id:
type: string
readOnly: true
description: the id of the Source
example: 2c91808568c529c60168cca6f90c1324
type:
type: string
description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. '
example: OpenLDAP - Direct
name:
type: string
description: the name of the source
example: Source1234
org:
type: string
description: source's org
example: denali-cjh
isAuthoritative:
type: boolean
example: false
description: Is the source authoritative
isCluster:
type: boolean
example: false
description: Is the source in a cluster
hostname:
type: string
example: megapod-useast1-secret-hostname.sailpoint.com
description: source's hostname
pod:
type: string
description: source's pod
example: megapod-useast1
iqServiceVersion:
type: string
description: The version of the iqService
example: iqVersion123
status:
type: string
enum:
- SOURCE_STATE_ERROR_CLUSTER
- SOURCE_STATE_ERROR_SOURCE
- SOURCE_STATE_ERROR_VA
- SOURCE_STATE_FAILURE_CLUSTER
- SOURCE_STATE_FAILURE_SOURCE
- SOURCE_STATE_HEALTHY
- SOURCE_STATE_UNCHECKED_CLUSTER
- SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES
- SOURCE_STATE_UNCHECKED_SOURCE
- SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS
description: connection test result
example: SOURCE_STATE_UNCHECKED_SOURCE
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{id}/schemas/accounts':
get:
tags:
- Sources
summary: Downloads source accounts schema template
description: |-
This API downloads the CSV schema that defines the account attributes on a source.
>**NOTE: This API is designated only for Delimited File sources.**
operationId: getAccountsSchema
parameters:
- in: path
name: id
required: true
schema:
type: string
description: The Source id
example: 8c190e6787aa4ed9a90bd9d5344523fb
responses:
'200':
description: Successfully downloaded the file
content:
text/csv:
example: 'id,name,givenName,familyName,e-mail,location,manager,groups,startDate,endDate'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:source-schema:read'
post:
tags:
- Sources
summary: Uploads source accounts schema template
description: |-
This API uploads a source schema template file to configure a source's account attributes.
To retrieve the file to modify and upload, log into Identity Now.
Click **Admin** -> **Connections** -> **Sources** -> **`{SourceName}`** -> **Import Data** -> **Account Schema** -> **Options** -> **Download Schema**
>**NOTE: This API is designated only for Delimited File sources.**
operationId: importAccountsSchema
parameters:
- in: path
name: id
required: true
schema:
type: string
description: The Source id
example: 8c190e6787aa4ed9a90bd9d5344523fb
requestBody:
required: true
content:
multipart/form-data:
schema:
type: object
properties:
file:
type: string
format: binary
responses:
'200':
description: Successfully uploaded the file
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The id of the Schema.
example: 2c9180835d191a86015d28455b4a2329
name:
type: string
description: The name of the Schema.
example: account
nativeObjectType:
type: string
description: The name of the object type on the native system that the schema represents.
example: User
identityAttribute:
type: string
description: The name of the attribute used to calculate the unique identifier for an object in the schema.
example: sAMAccountName
displayAttribute:
type: string
description: The name of the attribute used to calculate the display value for an object in the schema.
example: distinguishedName
hierarchyAttribute:
type: string
description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
example: memberOf
includePermissions:
type: boolean
description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
example: false
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
configuration:
type: object
description: Holds any extra configuration data that the schema may require.
example:
groupMemberAttribute: member
attributes:
type: array
description: The attribute definitions which form the schema.
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: sAMAccountName
type:
description: The type of the attribute.
example: STRING
type: string
enum:
- STRING
- LONG
- INT
- BOOLEAN
schema:
description: A reference to the schema on the source to the attribute values map to.
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: The object ID this reference applies to.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The human-readable display name of the object.
example: group
description:
type: string
description: A human-readable description of the attribute.
example: SAM Account Name
isMulti:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
example: false
default: false
isEntitlement:
type: boolean
description: Flag indicating whether or not the attribute is an entitlement.
example: false
default: false
isGroup:
type: boolean
description: |
Flag indicating whether or not the attribute represents a group.
This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..
example: false
default: false
example:
- name: sAMAccountName
type: STRING
isMultiValued: false
isEntitlement: false
isGroup: false
- name: memberOf
type: STRING
schema:
type: CONNECTOR_SCHEMA
id: 2c9180887671ff8c01767b4671fc7d60
name: group
description: Group membership
isMultiValued: true
isEntitlement: true
isGroup: true
created:
type: string
description: The date the Schema was created.
format: date-time
example: '2019-12-24T22:32:58.104Z'
modified:
type: string
description: The date the Schema was last modified.
format: date-time
example: '2019-12-31T20:22:28.104Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:source-schema:manage'
'/sources/{id}/schemas/entitlements':
get:
tags:
- Sources
summary: Downloads source entitlements schema template
description: |-
This API downloads the CSV schema that defines the entitlement attributes on a source.
>**NOTE: This API is designated only for Delimited File sources.**
operationId: getEntitlementsSchema
parameters:
- in: path
name: id
required: true
schema:
type: string
description: The Source id
example: 8c190e6787aa4ed9a90bd9d5344523fb
- in: query
name: schemaName
schema:
type: string
description: Name of entitlement schema
example: '?schemaName=group'
responses:
'200':
description: Successfully downloaded the file
content:
text/csv:
example: 'id,name,displayName,created,description,modified,entitlements,groups,permissions'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:source-schema:read'
post:
tags:
- Sources
summary: Uploads source entitlements schema template
description: |-
This API uploads a source schema template file to configure a source's entitlement attributes.
To retrieve the file to modify and upload, log into Identity Now.
Click **Admin** -> **Connections** -> **Sources** -> **`{SourceName}`** -> **Import Data** -> **Import Entitlements** -> **Download**
>**NOTE: This API is designated only for Delimited File sources.**
operationId: importEntitlementsSchema
parameters:
- in: path
name: id
required: true
schema:
type: string
description: The Source id
example: 8c190e6787aa4ed9a90bd9d5344523fb
- in: query
name: schemaName
schema:
type: string
description: Name of entitlement schema
example: '?schemaName=group'
requestBody:
required: true
content:
multipart/form-data:
schema:
type: object
properties:
file:
type: string
format: binary
responses:
'200':
description: Successfully uploaded the file
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The id of the Schema.
example: 2c9180835d191a86015d28455b4a2329
name:
type: string
description: The name of the Schema.
example: account
nativeObjectType:
type: string
description: The name of the object type on the native system that the schema represents.
example: User
identityAttribute:
type: string
description: The name of the attribute used to calculate the unique identifier for an object in the schema.
example: sAMAccountName
displayAttribute:
type: string
description: The name of the attribute used to calculate the display value for an object in the schema.
example: distinguishedName
hierarchyAttribute:
type: string
description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
example: memberOf
includePermissions:
type: boolean
description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
example: false
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
configuration:
type: object
description: Holds any extra configuration data that the schema may require.
example:
groupMemberAttribute: member
attributes:
type: array
description: The attribute definitions which form the schema.
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: sAMAccountName
type:
description: The type of the attribute.
example: STRING
type: string
enum:
- STRING
- LONG
- INT
- BOOLEAN
schema:
description: A reference to the schema on the source to the attribute values map to.
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: The object ID this reference applies to.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The human-readable display name of the object.
example: group
description:
type: string
description: A human-readable description of the attribute.
example: SAM Account Name
isMulti:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
example: false
default: false
isEntitlement:
type: boolean
description: Flag indicating whether or not the attribute is an entitlement.
example: false
default: false
isGroup:
type: boolean
description: |
Flag indicating whether or not the attribute represents a group.
This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..
example: false
default: false
example:
- name: sAMAccountName
type: STRING
isMultiValued: false
isEntitlement: false
isGroup: false
- name: memberOf
type: STRING
schema:
type: CONNECTOR_SCHEMA
id: 2c9180887671ff8c01767b4671fc7d60
name: group
description: Group membership
isMultiValued: true
isEntitlement: true
isGroup: true
created:
type: string
description: The date the Schema was created.
format: date-time
example: '2019-12-24T22:32:58.104Z'
modified:
type: string
description: The date the Schema was last modified.
format: date-time
example: '2019-12-31T20:22:28.104Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:source-schema:manage'
'/sources/{sourceId}/upload-connector-file':
post:
operationId: importConnectorFile
security:
- UserContextAuth:
- 'idn:sources-admin:manage'
tags:
- Sources
summary: Upload connector file to source
parameters:
- in: path
name: sourceId
required: true
schema:
type: string
description: The Source id.
example: 2c9180835d191a86015d28455b4a2329
description: |-
This uploads a supplemental source connector file (like jdbc driver jars) to a source's S3 bucket. This also sends ETS and Audit events.
A token with ORG_ADMIN authority is required to call this API.
requestBody:
required: true
content:
multipart/form-data:
schema:
type: object
properties:
file:
type: string
format: binary
responses:
'200':
description: Uploaded the file successfully and sent all post-upload events
content:
application/json:
schema:
type: object
properties:
id:
type: string
readOnly: true
description: the id of the Source
example: 2c91808568c529c60168cca6f90c1324
name:
type: string
description: Human-readable name of the source
example: My Source
description:
type: string
description: Human-readable description of the source
example: This is the corporate directory.
owner:
description: Reference to an owning Identity Object
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of the identity
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the identity
example: MyName
cluster:
description: Reference to the associated Cluster
type: object
nullable: true
required:
- name
- id
- type
properties:
type:
description: The type of object being referenced
type: string
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: ID of the cluster
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Human-readable display name of the cluster
example: Corporate Cluster
accountCorrelationConfig:
description: Reference to an Account Correlation Config object
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
example: ACCOUNT_CORRELATION_CONFIG
id:
type: string
description: ID of the account correlation config
example: 2c9180855d191c59015d28583727245a
name:
type: string
description: Human-readable display name of the account correlation config
example: 'Directory [source-62867] Account Correlation'
accountCorrelationRule:
description: 'Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can''t be used.'
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- RULE
example: RULE
id:
type: string
description: ID of the rule
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Human-readable display name of the rule
example: Example Rule
managerCorrelationMapping:
allOf:
- type: object
properties:
accountAttributeName:
type: string
description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
example: manager
identityAttributeName:
type: string
description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
example: manager
- nullable: true
description: |
Filter Object used during manager correlation to match incoming manager values to an existing manager's
Account/Identity
managerCorrelationRule:
description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.'
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- RULE
example: RULE
id:
type: string
description: ID of the rule
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Human-readable display name of the rule
example: Example Rule
beforeProvisioningRule:
description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- RULE
example: RULE
id:
type: string
description: ID of the rule
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Human-readable display name of the rule
example: Example Rule
schemas:
type: array
items:
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: ID of the schema
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Human-readable display name of the schema
example: MySchema
description: List of references to Schema objects
example:
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232a
name: account
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232b
name: group
passwordPolicies:
type: array
nullable: true
items:
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- PASSWORD_POLICY
example: PASSWORD_POLICY
id:
type: string
description: ID of the policy
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Human-readable display name of the policy
example: My Password Policy
description: List of references to the associated PasswordPolicy objects.
example:
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb053980
name: Corporate Password Policy
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb057777
name: Vendor Password Policy
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
type:
type: string
description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. '
example: OpenLDAP - Direct
connector:
type: string
description: Connector script name.
example: active-directory
connectorClass:
type: string
description: The fully qualified name of the Java class that implements the connector interface.
example: sailpoint.connector.LDAPConnector
connectorAttributes:
type: object
description: Connector specific configuration; will differ from type to type.
example:
healthCheckTimeout: 30
authSearchAttributes:
- cn
- uid
- mail
deleteThreshold:
type: integer
format: int32
description: Number from 0 to 100 that specifies when to skip the delete phase.
example: 10
authoritative:
type: boolean
description: When true indicates the source is referenced by an IdentityProfile.
default: false
example: false
managementWorkgroup:
description: Reference to Management Workgroup for this Source
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- GOVERNANCE_GROUP
example: GOVERNANCE_GROUP
id:
type: string
description: ID of the management workgroup
example: 2c91808568c529c60168cca6f90c2222
name:
type: string
description: Human-readable display name of the management workgroup
example: My Management Workgroup
healthy:
type: boolean
description: When true indicates a healthy source
default: false
example: true
status:
type: string
description: 'A status identifier, giving specific information on why a source is healthy or not'
example: SOURCE_STATE_HEALTHY
since:
type: string
description: Timestamp showing when a source health check was last performed
example: '2021-09-28T15:48:29.3801666300Z'
connectorId:
type: string
description: The id of connector
example: active-directory
connectorName:
type: string
description: The name of the connector that was chosen on source creation
example: Active Directory
connectionType:
type: string
description: The type of connection (direct or file)
example: file
connectorImplementationId:
type: string
description: The connector implementation id
example: delimited-file
created:
type: string
description: The date-time when the source was created
format: date-time
example: 2022-02-08T14:50:03.827Z
modified:
type: string
description: The date-time when the source was last modified
format: date-time
example: 2024-01-23T18:08:50.897Z
credentialProviderEnabled:
type: boolean
description: Enables credential provider for this source. If credentialProvider is turned on then source can use credential provider(s) to fetch credentials.
default: false
example: false
category:
type: string
nullable: true
default: null
description: 'The category of source (e.g. null, CredentialProvider)'
example: CredentialProvider
required:
- name
- owner
- connector
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/tagged-objects:
get:
operationId: listTaggedObjects
security:
- UserContextAuth:
- 'idn:tag:read'
- 'idn:tag:manage'
tags:
- Tagged Objects
summary: List Tagged Objects
description: |-
This API returns a list of all tagged objects.
Any authenticated token may be used to call this API.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**objectRef.id**: *eq, in*
**objectRef.type**: *eq, in*
**tagName**: *eq, in*
example: tagName eq "BU_FINANCE"
required: false
responses:
'200':
description: List of all tagged objects.
content:
application/json:
schema:
type: array
items:
type: object
description: Tagged object.
properties:
objectRef:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
example: IDENTITY
description: DTO type
id:
type: string
description: ID of the object this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
nullable: true
description: Human-readable display name of the object this reference applies to
example: William Wilson
tags:
type: array
items:
type: string
description: Labels to be applied to an Object
example:
- BU_FINANCE
- PCI
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: setTagToObject
security:
- UserContextAuth:
- 'idn:tag:manage'
tags:
- Tagged Objects
summary: Add Tag to Object
description: |-
This adds a tag to an object.
Any authenticated token may be used to call this API.
requestBody:
required: true
content:
application/json:
schema:
type: object
description: Tagged object.
properties:
objectRef:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
example: IDENTITY
description: DTO type
id:
type: string
description: ID of the object this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
nullable: true
description: Human-readable display name of the object this reference applies to
example: William Wilson
tags:
type: array
items:
type: string
description: Labels to be applied to an Object
example:
- BU_FINANCE
- PCI
responses:
'201':
description: Created.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/tagged-objects/{type}':
get:
operationId: listTaggedObjectsByType
security:
- UserContextAuth:
- 'idn:tag:read'
- 'idn:tag:manage'
tags:
- Tagged Objects
summary: List Tagged Objects by Type
description: |-
This API returns a list of all tagged objects by type.
Any authenticated token may be used to call this API.
parameters:
- in: path
name: type
schema:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
required: true
description: The type of tagged object to retrieve.
example: ROLE
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**objectRef.id**: *eq*
**objectRef.type**: *eq*
example: objectRef.id eq "2c91808568c529c60168cca6f90c1313"
required: false
responses:
'200':
description: List of all tagged objects for specified type.
content:
application/json:
schema:
type: array
items:
type: object
description: Tagged object.
properties:
objectRef:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
example: IDENTITY
description: DTO type
id:
type: string
description: ID of the object this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
nullable: true
description: Human-readable display name of the object this reference applies to
example: William Wilson
tags:
type: array
items:
type: string
description: Labels to be applied to an Object
example:
- BU_FINANCE
- PCI
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/tagged-objects/{type}/{id}':
get:
operationId: getTaggedObject
security:
- UserContextAuth:
- 'idn:tag:read'
- 'idn:tag:manage'
tags:
- Tagged Objects
summary: Get Tagged Object
description: This gets a tagged object for the specified type.
parameters:
- in: path
name: type
schema:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
required: true
description: The type of tagged object to retrieve.
example: ROLE
- in: path
name: id
schema:
type: string
required: true
description: The ID of the object reference to retrieve.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: Tagged object by type and ID.
content:
application/json:
schema:
type: object
description: Tagged object.
properties:
objectRef:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
example: IDENTITY
description: DTO type
id:
type: string
description: ID of the object this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
nullable: true
description: Human-readable display name of the object this reference applies to
example: William Wilson
tags:
type: array
items:
type: string
description: Labels to be applied to an Object
example:
- BU_FINANCE
- PCI
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putTaggedObject
security:
- UserContextAuth:
- 'idn:tag:manage'
tags:
- Tagged Objects
summary: Update Tagged Object
description: This updates a tagged object for the specified type.
parameters:
- in: path
name: type
schema:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
required: true
description: The type of tagged object to update.
example: ROLE
- in: path
name: id
schema:
type: string
required: true
description: The ID of the object reference to update.
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
type: object
description: Tagged object.
properties:
objectRef:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
example: IDENTITY
description: DTO type
id:
type: string
description: ID of the object this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
nullable: true
description: Human-readable display name of the object this reference applies to
example: William Wilson
tags:
type: array
items:
type: string
description: Labels to be applied to an Object
example:
- BU_FINANCE
- PCI
responses:
'200':
description: Tagged object by type and ID.
content:
application/json:
schema:
type: object
description: Tagged object.
properties:
objectRef:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
example: IDENTITY
description: DTO type
id:
type: string
description: ID of the object this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
nullable: true
description: Human-readable display name of the object this reference applies to
example: William Wilson
tags:
type: array
items:
type: string
description: Labels to be applied to an Object
example:
- BU_FINANCE
- PCI
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteTaggedObject
security:
- UserContextAuth:
- 'idn:tag:manage'
tags:
- Tagged Objects
summary: Delete Tagged Object
description: This deletes a tagged object for the specified type.
parameters:
- in: path
name: type
schema:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
required: true
description: The type of tagged object to delete.
example: ROLE
- in: path
name: id
schema:
type: string
required: true
description: The ID of the object reference to delete.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'204':
description: No content.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/tagged-objects/bulk-add:
post:
operationId: setTagsToManyObjects
security:
- UserContextAuth:
- 'idn:tag:manage'
tags:
- Tagged Objects
summary: Tag Multiple Objects
description: |-
This API adds tags to multiple objects.
A token with API, CERT_ADMIN, ORG_ADMIN, REPORT_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
requestBody:
required: true
description: 'Supported object types are ACCESS_PROFILE, APPLICATION, CAMPAIGN, ENTITLEMENT, IDENTITY, ROLE, SOD_POLICY, SOURCE.'
content:
application/json:
schema:
type: object
properties:
objectRefs:
type: array
items:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
example: IDENTITY
description: DTO type
id:
type: string
description: ID of the object this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
nullable: true
description: Human-readable display name of the object this reference applies to
example: William Wilson
tags:
type: array
items:
type: string
description: Label to be applied to an Object
example:
- BU_FINANCE
- PCI
operation:
type: string
enum:
- APPEND
- MERGE
default: APPEND
description: |-
If APPEND, tags are appended to the list of tags for the object. A 400 error is returned if this would add duplicate tags to the object.
If MERGE, tags are merged with the existing tags. Duplicate tags are silently ignored.
example: MERGE
responses:
'200':
description: Request succeeded.
content:
application/json:
schema:
type: object
properties:
objectRefs:
type: array
items:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
example: IDENTITY
description: DTO type
id:
type: string
description: ID of the object this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
nullable: true
description: Human-readable display name of the object this reference applies to
example: William Wilson
tags:
type: array
items:
type: string
description: Label to be applied to an Object
example:
- BU_FINANCE
- PCI
operation:
type: string
enum:
- APPEND
- MERGE
default: APPEND
description: |-
If APPEND, tags are appended to the list of tags for the object. A 400 error is returned if this would add duplicate tags to the object.
If MERGE, tags are merged with the existing tags. Duplicate tags are silently ignored.
example: MERGE
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/tagged-objects/bulk-remove:
post:
operationId: deleteTagsToManyObject
security:
- UserContextAuth:
- 'idn:tag:manage'
tags:
- Tagged Objects
summary: Remove Tags from Multiple Objects
description: |-
This API removes tags from multiple objects.
A token with API, CERT_ADMIN, ORG_ADMIN, REPORT_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
requestBody:
description: 'Supported object types are ACCESS_PROFILE, APPLICATION, CAMPAIGN, ENTITLEMENT, IDENTITY, ROLE, SOD_POLICY, SOURCE.'
required: true
content:
application/json:
schema:
type: object
properties:
objectRefs:
type: array
items:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
example: IDENTITY
description: DTO type
id:
type: string
description: ID of the object this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
nullable: true
description: Human-readable display name of the object this reference applies to
example: William Wilson
tags:
type: array
items:
type: string
description: Label to be applied to an Object
example:
- BU_FINANCE
- PCI
operation:
type: string
enum:
- APPEND
- MERGE
default: APPEND
description: |-
If APPEND, tags are appended to the list of tags for the object. A 400 error is returned if this would add duplicate tags to the object.
If MERGE, tags are merged with the existing tags. Duplicate tags are silently ignored.
example: MERGE
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/transforms:
get:
tags:
- Transforms
summary: List transforms
description: |-
Gets a list of all saved transform objects.
A token with transforms-list read authority is required to call this API.
operationId: listTransforms
parameters:
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- name: name
in: query
description: Name of the transform to retrieve from the list.
required: false
style: form
schema:
type: string
example: ExampleTransformName123
- name: filters
in: query
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**internal**: *eq*
**name**: *eq, sw*
required: false
style: form
explode: true
example: name eq "Uppercase"
schema:
type: string
responses:
'200':
description: A list of transforms matching the given criteria.
content:
application/json:
schema:
type: array
items:
allOf:
- type: object
description: The representation of an internally- or customer-defined transform.
required:
- name
- type
- attributes
properties:
name:
type: string
description: Unique name of this transform
example: Timestamp To Date
minLength: 1
maxLength: 50
type:
type: string
description: The type of transform operation
enum:
- accountAttribute
- base64Decode
- base64Encode
- concat
- conditional
- dateCompare
- dateFormat
- dateMath
- decomposeDiacriticalMarks
- e164phone
- firstValid
- rule
- identityAttribute
- indexOf
- iso3166
- lastIndexOf
- leftPad
- lookup
- lower
- normalizeNames
- randomAlphaNumeric
- randomNumeric
- reference
- replaceAll
- replace
- rightPad
- split
- static
- substring
- trim
- upper
- usernameGenerator
- uuid
- displayName
- rfc5646
example: dateFormat
externalDocs:
description: Transform Operations
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations'
attributes:
nullable: true
description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed.
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Decode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Encode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: concat
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of items to join together
example:
- John
- ' '
- Smith
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: conditional
type: object
required:
- expression
- positiveCondition
- negativeCondition
properties:
expression:
type: string
description: |-
A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms.
The `eq` operator is the only valid comparison
example: ValueA eq ValueB
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: 'false'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateCompare
type: object
required:
- firstDate
- secondDate
- operator
- positiveCondition
- negativeCondition
properties:
firstDate:
description: This is the first date to consider (The date that would be on the left hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
secondDate:
description: This is the second date to consider (The date that would be on the right hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
operator:
type: string
description: |
This is the comparison to perform.
| Operation | Description |
| --------- | ------- |
| LT | Strictly less than: firstDate < secondDate |
| LTE | Less than or equal to: firstDate <= secondDate |
| GT | Strictly greater than: firstDate > secondDate |
| GTE | Greater than or equal to: firstDate >= secondDate |
enum:
- LT
- LTE
- GT
- GTE
example: LT
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateMath
type: object
required:
- expression
properties:
expression:
type: string
description: |
A string value of the date and time components to operation on, along with the math operations to execute.
externalDocs:
description: Date Math Expressions
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure'
example: now+1w
roundUp:
type: boolean
description: |
A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression.
If not provided, the transform will default to `false`
`true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)
`false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated)
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: decomposeDiacriticalMarks
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: e164phone
type: object
properties:
defaultRegion:
type: string
description: |
This is an optional attribute that can be used to define the region of the phone number to format into.
If defaultRegion is not provided, it will take US as the default country.
The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)
example: US
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: firstValid
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of attributes to evaluate for existence.
example:
- attributes:
sourceName: Active Directory
attributeName: sAMAccountName
type: accountAttribute
- attributes:
sourceName: Okta
attributeName: login
type: accountAttribute
- attributes:
sourceName: HR Source
attributeName: employeeID
type: accountAttribute
ignoreErrors:
type: boolean
description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: rule
oneOf:
- type: object
required:
- name
properties:
name:
type: string
description: This is the name of the Generic rule that needs to be invoked by the transform
example: Generic Calculation Rule
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- type: object
required:
- name
- operation
- includeNumbers
- includeSpecialChars
- length
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `generateRandomString`
example: generateRandomString
includeNumbers:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include numbers
example: true
includeSpecialChars:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include special characters
example: true
length:
type: string
description: |
This specifies how long the randomly generated string needs to be
>NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- type: object
required:
- name
- operation
- uid
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `getReferenceIdentityAttribute`
example: getReferenceIdentityAttribute
uid:
type: string
description: |
This is the SailPoint User Name (uid) value of the identity whose attribute is desired
As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute.
example: 2c91808570313110017040b06f344ec9
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- title: identityAttribute
type: object
required:
- name
properties:
name:
type: string
description: The system (camel-cased) name of the identity attribute to bring in
example: email
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: indexOf
type: object
required:
- substring
properties:
substring:
type: string
description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.'
example: admin_
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: iso3166
type: object
properties:
format:
type: string
description: |
An optional value to denote which ISO 3166 format to return. Valid values are:
`alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied
`alpha3` - Three-character country code (e.g., "USA")
`numeric` - The numeric country code (e.g., "840")
example: alpha2
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: leftPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lookup
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: |
This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched
>**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform.
example:
USA: Americas
FRA: EMEA
AUS: APAC
default: Unknown Region
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lower
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: nameNormalizer
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomAlphaNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: reference
type: object
required:
- id
properties:
id:
type: string
description: This ID specifies the name of the pre-existing transform which you want to use within your current transform
example: Existing Transform
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replaceAll
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.'
example:
'-': ' '
'"': ''''
ñ: 'n'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replace
type: object
required:
- regex
- replacement
properties:
regex:
type: string
description: This can be a string or a regex pattern in which you want to replace.
example: '[^a-zA-Z]'
externalDocs:
description: Regex Builder
url: 'https://regex101.com/'
replacement:
type: string
description: This is the replacement string that should be substituded wherever the string or pattern is found.
example: ' '
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: rightPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: split
type: object
required:
- delimiter
- index
properties:
delimiter:
type: string
description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data'
example: ','
index:
type: string
description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.'
example: '5'
throws:
type: boolean
description: |
A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)
`true` - The transform should return "IndexOutOfBoundsException"
`false` - The transform should return null
If not provided, the transform will default to false and return a null
example: true
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: static
type: object
required:
- values
properties:
values:
type: string
description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.'
example: string$variable
externalDocs:
description: Static Transform Documentation
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: substring
type: object
required:
- begin
properties:
begin:
type: integer
description: |
The index of the first character to include in the returned substring.
If `begin` is set to -1, the transform will begin at character 0 of the input data
example: 1
format: int32
beginOffset:
type: integer
description: |
This integer value is the number of characters to add to the begin attribute when returning a substring.
This attribute is only used if begin is not -1.
example: 3
format: int32
end:
type: integer
description: |
The index of the first character to exclude from the returned substring.
If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.
example: 6
format: int32
endOffset:
type: integer
description: |
This integer value is the number of characters to add to the end attribute when returning a substring.
This attribute is only used if end is provided and is not -1.
example: 1
format: int32
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: trim
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: upper
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: uuid
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- type: object
required:
- id
- internal
properties:
id:
type: string
description: Unique ID of this transform
example: 2cd78adghjkja34jh2b1hkjhasuecd
internal:
type: boolean
description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform
example: false
default: false
example:
- id: 2cd78adghjkja34jh2b1hkjhasuecd
name: Timestamp To Date
type: dateFormat
attributes:
inputFormat: 'MMM-dd-yyyy, HH:mm:ss.SSS'
outputFormat: yyyy/dd/MM
internal: false
- id: 2lkas8dhj4bkuakja77giih7l4ashh
name: PrefixSubstring
type: substring
attributes:
begin: 0
end: 3
internal: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:transform:read'
- 'idn:transform:manage'
post:
tags:
- Transforms
summary: Create transform
description: 'Creates a new transform object immediately. By default, the internal flag is set to false to indicate that this is a custom transform. Only SailPoint employees have the ability to create a transform with internal set to true. Newly created Transforms can be used in the Identity Profile mappings within the UI. A token with transform write authority is required to call this API.'
operationId: createTransform
requestBody:
required: true
description: The transform to be created.
content:
application/json:
schema:
type: object
description: The representation of an internally- or customer-defined transform.
required:
- name
- type
- attributes
properties:
name:
type: string
description: Unique name of this transform
example: Timestamp To Date
minLength: 1
maxLength: 50
type:
type: string
description: The type of transform operation
enum:
- accountAttribute
- base64Decode
- base64Encode
- concat
- conditional
- dateCompare
- dateFormat
- dateMath
- decomposeDiacriticalMarks
- e164phone
- firstValid
- rule
- identityAttribute
- indexOf
- iso3166
- lastIndexOf
- leftPad
- lookup
- lower
- normalizeNames
- randomAlphaNumeric
- randomNumeric
- reference
- replaceAll
- replace
- rightPad
- split
- static
- substring
- trim
- upper
- usernameGenerator
- uuid
- displayName
- rfc5646
example: dateFormat
externalDocs:
description: Transform Operations
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations'
attributes:
nullable: true
description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed.
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Decode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Encode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: concat
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of items to join together
example:
- John
- ' '
- Smith
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: conditional
type: object
required:
- expression
- positiveCondition
- negativeCondition
properties:
expression:
type: string
description: |-
A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms.
The `eq` operator is the only valid comparison
example: ValueA eq ValueB
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: 'false'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateCompare
type: object
required:
- firstDate
- secondDate
- operator
- positiveCondition
- negativeCondition
properties:
firstDate:
description: This is the first date to consider (The date that would be on the left hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
secondDate:
description: This is the second date to consider (The date that would be on the right hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
operator:
type: string
description: |
This is the comparison to perform.
| Operation | Description |
| --------- | ------- |
| LT | Strictly less than: firstDate < secondDate |
| LTE | Less than or equal to: firstDate <= secondDate |
| GT | Strictly greater than: firstDate > secondDate |
| GTE | Greater than or equal to: firstDate >= secondDate |
enum:
- LT
- LTE
- GT
- GTE
example: LT
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateMath
type: object
required:
- expression
properties:
expression:
type: string
description: |
A string value of the date and time components to operation on, along with the math operations to execute.
externalDocs:
description: Date Math Expressions
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure'
example: now+1w
roundUp:
type: boolean
description: |
A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression.
If not provided, the transform will default to `false`
`true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)
`false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated)
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: decomposeDiacriticalMarks
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: e164phone
type: object
properties:
defaultRegion:
type: string
description: |
This is an optional attribute that can be used to define the region of the phone number to format into.
If defaultRegion is not provided, it will take US as the default country.
The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)
example: US
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: firstValid
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of attributes to evaluate for existence.
example:
- attributes:
sourceName: Active Directory
attributeName: sAMAccountName
type: accountAttribute
- attributes:
sourceName: Okta
attributeName: login
type: accountAttribute
- attributes:
sourceName: HR Source
attributeName: employeeID
type: accountAttribute
ignoreErrors:
type: boolean
description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: rule
oneOf:
- type: object
required:
- name
properties:
name:
type: string
description: This is the name of the Generic rule that needs to be invoked by the transform
example: Generic Calculation Rule
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- type: object
required:
- name
- operation
- includeNumbers
- includeSpecialChars
- length
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `generateRandomString`
example: generateRandomString
includeNumbers:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include numbers
example: true
includeSpecialChars:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include special characters
example: true
length:
type: string
description: |
This specifies how long the randomly generated string needs to be
>NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- type: object
required:
- name
- operation
- uid
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `getReferenceIdentityAttribute`
example: getReferenceIdentityAttribute
uid:
type: string
description: |
This is the SailPoint User Name (uid) value of the identity whose attribute is desired
As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute.
example: 2c91808570313110017040b06f344ec9
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- title: identityAttribute
type: object
required:
- name
properties:
name:
type: string
description: The system (camel-cased) name of the identity attribute to bring in
example: email
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: indexOf
type: object
required:
- substring
properties:
substring:
type: string
description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.'
example: admin_
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: iso3166
type: object
properties:
format:
type: string
description: |
An optional value to denote which ISO 3166 format to return. Valid values are:
`alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied
`alpha3` - Three-character country code (e.g., "USA")
`numeric` - The numeric country code (e.g., "840")
example: alpha2
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: leftPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lookup
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: |
This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched
>**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform.
example:
USA: Americas
FRA: EMEA
AUS: APAC
default: Unknown Region
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lower
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: nameNormalizer
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomAlphaNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: reference
type: object
required:
- id
properties:
id:
type: string
description: This ID specifies the name of the pre-existing transform which you want to use within your current transform
example: Existing Transform
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replaceAll
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.'
example:
'-': ' '
'"': ''''
ñ: 'n'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replace
type: object
required:
- regex
- replacement
properties:
regex:
type: string
description: This can be a string or a regex pattern in which you want to replace.
example: '[^a-zA-Z]'
externalDocs:
description: Regex Builder
url: 'https://regex101.com/'
replacement:
type: string
description: This is the replacement string that should be substituded wherever the string or pattern is found.
example: ' '
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: rightPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: split
type: object
required:
- delimiter
- index
properties:
delimiter:
type: string
description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data'
example: ','
index:
type: string
description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.'
example: '5'
throws:
type: boolean
description: |
A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)
`true` - The transform should return "IndexOutOfBoundsException"
`false` - The transform should return null
If not provided, the transform will default to false and return a null
example: true
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: static
type: object
required:
- values
properties:
values:
type: string
description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.'
example: string$variable
externalDocs:
description: Static Transform Documentation
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: substring
type: object
required:
- begin
properties:
begin:
type: integer
description: |
The index of the first character to include in the returned substring.
If `begin` is set to -1, the transform will begin at character 0 of the input data
example: 1
format: int32
beginOffset:
type: integer
description: |
This integer value is the number of characters to add to the begin attribute when returning a substring.
This attribute is only used if begin is not -1.
example: 3
format: int32
end:
type: integer
description: |
The index of the first character to exclude from the returned substring.
If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.
example: 6
format: int32
endOffset:
type: integer
description: |
This integer value is the number of characters to add to the end attribute when returning a substring.
This attribute is only used if end is provided and is not -1.
example: 1
format: int32
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: trim
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: upper
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: uuid
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
example:
name: Timestamp To Date
type: dateFormat
attributes:
inputFormat: 'MMM dd yyyy, HH:mm:ss.SSS'
outputFormat: yyyy/dd/MM
responses:
'201':
description: Indicates the transform was successfully created and returns its representation.
content:
application/json:
schema:
allOf:
- type: object
description: The representation of an internally- or customer-defined transform.
required:
- name
- type
- attributes
properties:
name:
type: string
description: Unique name of this transform
example: Timestamp To Date
minLength: 1
maxLength: 50
type:
type: string
description: The type of transform operation
enum:
- accountAttribute
- base64Decode
- base64Encode
- concat
- conditional
- dateCompare
- dateFormat
- dateMath
- decomposeDiacriticalMarks
- e164phone
- firstValid
- rule
- identityAttribute
- indexOf
- iso3166
- lastIndexOf
- leftPad
- lookup
- lower
- normalizeNames
- randomAlphaNumeric
- randomNumeric
- reference
- replaceAll
- replace
- rightPad
- split
- static
- substring
- trim
- upper
- usernameGenerator
- uuid
- displayName
- rfc5646
example: dateFormat
externalDocs:
description: Transform Operations
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations'
attributes:
nullable: true
description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed.
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Decode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Encode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: concat
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of items to join together
example:
- John
- ' '
- Smith
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: conditional
type: object
required:
- expression
- positiveCondition
- negativeCondition
properties:
expression:
type: string
description: |-
A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms.
The `eq` operator is the only valid comparison
example: ValueA eq ValueB
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: 'false'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateCompare
type: object
required:
- firstDate
- secondDate
- operator
- positiveCondition
- negativeCondition
properties:
firstDate:
description: This is the first date to consider (The date that would be on the left hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
secondDate:
description: This is the second date to consider (The date that would be on the right hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
operator:
type: string
description: |
This is the comparison to perform.
| Operation | Description |
| --------- | ------- |
| LT | Strictly less than: firstDate < secondDate |
| LTE | Less than or equal to: firstDate <= secondDate |
| GT | Strictly greater than: firstDate > secondDate |
| GTE | Greater than or equal to: firstDate >= secondDate |
enum:
- LT
- LTE
- GT
- GTE
example: LT
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateMath
type: object
required:
- expression
properties:
expression:
type: string
description: |
A string value of the date and time components to operation on, along with the math operations to execute.
externalDocs:
description: Date Math Expressions
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure'
example: now+1w
roundUp:
type: boolean
description: |
A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression.
If not provided, the transform will default to `false`
`true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)
`false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated)
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: decomposeDiacriticalMarks
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: e164phone
type: object
properties:
defaultRegion:
type: string
description: |
This is an optional attribute that can be used to define the region of the phone number to format into.
If defaultRegion is not provided, it will take US as the default country.
The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)
example: US
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: firstValid
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of attributes to evaluate for existence.
example:
- attributes:
sourceName: Active Directory
attributeName: sAMAccountName
type: accountAttribute
- attributes:
sourceName: Okta
attributeName: login
type: accountAttribute
- attributes:
sourceName: HR Source
attributeName: employeeID
type: accountAttribute
ignoreErrors:
type: boolean
description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: rule
oneOf:
- type: object
required:
- name
properties:
name:
type: string
description: This is the name of the Generic rule that needs to be invoked by the transform
example: Generic Calculation Rule
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- type: object
required:
- name
- operation
- includeNumbers
- includeSpecialChars
- length
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `generateRandomString`
example: generateRandomString
includeNumbers:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include numbers
example: true
includeSpecialChars:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include special characters
example: true
length:
type: string
description: |
This specifies how long the randomly generated string needs to be
>NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- type: object
required:
- name
- operation
- uid
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `getReferenceIdentityAttribute`
example: getReferenceIdentityAttribute
uid:
type: string
description: |
This is the SailPoint User Name (uid) value of the identity whose attribute is desired
As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute.
example: 2c91808570313110017040b06f344ec9
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- title: identityAttribute
type: object
required:
- name
properties:
name:
type: string
description: The system (camel-cased) name of the identity attribute to bring in
example: email
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: indexOf
type: object
required:
- substring
properties:
substring:
type: string
description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.'
example: admin_
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: iso3166
type: object
properties:
format:
type: string
description: |
An optional value to denote which ISO 3166 format to return. Valid values are:
`alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied
`alpha3` - Three-character country code (e.g., "USA")
`numeric` - The numeric country code (e.g., "840")
example: alpha2
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: leftPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lookup
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: |
This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched
>**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform.
example:
USA: Americas
FRA: EMEA
AUS: APAC
default: Unknown Region
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lower
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: nameNormalizer
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomAlphaNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: reference
type: object
required:
- id
properties:
id:
type: string
description: This ID specifies the name of the pre-existing transform which you want to use within your current transform
example: Existing Transform
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replaceAll
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.'
example:
'-': ' '
'"': ''''
ñ: 'n'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replace
type: object
required:
- regex
- replacement
properties:
regex:
type: string
description: This can be a string or a regex pattern in which you want to replace.
example: '[^a-zA-Z]'
externalDocs:
description: Regex Builder
url: 'https://regex101.com/'
replacement:
type: string
description: This is the replacement string that should be substituded wherever the string or pattern is found.
example: ' '
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: rightPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: split
type: object
required:
- delimiter
- index
properties:
delimiter:
type: string
description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data'
example: ','
index:
type: string
description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.'
example: '5'
throws:
type: boolean
description: |
A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)
`true` - The transform should return "IndexOutOfBoundsException"
`false` - The transform should return null
If not provided, the transform will default to false and return a null
example: true
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: static
type: object
required:
- values
properties:
values:
type: string
description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.'
example: string$variable
externalDocs:
description: Static Transform Documentation
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: substring
type: object
required:
- begin
properties:
begin:
type: integer
description: |
The index of the first character to include in the returned substring.
If `begin` is set to -1, the transform will begin at character 0 of the input data
example: 1
format: int32
beginOffset:
type: integer
description: |
This integer value is the number of characters to add to the begin attribute when returning a substring.
This attribute is only used if begin is not -1.
example: 3
format: int32
end:
type: integer
description: |
The index of the first character to exclude from the returned substring.
If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.
example: 6
format: int32
endOffset:
type: integer
description: |
This integer value is the number of characters to add to the end attribute when returning a substring.
This attribute is only used if end is provided and is not -1.
example: 1
format: int32
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: trim
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: upper
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: uuid
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- type: object
required:
- id
- internal
properties:
id:
type: string
description: Unique ID of this transform
example: 2cd78adghjkja34jh2b1hkjhasuecd
internal:
type: boolean
description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform
example: false
default: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:transform:manage'
'/transforms/{id}':
get:
tags:
- Transforms
summary: Transform by ID
description: |-
This API returns the transform specified by the given ID.
A token with transform read authority is required to call this API.
operationId: getTransform
parameters:
- name: id
in: path
description: ID of the transform to retrieve
required: true
style: simple
explode: false
example: 2cd78adghjkja34jh2b1hkjhasuecd
schema:
type: string
responses:
'200':
description: Transform with the given ID
content:
application/json:
schema:
allOf:
- type: object
description: The representation of an internally- or customer-defined transform.
required:
- name
- type
- attributes
properties:
name:
type: string
description: Unique name of this transform
example: Timestamp To Date
minLength: 1
maxLength: 50
type:
type: string
description: The type of transform operation
enum:
- accountAttribute
- base64Decode
- base64Encode
- concat
- conditional
- dateCompare
- dateFormat
- dateMath
- decomposeDiacriticalMarks
- e164phone
- firstValid
- rule
- identityAttribute
- indexOf
- iso3166
- lastIndexOf
- leftPad
- lookup
- lower
- normalizeNames
- randomAlphaNumeric
- randomNumeric
- reference
- replaceAll
- replace
- rightPad
- split
- static
- substring
- trim
- upper
- usernameGenerator
- uuid
- displayName
- rfc5646
example: dateFormat
externalDocs:
description: Transform Operations
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations'
attributes:
nullable: true
description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed.
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Decode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Encode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: concat
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of items to join together
example:
- John
- ' '
- Smith
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: conditional
type: object
required:
- expression
- positiveCondition
- negativeCondition
properties:
expression:
type: string
description: |-
A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms.
The `eq` operator is the only valid comparison
example: ValueA eq ValueB
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: 'false'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateCompare
type: object
required:
- firstDate
- secondDate
- operator
- positiveCondition
- negativeCondition
properties:
firstDate:
description: This is the first date to consider (The date that would be on the left hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
secondDate:
description: This is the second date to consider (The date that would be on the right hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
operator:
type: string
description: |
This is the comparison to perform.
| Operation | Description |
| --------- | ------- |
| LT | Strictly less than: firstDate < secondDate |
| LTE | Less than or equal to: firstDate <= secondDate |
| GT | Strictly greater than: firstDate > secondDate |
| GTE | Greater than or equal to: firstDate >= secondDate |
enum:
- LT
- LTE
- GT
- GTE
example: LT
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateMath
type: object
required:
- expression
properties:
expression:
type: string
description: |
A string value of the date and time components to operation on, along with the math operations to execute.
externalDocs:
description: Date Math Expressions
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure'
example: now+1w
roundUp:
type: boolean
description: |
A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression.
If not provided, the transform will default to `false`
`true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)
`false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated)
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: decomposeDiacriticalMarks
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: e164phone
type: object
properties:
defaultRegion:
type: string
description: |
This is an optional attribute that can be used to define the region of the phone number to format into.
If defaultRegion is not provided, it will take US as the default country.
The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)
example: US
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: firstValid
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of attributes to evaluate for existence.
example:
- attributes:
sourceName: Active Directory
attributeName: sAMAccountName
type: accountAttribute
- attributes:
sourceName: Okta
attributeName: login
type: accountAttribute
- attributes:
sourceName: HR Source
attributeName: employeeID
type: accountAttribute
ignoreErrors:
type: boolean
description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: rule
oneOf:
- type: object
required:
- name
properties:
name:
type: string
description: This is the name of the Generic rule that needs to be invoked by the transform
example: Generic Calculation Rule
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- type: object
required:
- name
- operation
- includeNumbers
- includeSpecialChars
- length
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `generateRandomString`
example: generateRandomString
includeNumbers:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include numbers
example: true
includeSpecialChars:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include special characters
example: true
length:
type: string
description: |
This specifies how long the randomly generated string needs to be
>NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- type: object
required:
- name
- operation
- uid
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `getReferenceIdentityAttribute`
example: getReferenceIdentityAttribute
uid:
type: string
description: |
This is the SailPoint User Name (uid) value of the identity whose attribute is desired
As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute.
example: 2c91808570313110017040b06f344ec9
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- title: identityAttribute
type: object
required:
- name
properties:
name:
type: string
description: The system (camel-cased) name of the identity attribute to bring in
example: email
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: indexOf
type: object
required:
- substring
properties:
substring:
type: string
description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.'
example: admin_
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: iso3166
type: object
properties:
format:
type: string
description: |
An optional value to denote which ISO 3166 format to return. Valid values are:
`alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied
`alpha3` - Three-character country code (e.g., "USA")
`numeric` - The numeric country code (e.g., "840")
example: alpha2
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: leftPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lookup
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: |
This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched
>**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform.
example:
USA: Americas
FRA: EMEA
AUS: APAC
default: Unknown Region
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lower
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: nameNormalizer
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomAlphaNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: reference
type: object
required:
- id
properties:
id:
type: string
description: This ID specifies the name of the pre-existing transform which you want to use within your current transform
example: Existing Transform
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replaceAll
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.'
example:
'-': ' '
'"': ''''
ñ: 'n'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replace
type: object
required:
- regex
- replacement
properties:
regex:
type: string
description: This can be a string or a regex pattern in which you want to replace.
example: '[^a-zA-Z]'
externalDocs:
description: Regex Builder
url: 'https://regex101.com/'
replacement:
type: string
description: This is the replacement string that should be substituded wherever the string or pattern is found.
example: ' '
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: rightPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: split
type: object
required:
- delimiter
- index
properties:
delimiter:
type: string
description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data'
example: ','
index:
type: string
description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.'
example: '5'
throws:
type: boolean
description: |
A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)
`true` - The transform should return "IndexOutOfBoundsException"
`false` - The transform should return null
If not provided, the transform will default to false and return a null
example: true
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: static
type: object
required:
- values
properties:
values:
type: string
description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.'
example: string$variable
externalDocs:
description: Static Transform Documentation
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: substring
type: object
required:
- begin
properties:
begin:
type: integer
description: |
The index of the first character to include in the returned substring.
If `begin` is set to -1, the transform will begin at character 0 of the input data
example: 1
format: int32
beginOffset:
type: integer
description: |
This integer value is the number of characters to add to the begin attribute when returning a substring.
This attribute is only used if begin is not -1.
example: 3
format: int32
end:
type: integer
description: |
The index of the first character to exclude from the returned substring.
If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.
example: 6
format: int32
endOffset:
type: integer
description: |
This integer value is the number of characters to add to the end attribute when returning a substring.
This attribute is only used if end is provided and is not -1.
example: 1
format: int32
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: trim
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: upper
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: uuid
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- type: object
required:
- id
- internal
properties:
id:
type: string
description: Unique ID of this transform
example: 2cd78adghjkja34jh2b1hkjhasuecd
internal:
type: boolean
description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform
example: false
default: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:transform:read'
- 'idn:transform:manage'
put:
tags:
- Transforms
summary: Update a transform
description: |-
Replaces the transform specified by the given ID with the transform provided in the request body. Only the "attributes" field is mutable. Attempting to change other properties (ex. "name" and "type") will result in an error.
A token with transform write authority is required to call this API.
operationId: updateTransform
parameters:
- name: id
in: path
description: ID of the transform to update
required: true
style: simple
explode: false
schema:
type: string
example: 2cd78adghjkja34jh2b1hkjhasuecd
requestBody:
description: 'The updated transform object. Must include "name", "type", and "attributes" fields, but "name" and "type" must not be modified.'
content:
application/json:
schema:
type: object
description: The representation of an internally- or customer-defined transform.
required:
- name
- type
- attributes
properties:
name:
type: string
description: Unique name of this transform
example: Timestamp To Date
minLength: 1
maxLength: 50
type:
type: string
description: The type of transform operation
enum:
- accountAttribute
- base64Decode
- base64Encode
- concat
- conditional
- dateCompare
- dateFormat
- dateMath
- decomposeDiacriticalMarks
- e164phone
- firstValid
- rule
- identityAttribute
- indexOf
- iso3166
- lastIndexOf
- leftPad
- lookup
- lower
- normalizeNames
- randomAlphaNumeric
- randomNumeric
- reference
- replaceAll
- replace
- rightPad
- split
- static
- substring
- trim
- upper
- usernameGenerator
- uuid
- displayName
- rfc5646
example: dateFormat
externalDocs:
description: Transform Operations
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations'
attributes:
nullable: true
description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed.
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Decode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Encode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: concat
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of items to join together
example:
- John
- ' '
- Smith
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: conditional
type: object
required:
- expression
- positiveCondition
- negativeCondition
properties:
expression:
type: string
description: |-
A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms.
The `eq` operator is the only valid comparison
example: ValueA eq ValueB
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: 'false'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateCompare
type: object
required:
- firstDate
- secondDate
- operator
- positiveCondition
- negativeCondition
properties:
firstDate:
description: This is the first date to consider (The date that would be on the left hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
secondDate:
description: This is the second date to consider (The date that would be on the right hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
operator:
type: string
description: |
This is the comparison to perform.
| Operation | Description |
| --------- | ------- |
| LT | Strictly less than: firstDate < secondDate |
| LTE | Less than or equal to: firstDate <= secondDate |
| GT | Strictly greater than: firstDate > secondDate |
| GTE | Greater than or equal to: firstDate >= secondDate |
enum:
- LT
- LTE
- GT
- GTE
example: LT
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateMath
type: object
required:
- expression
properties:
expression:
type: string
description: |
A string value of the date and time components to operation on, along with the math operations to execute.
externalDocs:
description: Date Math Expressions
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure'
example: now+1w
roundUp:
type: boolean
description: |
A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression.
If not provided, the transform will default to `false`
`true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)
`false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated)
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: decomposeDiacriticalMarks
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: e164phone
type: object
properties:
defaultRegion:
type: string
description: |
This is an optional attribute that can be used to define the region of the phone number to format into.
If defaultRegion is not provided, it will take US as the default country.
The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)
example: US
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: firstValid
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of attributes to evaluate for existence.
example:
- attributes:
sourceName: Active Directory
attributeName: sAMAccountName
type: accountAttribute
- attributes:
sourceName: Okta
attributeName: login
type: accountAttribute
- attributes:
sourceName: HR Source
attributeName: employeeID
type: accountAttribute
ignoreErrors:
type: boolean
description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: rule
oneOf:
- type: object
required:
- name
properties:
name:
type: string
description: This is the name of the Generic rule that needs to be invoked by the transform
example: Generic Calculation Rule
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- type: object
required:
- name
- operation
- includeNumbers
- includeSpecialChars
- length
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `generateRandomString`
example: generateRandomString
includeNumbers:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include numbers
example: true
includeSpecialChars:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include special characters
example: true
length:
type: string
description: |
This specifies how long the randomly generated string needs to be
>NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- type: object
required:
- name
- operation
- uid
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `getReferenceIdentityAttribute`
example: getReferenceIdentityAttribute
uid:
type: string
description: |
This is the SailPoint User Name (uid) value of the identity whose attribute is desired
As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute.
example: 2c91808570313110017040b06f344ec9
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- title: identityAttribute
type: object
required:
- name
properties:
name:
type: string
description: The system (camel-cased) name of the identity attribute to bring in
example: email
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: indexOf
type: object
required:
- substring
properties:
substring:
type: string
description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.'
example: admin_
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: iso3166
type: object
properties:
format:
type: string
description: |
An optional value to denote which ISO 3166 format to return. Valid values are:
`alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied
`alpha3` - Three-character country code (e.g., "USA")
`numeric` - The numeric country code (e.g., "840")
example: alpha2
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: leftPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lookup
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: |
This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched
>**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform.
example:
USA: Americas
FRA: EMEA
AUS: APAC
default: Unknown Region
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lower
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: nameNormalizer
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomAlphaNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: reference
type: object
required:
- id
properties:
id:
type: string
description: This ID specifies the name of the pre-existing transform which you want to use within your current transform
example: Existing Transform
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replaceAll
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.'
example:
'-': ' '
'"': ''''
ñ: 'n'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replace
type: object
required:
- regex
- replacement
properties:
regex:
type: string
description: This can be a string or a regex pattern in which you want to replace.
example: '[^a-zA-Z]'
externalDocs:
description: Regex Builder
url: 'https://regex101.com/'
replacement:
type: string
description: This is the replacement string that should be substituded wherever the string or pattern is found.
example: ' '
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: rightPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: split
type: object
required:
- delimiter
- index
properties:
delimiter:
type: string
description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data'
example: ','
index:
type: string
description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.'
example: '5'
throws:
type: boolean
description: |
A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)
`true` - The transform should return "IndexOutOfBoundsException"
`false` - The transform should return null
If not provided, the transform will default to false and return a null
example: true
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: static
type: object
required:
- values
properties:
values:
type: string
description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.'
example: string$variable
externalDocs:
description: Static Transform Documentation
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: substring
type: object
required:
- begin
properties:
begin:
type: integer
description: |
The index of the first character to include in the returned substring.
If `begin` is set to -1, the transform will begin at character 0 of the input data
example: 1
format: int32
beginOffset:
type: integer
description: |
This integer value is the number of characters to add to the begin attribute when returning a substring.
This attribute is only used if begin is not -1.
example: 3
format: int32
end:
type: integer
description: |
The index of the first character to exclude from the returned substring.
If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.
example: 6
format: int32
endOffset:
type: integer
description: |
This integer value is the number of characters to add to the end attribute when returning a substring.
This attribute is only used if end is provided and is not -1.
example: 1
format: int32
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: trim
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: upper
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: uuid
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
example:
name: Timestamp To Date
type: dateFormat
attributes:
inputFormat: 'MMM-dd-yyyy, HH:mm:ss.SSS'
outputFormat: yyyy/dd/MM
responses:
'200':
description: Indicates the transform was successfully updated and returns its new representation.
content:
application/json:
schema:
allOf:
- type: object
description: The representation of an internally- or customer-defined transform.
required:
- name
- type
- attributes
properties:
name:
type: string
description: Unique name of this transform
example: Timestamp To Date
minLength: 1
maxLength: 50
type:
type: string
description: The type of transform operation
enum:
- accountAttribute
- base64Decode
- base64Encode
- concat
- conditional
- dateCompare
- dateFormat
- dateMath
- decomposeDiacriticalMarks
- e164phone
- firstValid
- rule
- identityAttribute
- indexOf
- iso3166
- lastIndexOf
- leftPad
- lookup
- lower
- normalizeNames
- randomAlphaNumeric
- randomNumeric
- reference
- replaceAll
- replace
- rightPad
- split
- static
- substring
- trim
- upper
- usernameGenerator
- uuid
- displayName
- rfc5646
example: dateFormat
externalDocs:
description: Transform Operations
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations'
attributes:
nullable: true
description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed.
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Decode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Encode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: concat
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of items to join together
example:
- John
- ' '
- Smith
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: conditional
type: object
required:
- expression
- positiveCondition
- negativeCondition
properties:
expression:
type: string
description: |-
A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms.
The `eq` operator is the only valid comparison
example: ValueA eq ValueB
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: 'false'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateCompare
type: object
required:
- firstDate
- secondDate
- operator
- positiveCondition
- negativeCondition
properties:
firstDate:
description: This is the first date to consider (The date that would be on the left hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
secondDate:
description: This is the second date to consider (The date that would be on the right hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
operator:
type: string
description: |
This is the comparison to perform.
| Operation | Description |
| --------- | ------- |
| LT | Strictly less than: firstDate < secondDate |
| LTE | Less than or equal to: firstDate <= secondDate |
| GT | Strictly greater than: firstDate > secondDate |
| GTE | Greater than or equal to: firstDate >= secondDate |
enum:
- LT
- LTE
- GT
- GTE
example: LT
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateMath
type: object
required:
- expression
properties:
expression:
type: string
description: |
A string value of the date and time components to operation on, along with the math operations to execute.
externalDocs:
description: Date Math Expressions
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure'
example: now+1w
roundUp:
type: boolean
description: |
A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression.
If not provided, the transform will default to `false`
`true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)
`false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated)
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: decomposeDiacriticalMarks
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: e164phone
type: object
properties:
defaultRegion:
type: string
description: |
This is an optional attribute that can be used to define the region of the phone number to format into.
If defaultRegion is not provided, it will take US as the default country.
The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)
example: US
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: firstValid
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of attributes to evaluate for existence.
example:
- attributes:
sourceName: Active Directory
attributeName: sAMAccountName
type: accountAttribute
- attributes:
sourceName: Okta
attributeName: login
type: accountAttribute
- attributes:
sourceName: HR Source
attributeName: employeeID
type: accountAttribute
ignoreErrors:
type: boolean
description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: rule
oneOf:
- type: object
required:
- name
properties:
name:
type: string
description: This is the name of the Generic rule that needs to be invoked by the transform
example: Generic Calculation Rule
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- type: object
required:
- name
- operation
- includeNumbers
- includeSpecialChars
- length
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `generateRandomString`
example: generateRandomString
includeNumbers:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include numbers
example: true
includeSpecialChars:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include special characters
example: true
length:
type: string
description: |
This specifies how long the randomly generated string needs to be
>NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- type: object
required:
- name
- operation
- uid
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `getReferenceIdentityAttribute`
example: getReferenceIdentityAttribute
uid:
type: string
description: |
This is the SailPoint User Name (uid) value of the identity whose attribute is desired
As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute.
example: 2c91808570313110017040b06f344ec9
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- title: identityAttribute
type: object
required:
- name
properties:
name:
type: string
description: The system (camel-cased) name of the identity attribute to bring in
example: email
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: indexOf
type: object
required:
- substring
properties:
substring:
type: string
description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.'
example: admin_
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: iso3166
type: object
properties:
format:
type: string
description: |
An optional value to denote which ISO 3166 format to return. Valid values are:
`alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied
`alpha3` - Three-character country code (e.g., "USA")
`numeric` - The numeric country code (e.g., "840")
example: alpha2
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: leftPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lookup
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: |
This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched
>**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform.
example:
USA: Americas
FRA: EMEA
AUS: APAC
default: Unknown Region
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lower
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: nameNormalizer
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomAlphaNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: reference
type: object
required:
- id
properties:
id:
type: string
description: This ID specifies the name of the pre-existing transform which you want to use within your current transform
example: Existing Transform
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replaceAll
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.'
example:
'-': ' '
'"': ''''
ñ: 'n'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replace
type: object
required:
- regex
- replacement
properties:
regex:
type: string
description: This can be a string or a regex pattern in which you want to replace.
example: '[^a-zA-Z]'
externalDocs:
description: Regex Builder
url: 'https://regex101.com/'
replacement:
type: string
description: This is the replacement string that should be substituded wherever the string or pattern is found.
example: ' '
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: rightPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: split
type: object
required:
- delimiter
- index
properties:
delimiter:
type: string
description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data'
example: ','
index:
type: string
description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.'
example: '5'
throws:
type: boolean
description: |
A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)
`true` - The transform should return "IndexOutOfBoundsException"
`false` - The transform should return null
If not provided, the transform will default to false and return a null
example: true
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: static
type: object
required:
- values
properties:
values:
type: string
description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.'
example: string$variable
externalDocs:
description: Static Transform Documentation
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: substring
type: object
required:
- begin
properties:
begin:
type: integer
description: |
The index of the first character to include in the returned substring.
If `begin` is set to -1, the transform will begin at character 0 of the input data
example: 1
format: int32
beginOffset:
type: integer
description: |
This integer value is the number of characters to add to the begin attribute when returning a substring.
This attribute is only used if begin is not -1.
example: 3
format: int32
end:
type: integer
description: |
The index of the first character to exclude from the returned substring.
If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.
example: 6
format: int32
endOffset:
type: integer
description: |
This integer value is the number of characters to add to the end attribute when returning a substring.
This attribute is only used if end is provided and is not -1.
example: 1
format: int32
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: trim
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: upper
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: uuid
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- type: object
required:
- id
- internal
properties:
id:
type: string
description: Unique ID of this transform
example: 2cd78adghjkja34jh2b1hkjhasuecd
internal:
type: boolean
description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform
example: false
default: false
example:
id: 2cd78adghjkja34jh2b1hkjhasuecd
name: Timestamp To Date
type: dateFormat
attributes:
inputFormat: 'MMM-dd-yyyy, HH:mm:ss.SSS'
outputFormat: yyyy/dd/MM
internal: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:transform:manage'
delete:
tags:
- Transforms
summary: Delete a transform
description: |-
Deletes the transform specified by the given ID. Attempting to delete a transform that is used in one or more Identity Profile mappings will result in an error. If this occurs, you must first remove the transform from all mappings before deleting the transform.
A token with transform delete authority is required to call this API.
operationId: deleteTransform
parameters:
- name: id
in: path
description: ID of the transform to delete
required: true
style: simple
explode: false
schema:
type: string
example: 2cd78adghjkja34jh2b1hkjhasuecd
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth:
- 'idn:transform:manage'
/work-items:
get:
operationId: listWorkItems
tags:
- Work Items
summary: List Work Items
description: 'This gets a collection of work items belonging to either the specified user(admin required), or the current user.'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: ownerId
schema:
type: string
description: ID of the work item owner.
required: false
example: 1211bcaa32112bcef6122adb21cef1ac
responses:
'200':
description: List of work items
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the work item
example: 2c9180835d2e5168015d32f890ca1581
requesterId:
type: string
description: ID of the requester
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
requesterDisplayName:
type: string
description: The displayname of the requester
example: John Smith
nullable: true
ownerId:
type: string
description: The ID of the owner
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
ownerName:
type: string
description: The name of the owner
example: Jason Smith
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
description: Time when the work item was created
modified:
type: string
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: Time when the work item was last updated
nullable: true
description:
type: string
description: The description of the work item
example: Create account on source 'AD'
state:
type: string
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
example: Finished
description: The state of a work item
type:
type: string
enum:
- Generic
- Certification
- Remediation
- Delegation
- Approval
- ViolationReview
- Form
- PolicyVioloation
- Challenge
- ImpactAnalysis
- Signoff
- Event
- ManualAction
- Test
example: Generic
description: The type of the work item
remediationItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The ID of the certification
example: 2c9180835d2e5168015d32f890ca1581
targetId:
type: string
description: The ID of the certification target
example: 2c9180835d2e5168015d32f890ca1581
targetName:
type: string
description: The name of the certification target
example: john.smith
targetDisplayName:
type: string
description: The display name of the certification target
example: emailAddress
applicationName:
type: string
description: The name of the application/source
example: Active Directory
attributeName:
type: string
description: The name of the attribute being certified
example: phoneNumber
attributeOperation:
type: string
description: The operation of the certification on the attribute
example: update
attributeValue:
type: string
description: The value of the attribute being certified
example: 512-555-1212
nativeIdentity:
type: string
description: The native identity of the target
example: jason.smith2
description: A list of remediation items
approvalItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The approval item's ID
example: 2c9180835d2e5168015d32f890ca1581
account:
type: string
description: The account referenced by the approval item
example: john.smith
nullable: true
application:
type: string
description: The name of the application/source
example: Active Directory
name:
type: string
description: The attribute's name
example: emailAddress
nullable: true
operation:
type: string
description: The attribute's operation
example: update
value:
type: string
description: The attribute's value
example: a@b.com
nullable: true
state:
allOf:
- type: string
enum:
- FINISHED
- REJECTED
- RETURNED
- EXPIRED
- PENDING
- CANCELED
- null
example: FINISHED
description: The state of a work item
- nullable: true
description: A list of items that need to be approved
name:
type: string
description: The work item name
example: Account Create
nullable: true
completed:
type: string
format: date-time
example: '2018-10-19T13:49:37.385Z'
description: The time at which the work item completed
nullable: true
numItems:
type: integer
format: int32
description: The number of items in the work item
example: 19
nullable: true
form:
allOf:
- type: object
properties:
id:
type: string
description: ID of the form
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
name:
type: string
description: Name of the form
example: AccountSelection Form
nullable: true
title:
type: string
description: The form title
example: Account Selection for John.Doe
subtitle:
type: string
description: The form subtitle.
example: Please select from the following
targetUser:
type: string
description: The name of the user that should be shown this form
example: Jane.Doe
sections:
type: array
items:
type: object
allOf:
- type: object
properties:
name:
type: string
description: Name of the FormItem
example: Field1
- type: object
properties:
label:
type: string
description: Label of the section
example: Section 1
formItems:
type: array
items:
type: object
description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
example: []
description: Sections of the form
- nullable: true
errors:
type: array
items:
type: string
example:
- The work item ID that was specified was not found.
description: An array of errors that ocurred during the work item
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/work-items/completed:
get:
operationId: getCompletedWorkItems
tags:
- Work Items
summary: Completed Work Items
description: 'This gets a collection of completed work items belonging to either the specified user(admin required), or the current user.'
parameters:
- in: query
name: ownerId
schema:
type: string
description: 'The id of the owner of the work item list being requested. Either an admin, or the owning/current user must make this request.'
required: false
example: 1211bcaa32112bcef6122adb21cef1ac
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: List of completed work items.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the work item
example: 2c9180835d2e5168015d32f890ca1581
requesterId:
type: string
description: ID of the requester
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
requesterDisplayName:
type: string
description: The displayname of the requester
example: John Smith
nullable: true
ownerId:
type: string
description: The ID of the owner
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
ownerName:
type: string
description: The name of the owner
example: Jason Smith
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
description: Time when the work item was created
modified:
type: string
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: Time when the work item was last updated
nullable: true
description:
type: string
description: The description of the work item
example: Create account on source 'AD'
state:
type: string
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
example: Finished
description: The state of a work item
type:
type: string
enum:
- Generic
- Certification
- Remediation
- Delegation
- Approval
- ViolationReview
- Form
- PolicyVioloation
- Challenge
- ImpactAnalysis
- Signoff
- Event
- ManualAction
- Test
example: Generic
description: The type of the work item
remediationItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The ID of the certification
example: 2c9180835d2e5168015d32f890ca1581
targetId:
type: string
description: The ID of the certification target
example: 2c9180835d2e5168015d32f890ca1581
targetName:
type: string
description: The name of the certification target
example: john.smith
targetDisplayName:
type: string
description: The display name of the certification target
example: emailAddress
applicationName:
type: string
description: The name of the application/source
example: Active Directory
attributeName:
type: string
description: The name of the attribute being certified
example: phoneNumber
attributeOperation:
type: string
description: The operation of the certification on the attribute
example: update
attributeValue:
type: string
description: The value of the attribute being certified
example: 512-555-1212
nativeIdentity:
type: string
description: The native identity of the target
example: jason.smith2
description: A list of remediation items
approvalItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The approval item's ID
example: 2c9180835d2e5168015d32f890ca1581
account:
type: string
description: The account referenced by the approval item
example: john.smith
nullable: true
application:
type: string
description: The name of the application/source
example: Active Directory
name:
type: string
description: The attribute's name
example: emailAddress
nullable: true
operation:
type: string
description: The attribute's operation
example: update
value:
type: string
description: The attribute's value
example: a@b.com
nullable: true
state:
allOf:
- type: string
enum:
- FINISHED
- REJECTED
- RETURNED
- EXPIRED
- PENDING
- CANCELED
- null
example: FINISHED
description: The state of a work item
- nullable: true
description: A list of items that need to be approved
name:
type: string
description: The work item name
example: Account Create
nullable: true
completed:
type: string
format: date-time
example: '2018-10-19T13:49:37.385Z'
description: The time at which the work item completed
nullable: true
numItems:
type: integer
format: int32
description: The number of items in the work item
example: 19
nullable: true
form:
allOf:
- type: object
properties:
id:
type: string
description: ID of the form
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
name:
type: string
description: Name of the form
example: AccountSelection Form
nullable: true
title:
type: string
description: The form title
example: Account Selection for John.Doe
subtitle:
type: string
description: The form subtitle.
example: Please select from the following
targetUser:
type: string
description: The name of the user that should be shown this form
example: Jane.Doe
sections:
type: array
items:
type: object
allOf:
- type: object
properties:
name:
type: string
description: Name of the FormItem
example: Field1
- type: object
properties:
label:
type: string
description: Label of the section
example: Section 1
formItems:
type: array
items:
type: object
description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
example: []
description: Sections of the form
- nullable: true
errors:
type: array
items:
type: string
example:
- The work item ID that was specified was not found.
description: An array of errors that ocurred during the work item
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/work-items/count:
get:
operationId: getCountWorkItems
tags:
- Work Items
summary: Count Work Items
description: 'This gets a count of work items belonging to either the specified user(admin required), or the current user.'
parameters:
- in: query
name: ownerId
schema:
type: string
description: ID of the work item owner.
required: false
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: List of work items
content:
application/json:
schema:
type: object
properties:
count:
type: integer
description: The count of work items
example: 29
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/work-items/completed/count:
get:
operationId: getCountCompletedWorkItems
tags:
- Work Items
summary: Count Completed Work Items
description: 'This gets a count of completed work items belonging to either the specified user(admin required), or the current user.'
parameters:
- in: query
name: ownerId
schema:
type: string
description: ID of the work item owner.
required: false
example: 1211bcaa32112bcef6122adb21cef1ac
responses:
'200':
description: List of work items
content:
application/json:
schema:
type: object
properties:
count:
type: integer
description: The count of work items
example: 29
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/work-items/summary:
get:
operationId: getWorkItemsSummary
tags:
- Work Items
summary: Work Items Summary
description: 'This gets a summary of work items belonging to either the specified user(admin required), or the current user.'
parameters:
- in: query
name: ownerId
schema:
type: string
description: ID of the work item owner.
required: false
example: 1211bcaa32112bcef6122adb21cef1ac
responses:
'200':
description: List of work items
content:
application/json:
schema:
type: object
properties:
open:
type: integer
description: The count of open work items
example: 29
completed:
type: integer
description: The count of completed work items
example: 1
total:
type: integer
description: The count of total work items
example: 30
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/work-items/{id}':
get:
operationId: getWorkItem
tags:
- Work Items
summary: Get a Work Item
description: 'This gets the details of a Work Item belonging to either the specified user(admin required), or the current user.'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: ID of the work item.
example: 2c9180835d191a86015d28455b4a2329
responses:
'200':
description: The work item with the given ID.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the work item
example: 2c9180835d2e5168015d32f890ca1581
requesterId:
type: string
description: ID of the requester
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
requesterDisplayName:
type: string
description: The displayname of the requester
example: John Smith
nullable: true
ownerId:
type: string
description: The ID of the owner
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
ownerName:
type: string
description: The name of the owner
example: Jason Smith
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
description: Time when the work item was created
modified:
type: string
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: Time when the work item was last updated
nullable: true
description:
type: string
description: The description of the work item
example: Create account on source 'AD'
state:
type: string
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
example: Finished
description: The state of a work item
type:
type: string
enum:
- Generic
- Certification
- Remediation
- Delegation
- Approval
- ViolationReview
- Form
- PolicyVioloation
- Challenge
- ImpactAnalysis
- Signoff
- Event
- ManualAction
- Test
example: Generic
description: The type of the work item
remediationItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The ID of the certification
example: 2c9180835d2e5168015d32f890ca1581
targetId:
type: string
description: The ID of the certification target
example: 2c9180835d2e5168015d32f890ca1581
targetName:
type: string
description: The name of the certification target
example: john.smith
targetDisplayName:
type: string
description: The display name of the certification target
example: emailAddress
applicationName:
type: string
description: The name of the application/source
example: Active Directory
attributeName:
type: string
description: The name of the attribute being certified
example: phoneNumber
attributeOperation:
type: string
description: The operation of the certification on the attribute
example: update
attributeValue:
type: string
description: The value of the attribute being certified
example: 512-555-1212
nativeIdentity:
type: string
description: The native identity of the target
example: jason.smith2
description: A list of remediation items
approvalItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The approval item's ID
example: 2c9180835d2e5168015d32f890ca1581
account:
type: string
description: The account referenced by the approval item
example: john.smith
nullable: true
application:
type: string
description: The name of the application/source
example: Active Directory
name:
type: string
description: The attribute's name
example: emailAddress
nullable: true
operation:
type: string
description: The attribute's operation
example: update
value:
type: string
description: The attribute's value
example: a@b.com
nullable: true
state:
allOf:
- type: string
enum:
- FINISHED
- REJECTED
- RETURNED
- EXPIRED
- PENDING
- CANCELED
- null
example: FINISHED
description: The state of a work item
- nullable: true
description: A list of items that need to be approved
name:
type: string
description: The work item name
example: Account Create
nullable: true
completed:
type: string
format: date-time
example: '2018-10-19T13:49:37.385Z'
description: The time at which the work item completed
nullable: true
numItems:
type: integer
format: int32
description: The number of items in the work item
example: 19
nullable: true
form:
allOf:
- type: object
properties:
id:
type: string
description: ID of the form
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
name:
type: string
description: Name of the form
example: AccountSelection Form
nullable: true
title:
type: string
description: The form title
example: Account Selection for John.Doe
subtitle:
type: string
description: The form subtitle.
example: Please select from the following
targetUser:
type: string
description: The name of the user that should be shown this form
example: Jane.Doe
sections:
type: array
items:
type: object
allOf:
- type: object
properties:
name:
type: string
description: Name of the FormItem
example: Field1
- type: object
properties:
label:
type: string
description: Label of the section
example: Section 1
formItems:
type: array
items:
type: object
description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
example: []
description: Sections of the form
- nullable: true
errors:
type: array
items:
type: string
example:
- The work item ID that was specified was not found.
description: An array of errors that ocurred during the work item
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: completeWorkItem
tags:
- Work Items
summary: Complete a Work Item
description: 'This API completes a work item. Either an admin, or the owning/current user must make this request.'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the work item
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: A WorkItems object
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the work item
example: 2c9180835d2e5168015d32f890ca1581
requesterId:
type: string
description: ID of the requester
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
requesterDisplayName:
type: string
description: The displayname of the requester
example: John Smith
nullable: true
ownerId:
type: string
description: The ID of the owner
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
ownerName:
type: string
description: The name of the owner
example: Jason Smith
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
description: Time when the work item was created
modified:
type: string
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: Time when the work item was last updated
nullable: true
description:
type: string
description: The description of the work item
example: Create account on source 'AD'
state:
type: string
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
example: Finished
description: The state of a work item
type:
type: string
enum:
- Generic
- Certification
- Remediation
- Delegation
- Approval
- ViolationReview
- Form
- PolicyVioloation
- Challenge
- ImpactAnalysis
- Signoff
- Event
- ManualAction
- Test
example: Generic
description: The type of the work item
remediationItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The ID of the certification
example: 2c9180835d2e5168015d32f890ca1581
targetId:
type: string
description: The ID of the certification target
example: 2c9180835d2e5168015d32f890ca1581
targetName:
type: string
description: The name of the certification target
example: john.smith
targetDisplayName:
type: string
description: The display name of the certification target
example: emailAddress
applicationName:
type: string
description: The name of the application/source
example: Active Directory
attributeName:
type: string
description: The name of the attribute being certified
example: phoneNumber
attributeOperation:
type: string
description: The operation of the certification on the attribute
example: update
attributeValue:
type: string
description: The value of the attribute being certified
example: 512-555-1212
nativeIdentity:
type: string
description: The native identity of the target
example: jason.smith2
description: A list of remediation items
approvalItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The approval item's ID
example: 2c9180835d2e5168015d32f890ca1581
account:
type: string
description: The account referenced by the approval item
example: john.smith
nullable: true
application:
type: string
description: The name of the application/source
example: Active Directory
name:
type: string
description: The attribute's name
example: emailAddress
nullable: true
operation:
type: string
description: The attribute's operation
example: update
value:
type: string
description: The attribute's value
example: a@b.com
nullable: true
state:
allOf:
- type: string
enum:
- FINISHED
- REJECTED
- RETURNED
- EXPIRED
- PENDING
- CANCELED
- null
example: FINISHED
description: The state of a work item
- nullable: true
description: A list of items that need to be approved
name:
type: string
description: The work item name
example: Account Create
nullable: true
completed:
type: string
format: date-time
example: '2018-10-19T13:49:37.385Z'
description: The time at which the work item completed
nullable: true
numItems:
type: integer
format: int32
description: The number of items in the work item
example: 19
nullable: true
form:
allOf:
- type: object
properties:
id:
type: string
description: ID of the form
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
name:
type: string
description: Name of the form
example: AccountSelection Form
nullable: true
title:
type: string
description: The form title
example: Account Selection for John.Doe
subtitle:
type: string
description: The form subtitle.
example: Please select from the following
targetUser:
type: string
description: The name of the user that should be shown this form
example: Jane.Doe
sections:
type: array
items:
type: object
allOf:
- type: object
properties:
name:
type: string
description: Name of the FormItem
example: Field1
- type: object
properties:
label:
type: string
description: Label of the section
example: Section 1
formItems:
type: array
items:
type: object
description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
example: []
description: Sections of the form
- nullable: true
errors:
type: array
items:
type: string
example:
- The work item ID that was specified was not found.
description: An array of errors that ocurred during the work item
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/work-items/{id}/approve/{approvalItemId}':
post:
operationId: approveApprovalItem
tags:
- Work Items
summary: Approve an Approval Item
description: 'This API approves an Approval Item. Either an admin, or the owning/current user must make this request.'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the work item
example: ef38f94347e94562b5bb8424a56397d8
- in: path
name: approvalItemId
schema:
type: string
required: true
description: The ID of the approval item.
example: 1211bcaa32112bcef6122adb21cef1ac
responses:
'200':
description: A work items details object.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the work item
example: 2c9180835d2e5168015d32f890ca1581
requesterId:
type: string
description: ID of the requester
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
requesterDisplayName:
type: string
description: The displayname of the requester
example: John Smith
nullable: true
ownerId:
type: string
description: The ID of the owner
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
ownerName:
type: string
description: The name of the owner
example: Jason Smith
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
description: Time when the work item was created
modified:
type: string
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: Time when the work item was last updated
nullable: true
description:
type: string
description: The description of the work item
example: Create account on source 'AD'
state:
type: string
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
example: Finished
description: The state of a work item
type:
type: string
enum:
- Generic
- Certification
- Remediation
- Delegation
- Approval
- ViolationReview
- Form
- PolicyVioloation
- Challenge
- ImpactAnalysis
- Signoff
- Event
- ManualAction
- Test
example: Generic
description: The type of the work item
remediationItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The ID of the certification
example: 2c9180835d2e5168015d32f890ca1581
targetId:
type: string
description: The ID of the certification target
example: 2c9180835d2e5168015d32f890ca1581
targetName:
type: string
description: The name of the certification target
example: john.smith
targetDisplayName:
type: string
description: The display name of the certification target
example: emailAddress
applicationName:
type: string
description: The name of the application/source
example: Active Directory
attributeName:
type: string
description: The name of the attribute being certified
example: phoneNumber
attributeOperation:
type: string
description: The operation of the certification on the attribute
example: update
attributeValue:
type: string
description: The value of the attribute being certified
example: 512-555-1212
nativeIdentity:
type: string
description: The native identity of the target
example: jason.smith2
description: A list of remediation items
approvalItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The approval item's ID
example: 2c9180835d2e5168015d32f890ca1581
account:
type: string
description: The account referenced by the approval item
example: john.smith
nullable: true
application:
type: string
description: The name of the application/source
example: Active Directory
name:
type: string
description: The attribute's name
example: emailAddress
nullable: true
operation:
type: string
description: The attribute's operation
example: update
value:
type: string
description: The attribute's value
example: a@b.com
nullable: true
state:
allOf:
- type: string
enum:
- FINISHED
- REJECTED
- RETURNED
- EXPIRED
- PENDING
- CANCELED
- null
example: FINISHED
description: The state of a work item
- nullable: true
description: A list of items that need to be approved
name:
type: string
description: The work item name
example: Account Create
nullable: true
completed:
type: string
format: date-time
example: '2018-10-19T13:49:37.385Z'
description: The time at which the work item completed
nullable: true
numItems:
type: integer
format: int32
description: The number of items in the work item
example: 19
nullable: true
form:
allOf:
- type: object
properties:
id:
type: string
description: ID of the form
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
name:
type: string
description: Name of the form
example: AccountSelection Form
nullable: true
title:
type: string
description: The form title
example: Account Selection for John.Doe
subtitle:
type: string
description: The form subtitle.
example: Please select from the following
targetUser:
type: string
description: The name of the user that should be shown this form
example: Jane.Doe
sections:
type: array
items:
type: object
allOf:
- type: object
properties:
name:
type: string
description: Name of the FormItem
example: Field1
- type: object
properties:
label:
type: string
description: Label of the section
example: Section 1
formItems:
type: array
items:
type: object
description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
example: []
description: Sections of the form
- nullable: true
errors:
type: array
items:
type: string
example:
- The work item ID that was specified was not found.
description: An array of errors that ocurred during the work item
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/work-items/{id}/reject/{approvalItemId}':
post:
operationId: rejectApprovalItem
tags:
- Work Items
summary: Reject an Approval Item
description: 'This API rejects an Approval Item. Either an admin, or the owning/current user must make this request.'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the work item
example: ef38f94347e94562b5bb8424a56397d8
- in: path
name: approvalItemId
schema:
type: string
required: true
description: The ID of the approval item.
example: 1211bcaa32112bcef6122adb21cef1ac
responses:
'200':
description: A work items details object.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the work item
example: 2c9180835d2e5168015d32f890ca1581
requesterId:
type: string
description: ID of the requester
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
requesterDisplayName:
type: string
description: The displayname of the requester
example: John Smith
nullable: true
ownerId:
type: string
description: The ID of the owner
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
ownerName:
type: string
description: The name of the owner
example: Jason Smith
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
description: Time when the work item was created
modified:
type: string
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: Time when the work item was last updated
nullable: true
description:
type: string
description: The description of the work item
example: Create account on source 'AD'
state:
type: string
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
example: Finished
description: The state of a work item
type:
type: string
enum:
- Generic
- Certification
- Remediation
- Delegation
- Approval
- ViolationReview
- Form
- PolicyVioloation
- Challenge
- ImpactAnalysis
- Signoff
- Event
- ManualAction
- Test
example: Generic
description: The type of the work item
remediationItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The ID of the certification
example: 2c9180835d2e5168015d32f890ca1581
targetId:
type: string
description: The ID of the certification target
example: 2c9180835d2e5168015d32f890ca1581
targetName:
type: string
description: The name of the certification target
example: john.smith
targetDisplayName:
type: string
description: The display name of the certification target
example: emailAddress
applicationName:
type: string
description: The name of the application/source
example: Active Directory
attributeName:
type: string
description: The name of the attribute being certified
example: phoneNumber
attributeOperation:
type: string
description: The operation of the certification on the attribute
example: update
attributeValue:
type: string
description: The value of the attribute being certified
example: 512-555-1212
nativeIdentity:
type: string
description: The native identity of the target
example: jason.smith2
description: A list of remediation items
approvalItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The approval item's ID
example: 2c9180835d2e5168015d32f890ca1581
account:
type: string
description: The account referenced by the approval item
example: john.smith
nullable: true
application:
type: string
description: The name of the application/source
example: Active Directory
name:
type: string
description: The attribute's name
example: emailAddress
nullable: true
operation:
type: string
description: The attribute's operation
example: update
value:
type: string
description: The attribute's value
example: a@b.com
nullable: true
state:
allOf:
- type: string
enum:
- FINISHED
- REJECTED
- RETURNED
- EXPIRED
- PENDING
- CANCELED
- null
example: FINISHED
description: The state of a work item
- nullable: true
description: A list of items that need to be approved
name:
type: string
description: The work item name
example: Account Create
nullable: true
completed:
type: string
format: date-time
example: '2018-10-19T13:49:37.385Z'
description: The time at which the work item completed
nullable: true
numItems:
type: integer
format: int32
description: The number of items in the work item
example: 19
nullable: true
form:
allOf:
- type: object
properties:
id:
type: string
description: ID of the form
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
name:
type: string
description: Name of the form
example: AccountSelection Form
nullable: true
title:
type: string
description: The form title
example: Account Selection for John.Doe
subtitle:
type: string
description: The form subtitle.
example: Please select from the following
targetUser:
type: string
description: The name of the user that should be shown this form
example: Jane.Doe
sections:
type: array
items:
type: object
allOf:
- type: object
properties:
name:
type: string
description: Name of the FormItem
example: Field1
- type: object
properties:
label:
type: string
description: Label of the section
example: Section 1
formItems:
type: array
items:
type: object
description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
example: []
description: Sections of the form
- nullable: true
errors:
type: array
items:
type: string
example:
- The work item ID that was specified was not found.
description: An array of errors that ocurred during the work item
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/work-items/bulk-approve/{id}':
post:
operationId: approveApprovalItemsInBulk
tags:
- Work Items
summary: Bulk approve Approval Items
description: 'This API bulk approves Approval Items. Either an admin, or the owning/current user must make this request.'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the work item
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: A work items details object.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the work item
example: 2c9180835d2e5168015d32f890ca1581
requesterId:
type: string
description: ID of the requester
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
requesterDisplayName:
type: string
description: The displayname of the requester
example: John Smith
nullable: true
ownerId:
type: string
description: The ID of the owner
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
ownerName:
type: string
description: The name of the owner
example: Jason Smith
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
description: Time when the work item was created
modified:
type: string
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: Time when the work item was last updated
nullable: true
description:
type: string
description: The description of the work item
example: Create account on source 'AD'
state:
type: string
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
example: Finished
description: The state of a work item
type:
type: string
enum:
- Generic
- Certification
- Remediation
- Delegation
- Approval
- ViolationReview
- Form
- PolicyVioloation
- Challenge
- ImpactAnalysis
- Signoff
- Event
- ManualAction
- Test
example: Generic
description: The type of the work item
remediationItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The ID of the certification
example: 2c9180835d2e5168015d32f890ca1581
targetId:
type: string
description: The ID of the certification target
example: 2c9180835d2e5168015d32f890ca1581
targetName:
type: string
description: The name of the certification target
example: john.smith
targetDisplayName:
type: string
description: The display name of the certification target
example: emailAddress
applicationName:
type: string
description: The name of the application/source
example: Active Directory
attributeName:
type: string
description: The name of the attribute being certified
example: phoneNumber
attributeOperation:
type: string
description: The operation of the certification on the attribute
example: update
attributeValue:
type: string
description: The value of the attribute being certified
example: 512-555-1212
nativeIdentity:
type: string
description: The native identity of the target
example: jason.smith2
description: A list of remediation items
approvalItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The approval item's ID
example: 2c9180835d2e5168015d32f890ca1581
account:
type: string
description: The account referenced by the approval item
example: john.smith
nullable: true
application:
type: string
description: The name of the application/source
example: Active Directory
name:
type: string
description: The attribute's name
example: emailAddress
nullable: true
operation:
type: string
description: The attribute's operation
example: update
value:
type: string
description: The attribute's value
example: a@b.com
nullable: true
state:
allOf:
- type: string
enum:
- FINISHED
- REJECTED
- RETURNED
- EXPIRED
- PENDING
- CANCELED
- null
example: FINISHED
description: The state of a work item
- nullable: true
description: A list of items that need to be approved
name:
type: string
description: The work item name
example: Account Create
nullable: true
completed:
type: string
format: date-time
example: '2018-10-19T13:49:37.385Z'
description: The time at which the work item completed
nullable: true
numItems:
type: integer
format: int32
description: The number of items in the work item
example: 19
nullable: true
form:
allOf:
- type: object
properties:
id:
type: string
description: ID of the form
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
name:
type: string
description: Name of the form
example: AccountSelection Form
nullable: true
title:
type: string
description: The form title
example: Account Selection for John.Doe
subtitle:
type: string
description: The form subtitle.
example: Please select from the following
targetUser:
type: string
description: The name of the user that should be shown this form
example: Jane.Doe
sections:
type: array
items:
type: object
allOf:
- type: object
properties:
name:
type: string
description: Name of the FormItem
example: Field1
- type: object
properties:
label:
type: string
description: Label of the section
example: Section 1
formItems:
type: array
items:
type: object
description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
example: []
description: Sections of the form
- nullable: true
errors:
type: array
items:
type: string
example:
- The work item ID that was specified was not found.
description: An array of errors that ocurred during the work item
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/work-items/bulk-reject/{id}':
post:
operationId: rejectApprovalItemsInBulk
tags:
- Work Items
summary: Bulk reject Approval Items
description: 'This API bulk rejects Approval Items. Either an admin, or the owning/current user must make this request.'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the work item
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: A work items details object.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the work item
example: 2c9180835d2e5168015d32f890ca1581
requesterId:
type: string
description: ID of the requester
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
requesterDisplayName:
type: string
description: The displayname of the requester
example: John Smith
nullable: true
ownerId:
type: string
description: The ID of the owner
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
ownerName:
type: string
description: The name of the owner
example: Jason Smith
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
description: Time when the work item was created
modified:
type: string
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: Time when the work item was last updated
nullable: true
description:
type: string
description: The description of the work item
example: Create account on source 'AD'
state:
type: string
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
example: Finished
description: The state of a work item
type:
type: string
enum:
- Generic
- Certification
- Remediation
- Delegation
- Approval
- ViolationReview
- Form
- PolicyVioloation
- Challenge
- ImpactAnalysis
- Signoff
- Event
- ManualAction
- Test
example: Generic
description: The type of the work item
remediationItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The ID of the certification
example: 2c9180835d2e5168015d32f890ca1581
targetId:
type: string
description: The ID of the certification target
example: 2c9180835d2e5168015d32f890ca1581
targetName:
type: string
description: The name of the certification target
example: john.smith
targetDisplayName:
type: string
description: The display name of the certification target
example: emailAddress
applicationName:
type: string
description: The name of the application/source
example: Active Directory
attributeName:
type: string
description: The name of the attribute being certified
example: phoneNumber
attributeOperation:
type: string
description: The operation of the certification on the attribute
example: update
attributeValue:
type: string
description: The value of the attribute being certified
example: 512-555-1212
nativeIdentity:
type: string
description: The native identity of the target
example: jason.smith2
description: A list of remediation items
approvalItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The approval item's ID
example: 2c9180835d2e5168015d32f890ca1581
account:
type: string
description: The account referenced by the approval item
example: john.smith
nullable: true
application:
type: string
description: The name of the application/source
example: Active Directory
name:
type: string
description: The attribute's name
example: emailAddress
nullable: true
operation:
type: string
description: The attribute's operation
example: update
value:
type: string
description: The attribute's value
example: a@b.com
nullable: true
state:
allOf:
- type: string
enum:
- FINISHED
- REJECTED
- RETURNED
- EXPIRED
- PENDING
- CANCELED
- null
example: FINISHED
description: The state of a work item
- nullable: true
description: A list of items that need to be approved
name:
type: string
description: The work item name
example: Account Create
nullable: true
completed:
type: string
format: date-time
example: '2018-10-19T13:49:37.385Z'
description: The time at which the work item completed
nullable: true
numItems:
type: integer
format: int32
description: The number of items in the work item
example: 19
nullable: true
form:
allOf:
- type: object
properties:
id:
type: string
description: ID of the form
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
name:
type: string
description: Name of the form
example: AccountSelection Form
nullable: true
title:
type: string
description: The form title
example: Account Selection for John.Doe
subtitle:
type: string
description: The form subtitle.
example: Please select from the following
targetUser:
type: string
description: The name of the user that should be shown this form
example: Jane.Doe
sections:
type: array
items:
type: object
allOf:
- type: object
properties:
name:
type: string
description: Name of the FormItem
example: Field1
- type: object
properties:
label:
type: string
description: Label of the section
example: Section 1
formItems:
type: array
items:
type: object
description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
example: []
description: Sections of the form
- nullable: true
errors:
type: array
items:
type: string
example:
- The work item ID that was specified was not found.
description: An array of errors that ocurred during the work item
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/work-items/{id}/submit-account-selection':
post:
operationId: submitAccountSelection
tags:
- Work Items
summary: Submit Account Selections
description: 'This API submits account selections. Either an admin, or the owning/current user must make this request.'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the work item
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
type: object
additionalProperties: true
example:
fieldName: fieldValue
description: 'Account Selection Data map, keyed on fieldName'
responses:
'200':
description: A work items details object.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the work item
example: 2c9180835d2e5168015d32f890ca1581
requesterId:
type: string
description: ID of the requester
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
requesterDisplayName:
type: string
description: The displayname of the requester
example: John Smith
nullable: true
ownerId:
type: string
description: The ID of the owner
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
ownerName:
type: string
description: The name of the owner
example: Jason Smith
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
description: Time when the work item was created
modified:
type: string
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: Time when the work item was last updated
nullable: true
description:
type: string
description: The description of the work item
example: Create account on source 'AD'
state:
type: string
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
example: Finished
description: The state of a work item
type:
type: string
enum:
- Generic
- Certification
- Remediation
- Delegation
- Approval
- ViolationReview
- Form
- PolicyVioloation
- Challenge
- ImpactAnalysis
- Signoff
- Event
- ManualAction
- Test
example: Generic
description: The type of the work item
remediationItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The ID of the certification
example: 2c9180835d2e5168015d32f890ca1581
targetId:
type: string
description: The ID of the certification target
example: 2c9180835d2e5168015d32f890ca1581
targetName:
type: string
description: The name of the certification target
example: john.smith
targetDisplayName:
type: string
description: The display name of the certification target
example: emailAddress
applicationName:
type: string
description: The name of the application/source
example: Active Directory
attributeName:
type: string
description: The name of the attribute being certified
example: phoneNumber
attributeOperation:
type: string
description: The operation of the certification on the attribute
example: update
attributeValue:
type: string
description: The value of the attribute being certified
example: 512-555-1212
nativeIdentity:
type: string
description: The native identity of the target
example: jason.smith2
description: A list of remediation items
approvalItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The approval item's ID
example: 2c9180835d2e5168015d32f890ca1581
account:
type: string
description: The account referenced by the approval item
example: john.smith
nullable: true
application:
type: string
description: The name of the application/source
example: Active Directory
name:
type: string
description: The attribute's name
example: emailAddress
nullable: true
operation:
type: string
description: The attribute's operation
example: update
value:
type: string
description: The attribute's value
example: a@b.com
nullable: true
state:
allOf:
- type: string
enum:
- FINISHED
- REJECTED
- RETURNED
- EXPIRED
- PENDING
- CANCELED
- null
example: FINISHED
description: The state of a work item
- nullable: true
description: A list of items that need to be approved
name:
type: string
description: The work item name
example: Account Create
nullable: true
completed:
type: string
format: date-time
example: '2018-10-19T13:49:37.385Z'
description: The time at which the work item completed
nullable: true
numItems:
type: integer
format: int32
description: The number of items in the work item
example: 19
nullable: true
form:
allOf:
- type: object
properties:
id:
type: string
description: ID of the form
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
name:
type: string
description: Name of the form
example: AccountSelection Form
nullable: true
title:
type: string
description: The form title
example: Account Selection for John.Doe
subtitle:
type: string
description: The form subtitle.
example: Please select from the following
targetUser:
type: string
description: The name of the user that should be shown this form
example: Jane.Doe
sections:
type: array
items:
type: object
allOf:
- type: object
properties:
name:
type: string
description: Name of the FormItem
example: Field1
- type: object
properties:
label:
type: string
description: Label of the section
example: Section 1
formItems:
type: array
items:
type: object
description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
example: []
description: Sections of the form
- nullable: true
errors:
type: array
items:
type: string
example:
- The work item ID that was specified was not found.
description: An array of errors that ocurred during the work item
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/workflows:
get:
operationId: listWorkflows
tags:
- Workflows
summary: List Workflows
description: List all workflows in the tenant.
security:
- UserContextAuth:
- 'sp:workflow:read'
responses:
'200':
description: List of workflows
content:
application/json:
schema:
type: array
items:
allOf:
- type: object
properties:
id:
type: string
description: Workflow ID. This is a UUID generated upon creation.
example: d201c5e9-d37b-4aff-af14-66414f39d569
executionCount:
type: integer
format: int32
description: The number of times this workflow has been executed.
example: 2
failureCount:
type: integer
format: int32
description: The number of times this workflow has failed during execution.
example: 0
created:
type: string
format: date-time
description: The date and time the workflow was created.
example: '2022-01-10T16:06:16.636381447Z'
creator:
type: object
description: Workflow creator's identity.
properties:
type:
type: string
description: Workflow creator's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Workflow creator's identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Workflow creator's display name.
example: Michael Michaels
- type: object
properties:
name:
type: string
description: The name of the workflow
example: Send Email
owner:
description: The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request.
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object that is referenced
id:
type: string
description: The unique ID of the object
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The name of the object
example: William Wilson
description:
type: string
description: Description of what the workflow accomplishes
example: Send an email to the identity who's attributes changed.
definition:
type: object
description: The map of steps that the workflow will execute.
properties:
start:
type: string
description: The name of the starting step.
example: Send Email Test
steps:
type: object
description: One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type.
additionalProperties: true
example:
Send Email:
actionId: 'sp:send-email'
attributes:
body: This is a test
from: sailpoint@sailpoint.com
recipientId.$: $.identity.id
subject: test
nextStep: success
selectResult: null
type: ACTION
success:
type: success
enabled:
type: boolean
description: Enable or disable the workflow. Workflows cannot be created in an enabled state.
default: false
example: false
trigger:
type: object
description: The trigger that starts the workflow
required:
- type
- attributes
properties:
type:
type: string
enum:
- EVENT
- EXTERNAL
- SCHEDULED
example: EVENT
description: The trigger type
attributes:
oneOf:
- title: Event Trigger Attributes
type: object
description: Attributes related to an IdentityNow ETS event
required:
- id
properties:
id:
type: string
description: The unique ID of the trigger
example: 'idn:identity-attributes-changed'
filter.$:
type: string
description: JSON path expression that will limit which events the trigger will fire on
example: '$.changes[?(@.attribute == ''manager'')]'
- title: External Trigger Attributes
type: object
description: Attributes related to an external trigger
required:
- name
properties:
name:
type: string
description: A unique name for the external trigger
example: search-and-notify
description:
type: string
description: Additonal context about the external trigger
example: Run a search and notify the results
- title: Scheduled Trigger Attributes
type: object
description: Attributes related to a scheduled trigger
required:
- cronString
properties:
cronString:
type: string
description: A valid CRON expression
externalDocs:
description: CRON expression editor
url: 'https://crontab.guru/'
example: 0 * */3 */5 *
description: Workflow Trigger Attributes.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/workflows/{id}':
get:
operationId: getWorkflow
tags:
- Workflows
summary: Get Workflow By Id
description: Get a single workflow by id.
security:
- UserContextAuth:
- 'sp:workflow:read'
parameters:
- name: id
in: path
description: Id of the workflow
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
responses:
'200':
description: The workflow object
content:
application/json:
schema:
allOf:
- type: object
properties:
id:
type: string
description: Workflow ID. This is a UUID generated upon creation.
example: d201c5e9-d37b-4aff-af14-66414f39d569
executionCount:
type: integer
format: int32
description: The number of times this workflow has been executed.
example: 2
failureCount:
type: integer
format: int32
description: The number of times this workflow has failed during execution.
example: 0
created:
type: string
format: date-time
description: The date and time the workflow was created.
example: '2022-01-10T16:06:16.636381447Z'
creator:
type: object
description: Workflow creator's identity.
properties:
type:
type: string
description: Workflow creator's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Workflow creator's identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Workflow creator's display name.
example: Michael Michaels
- type: object
properties:
name:
type: string
description: The name of the workflow
example: Send Email
owner:
description: The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request.
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object that is referenced
id:
type: string
description: The unique ID of the object
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The name of the object
example: William Wilson
description:
type: string
description: Description of what the workflow accomplishes
example: Send an email to the identity who's attributes changed.
definition:
type: object
description: The map of steps that the workflow will execute.
properties:
start:
type: string
description: The name of the starting step.
example: Send Email Test
steps:
type: object
description: One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type.
additionalProperties: true
example:
Send Email:
actionId: 'sp:send-email'
attributes:
body: This is a test
from: sailpoint@sailpoint.com
recipientId.$: $.identity.id
subject: test
nextStep: success
selectResult: null
type: ACTION
success:
type: success
enabled:
type: boolean
description: Enable or disable the workflow. Workflows cannot be created in an enabled state.
default: false
example: false
trigger:
type: object
description: The trigger that starts the workflow
required:
- type
- attributes
properties:
type:
type: string
enum:
- EVENT
- EXTERNAL
- SCHEDULED
example: EVENT
description: The trigger type
attributes:
oneOf:
- title: Event Trigger Attributes
type: object
description: Attributes related to an IdentityNow ETS event
required:
- id
properties:
id:
type: string
description: The unique ID of the trigger
example: 'idn:identity-attributes-changed'
filter.$:
type: string
description: JSON path expression that will limit which events the trigger will fire on
example: '$.changes[?(@.attribute == ''manager'')]'
- title: External Trigger Attributes
type: object
description: Attributes related to an external trigger
required:
- name
properties:
name:
type: string
description: A unique name for the external trigger
example: search-and-notify
description:
type: string
description: Additonal context about the external trigger
example: Run a search and notify the results
- title: Scheduled Trigger Attributes
type: object
description: Attributes related to a scheduled trigger
required:
- cronString
properties:
cronString:
type: string
description: A valid CRON expression
externalDocs:
description: CRON expression editor
url: 'https://crontab.guru/'
example: 0 * */3 */5 *
description: Workflow Trigger Attributes.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putWorkflow
tags:
- Workflows
summary: Update Workflow
description: Perform a full update of a workflow. The updated workflow object is returned in the response.
security:
- UserContextAuth:
- 'sp:workflow:manage'
parameters:
- name: id
in: path
description: Id of the Workflow
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: The name of the workflow
example: Send Email
owner:
description: The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request.
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object that is referenced
id:
type: string
description: The unique ID of the object
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The name of the object
example: William Wilson
description:
type: string
description: Description of what the workflow accomplishes
example: Send an email to the identity who's attributes changed.
definition:
type: object
description: The map of steps that the workflow will execute.
properties:
start:
type: string
description: The name of the starting step.
example: Send Email Test
steps:
type: object
description: One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type.
additionalProperties: true
example:
Send Email:
actionId: 'sp:send-email'
attributes:
body: This is a test
from: sailpoint@sailpoint.com
recipientId.$: $.identity.id
subject: test
nextStep: success
selectResult: null
type: ACTION
success:
type: success
enabled:
type: boolean
description: Enable or disable the workflow. Workflows cannot be created in an enabled state.
default: false
example: false
trigger:
type: object
description: The trigger that starts the workflow
required:
- type
- attributes
properties:
type:
type: string
enum:
- EVENT
- EXTERNAL
- SCHEDULED
example: EVENT
description: The trigger type
attributes:
oneOf:
- title: Event Trigger Attributes
type: object
description: Attributes related to an IdentityNow ETS event
required:
- id
properties:
id:
type: string
description: The unique ID of the trigger
example: 'idn:identity-attributes-changed'
filter.$:
type: string
description: JSON path expression that will limit which events the trigger will fire on
example: '$.changes[?(@.attribute == ''manager'')]'
- title: External Trigger Attributes
type: object
description: Attributes related to an external trigger
required:
- name
properties:
name:
type: string
description: A unique name for the external trigger
example: search-and-notify
description:
type: string
description: Additonal context about the external trigger
example: Run a search and notify the results
- title: Scheduled Trigger Attributes
type: object
description: Attributes related to a scheduled trigger
required:
- cronString
properties:
cronString:
type: string
description: A valid CRON expression
externalDocs:
description: CRON expression editor
url: 'https://crontab.guru/'
example: 0 * */3 */5 *
description: Workflow Trigger Attributes.
responses:
'200':
description: The Workflow object
content:
application/json:
schema:
allOf:
- type: object
properties:
id:
type: string
description: Workflow ID. This is a UUID generated upon creation.
example: d201c5e9-d37b-4aff-af14-66414f39d569
executionCount:
type: integer
format: int32
description: The number of times this workflow has been executed.
example: 2
failureCount:
type: integer
format: int32
description: The number of times this workflow has failed during execution.
example: 0
created:
type: string
format: date-time
description: The date and time the workflow was created.
example: '2022-01-10T16:06:16.636381447Z'
creator:
type: object
description: Workflow creator's identity.
properties:
type:
type: string
description: Workflow creator's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Workflow creator's identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Workflow creator's display name.
example: Michael Michaels
- type: object
properties:
name:
type: string
description: The name of the workflow
example: Send Email
owner:
description: The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request.
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object that is referenced
id:
type: string
description: The unique ID of the object
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The name of the object
example: William Wilson
description:
type: string
description: Description of what the workflow accomplishes
example: Send an email to the identity who's attributes changed.
definition:
type: object
description: The map of steps that the workflow will execute.
properties:
start:
type: string
description: The name of the starting step.
example: Send Email Test
steps:
type: object
description: One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type.
additionalProperties: true
example:
Send Email:
actionId: 'sp:send-email'
attributes:
body: This is a test
from: sailpoint@sailpoint.com
recipientId.$: $.identity.id
subject: test
nextStep: success
selectResult: null
type: ACTION
success:
type: success
enabled:
type: boolean
description: Enable or disable the workflow. Workflows cannot be created in an enabled state.
default: false
example: false
trigger:
type: object
description: The trigger that starts the workflow
required:
- type
- attributes
properties:
type:
type: string
enum:
- EVENT
- EXTERNAL
- SCHEDULED
example: EVENT
description: The trigger type
attributes:
oneOf:
- title: Event Trigger Attributes
type: object
description: Attributes related to an IdentityNow ETS event
required:
- id
properties:
id:
type: string
description: The unique ID of the trigger
example: 'idn:identity-attributes-changed'
filter.$:
type: string
description: JSON path expression that will limit which events the trigger will fire on
example: '$.changes[?(@.attribute == ''manager'')]'
- title: External Trigger Attributes
type: object
description: Attributes related to an external trigger
required:
- name
properties:
name:
type: string
description: A unique name for the external trigger
example: search-and-notify
description:
type: string
description: Additonal context about the external trigger
example: Run a search and notify the results
- title: Scheduled Trigger Attributes
type: object
description: Attributes related to a scheduled trigger
required:
- cronString
properties:
cronString:
type: string
description: A valid CRON expression
externalDocs:
description: CRON expression editor
url: 'https://crontab.guru/'
example: 0 * */3 */5 *
description: Workflow Trigger Attributes.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchWorkflow
tags:
- Workflows
summary: Patch Workflow
description: 'Partially update an existing Workflow using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax.'
security:
- UserContextAuth:
- 'sp:workflow:manage'
parameters:
- name: id
in: path
description: Id of the Workflow
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
requestBody:
required: true
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
examples:
Update all patchable fields:
description: Demonstrate how to update each patchable field in one PATCH request.
value:
- op: replace
path: /name
value: Send Email
- op: replace
path: /owner
value:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: William Wilson
- op: replace
path: /description
value: Send an email to the identity who's attributes changed.
- op: replace
path: /enabled
value: false
- op: replace
path: /definition
value:
start: Send Email Test
steps:
Send Email:
actionId: 'sp:send-email'
attributes:
body: This is a test
from: sailpoint@sailpoint.com
recipientId.$: $.identity.id
subject: test
nextStep: success
selectResult: null
type: action
success:
type: success
- op: replace
path: /trigger
value:
type: EVENT
attributes:
id: 'idn:identity-attributes-changed'
responses:
'200':
description: The Workflow object
content:
application/json:
schema:
allOf:
- type: object
properties:
id:
type: string
description: Workflow ID. This is a UUID generated upon creation.
example: d201c5e9-d37b-4aff-af14-66414f39d569
executionCount:
type: integer
format: int32
description: The number of times this workflow has been executed.
example: 2
failureCount:
type: integer
format: int32
description: The number of times this workflow has failed during execution.
example: 0
created:
type: string
format: date-time
description: The date and time the workflow was created.
example: '2022-01-10T16:06:16.636381447Z'
creator:
type: object
description: Workflow creator's identity.
properties:
type:
type: string
description: Workflow creator's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Workflow creator's identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Workflow creator's display name.
example: Michael Michaels
- type: object
properties:
name:
type: string
description: The name of the workflow
example: Send Email
owner:
description: The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request.
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object that is referenced
id:
type: string
description: The unique ID of the object
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The name of the object
example: William Wilson
description:
type: string
description: Description of what the workflow accomplishes
example: Send an email to the identity who's attributes changed.
definition:
type: object
description: The map of steps that the workflow will execute.
properties:
start:
type: string
description: The name of the starting step.
example: Send Email Test
steps:
type: object
description: One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type.
additionalProperties: true
example:
Send Email:
actionId: 'sp:send-email'
attributes:
body: This is a test
from: sailpoint@sailpoint.com
recipientId.$: $.identity.id
subject: test
nextStep: success
selectResult: null
type: ACTION
success:
type: success
enabled:
type: boolean
description: Enable or disable the workflow. Workflows cannot be created in an enabled state.
default: false
example: false
trigger:
type: object
description: The trigger that starts the workflow
required:
- type
- attributes
properties:
type:
type: string
enum:
- EVENT
- EXTERNAL
- SCHEDULED
example: EVENT
description: The trigger type
attributes:
oneOf:
- title: Event Trigger Attributes
type: object
description: Attributes related to an IdentityNow ETS event
required:
- id
properties:
id:
type: string
description: The unique ID of the trigger
example: 'idn:identity-attributes-changed'
filter.$:
type: string
description: JSON path expression that will limit which events the trigger will fire on
example: '$.changes[?(@.attribute == ''manager'')]'
- title: External Trigger Attributes
type: object
description: Attributes related to an external trigger
required:
- name
properties:
name:
type: string
description: A unique name for the external trigger
example: search-and-notify
description:
type: string
description: Additonal context about the external trigger
example: Run a search and notify the results
- title: Scheduled Trigger Attributes
type: object
description: Attributes related to a scheduled trigger
required:
- cronString
properties:
cronString:
type: string
description: A valid CRON expression
externalDocs:
description: CRON expression editor
url: 'https://crontab.guru/'
example: 0 * */3 */5 *
description: Workflow Trigger Attributes.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteWorkflow
tags:
- Workflows
summary: Delete Workflow By Id
description: Delete a workflow. **Enabled workflows cannot be deleted**. They must first be disabled.
security:
- UserContextAuth:
- 'sp:workflow:manage'
parameters:
- name: id
in: path
description: Id of the Workflow
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createWorkflow
tags:
- Workflows
summary: Create Workflow
description: Create a new workflow with the desired trigger and steps specified in the request body.
security:
- UserContextAuth:
- 'sp:workflow:manage'
requestBody:
required: true
content:
application/json:
schema:
allOf:
- required:
- name
- owner
- type: object
properties:
name:
type: string
description: The name of the workflow
example: Send Email
owner:
description: The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request.
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object that is referenced
id:
type: string
description: The unique ID of the object
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The name of the object
example: William Wilson
description:
type: string
description: Description of what the workflow accomplishes
example: Send an email to the identity who's attributes changed.
definition:
type: object
description: The map of steps that the workflow will execute.
properties:
start:
type: string
description: The name of the starting step.
example: Send Email Test
steps:
type: object
description: One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type.
additionalProperties: true
example:
Send Email:
actionId: 'sp:send-email'
attributes:
body: This is a test
from: sailpoint@sailpoint.com
recipientId.$: $.identity.id
subject: test
nextStep: success
selectResult: null
type: ACTION
success:
type: success
enabled:
type: boolean
description: Enable or disable the workflow. Workflows cannot be created in an enabled state.
default: false
example: false
trigger:
type: object
description: The trigger that starts the workflow
required:
- type
- attributes
properties:
type:
type: string
enum:
- EVENT
- EXTERNAL
- SCHEDULED
example: EVENT
description: The trigger type
attributes:
oneOf:
- title: Event Trigger Attributes
type: object
description: Attributes related to an IdentityNow ETS event
required:
- id
properties:
id:
type: string
description: The unique ID of the trigger
example: 'idn:identity-attributes-changed'
filter.$:
type: string
description: JSON path expression that will limit which events the trigger will fire on
example: '$.changes[?(@.attribute == ''manager'')]'
- title: External Trigger Attributes
type: object
description: Attributes related to an external trigger
required:
- name
properties:
name:
type: string
description: A unique name for the external trigger
example: search-and-notify
description:
type: string
description: Additonal context about the external trigger
example: Run a search and notify the results
- title: Scheduled Trigger Attributes
type: object
description: Attributes related to a scheduled trigger
required:
- cronString
properties:
cronString:
type: string
description: A valid CRON expression
externalDocs:
description: CRON expression editor
url: 'https://crontab.guru/'
example: 0 * */3 */5 *
description: Workflow Trigger Attributes.
examples:
Event Trigger:
description: Workflow initiated by an event trigger
value:
name: Send Email
owner:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: William Wilson
description: Send an email to the identity who's attributes changed.
definition:
start: Send Email Test
steps:
Send Email:
actionId: 'sp:send-email'
attributes:
body: This is a test
from: sailpoint@sailpoint.com
recipientId.$: $.identity.id
subject: test
nextStep: success
selectResult: null
type: action
success:
type: success
enabled: false
trigger:
type: EVENT
attributes:
id: 'idn:identity-attributes-changed'
filter: '$.changes[?(@.attribute == ''manager'')]'
Scheduled Trigger:
description: Workflow initiated by a scheduled trigger
value:
name: Send Email
owner:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: William Wilson
description: Send an email to the identity who's attributes changed.
definition:
start: Send Email Test
steps:
Send Email:
actionId: 'sp:send-email'
attributes:
body: This is a test
from: sailpoint@sailpoint.com
recipientId.$: $.identity.id
subject: test
nextStep: success
selectResult: null
type: action
success:
type: success
enabled: false
trigger:
type: SCHEDULED
attributes:
cronString: 0 * */3 */5 *
External Trigger:
description: Workflow initiated by an external trigger
value:
name: Send Email
owner:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: William Wilson
description: Send an email to the identity whose attributes changed.
definition:
start: Send Email Test
steps:
Send Email:
actionId: 'sp:send-email'
attributes:
body: This is a test
from: sailpoint@sailpoint.com
recipientId.$: $.identity.id
subject: test
nextStep: success
selectResult: null
type: action
success:
type: success
enabled: false
trigger:
type: EXTERNAL
attributes:
name: search-and-notify
description: Run a search and notify the results
responses:
'200':
description: The Workflow object
content:
application/json:
schema:
allOf:
- type: object
properties:
id:
type: string
description: Workflow ID. This is a UUID generated upon creation.
example: d201c5e9-d37b-4aff-af14-66414f39d569
executionCount:
type: integer
format: int32
description: The number of times this workflow has been executed.
example: 2
failureCount:
type: integer
format: int32
description: The number of times this workflow has failed during execution.
example: 0
created:
type: string
format: date-time
description: The date and time the workflow was created.
example: '2022-01-10T16:06:16.636381447Z'
creator:
type: object
description: Workflow creator's identity.
properties:
type:
type: string
description: Workflow creator's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Workflow creator's identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Workflow creator's display name.
example: Michael Michaels
- type: object
properties:
name:
type: string
description: The name of the workflow
example: Send Email
owner:
description: The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request.
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object that is referenced
id:
type: string
description: The unique ID of the object
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The name of the object
example: William Wilson
description:
type: string
description: Description of what the workflow accomplishes
example: Send an email to the identity who's attributes changed.
definition:
type: object
description: The map of steps that the workflow will execute.
properties:
start:
type: string
description: The name of the starting step.
example: Send Email Test
steps:
type: object
description: One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type.
additionalProperties: true
example:
Send Email:
actionId: 'sp:send-email'
attributes:
body: This is a test
from: sailpoint@sailpoint.com
recipientId.$: $.identity.id
subject: test
nextStep: success
selectResult: null
type: ACTION
success:
type: success
enabled:
type: boolean
description: Enable or disable the workflow. Workflows cannot be created in an enabled state.
default: false
example: false
trigger:
type: object
description: The trigger that starts the workflow
required:
- type
- attributes
properties:
type:
type: string
enum:
- EVENT
- EXTERNAL
- SCHEDULED
example: EVENT
description: The trigger type
attributes:
oneOf:
- title: Event Trigger Attributes
type: object
description: Attributes related to an IdentityNow ETS event
required:
- id
properties:
id:
type: string
description: The unique ID of the trigger
example: 'idn:identity-attributes-changed'
filter.$:
type: string
description: JSON path expression that will limit which events the trigger will fire on
example: '$.changes[?(@.attribute == ''manager'')]'
- title: External Trigger Attributes
type: object
description: Attributes related to an external trigger
required:
- name
properties:
name:
type: string
description: A unique name for the external trigger
example: search-and-notify
description:
type: string
description: Additonal context about the external trigger
example: Run a search and notify the results
- title: Scheduled Trigger Attributes
type: object
description: Attributes related to a scheduled trigger
required:
- cronString
properties:
cronString:
type: string
description: A valid CRON expression
externalDocs:
description: CRON expression editor
url: 'https://crontab.guru/'
example: 0 * */3 */5 *
description: Workflow Trigger Attributes.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/workflows/{id}/test':
post:
operationId: testWorkflow
tags:
- Workflows
summary: Test Workflow By Id
description: |-
Test a workflow with the provided input data. The input data should resemble the input that the trigger will send the workflow. See the [event trigger documentation](https://developer.sailpoint.com/idn/docs/event-triggers/available) for an example input for the trigger that initiates this workflow.
This endpoint will return an execution ID, which can be used to lookup more information about the execution using the `Get a Workflow Execution` endpoint.
**This will cause a live run of the workflow, which could result in unintended modifications to your IDN tenant.**
security:
- UserContextAuth:
- 'sp:workflow-execute:external'
parameters:
- name: id
in: path
description: Id of the workflow
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- input
properties:
input:
type: object
description: The test input for the workflow.
examples:
Identity Attributes Changed:
description: Identity Attributes Changed Trigger Input
value:
input:
identity:
id: ee769173319b41d19ccec6cea52f237b
name: john.doe
type: IDENTITY
changes:
- attribute: department
oldValue: sales
newValue: marketing
- attribute: manager
oldValue:
id: ee769173319b41d19ccec6c235423237b
name: nice.guy
type: IDENTITY
newValue:
id: ee769173319b41d19ccec6c235423236c
name: mean.guy
type: IDENTITY
- attribute: email
oldValue: john.doe@hotmail.com
newValue: john.doe@gmail.com
responses:
'200':
description: The Workflow object
content:
application/json:
schema:
type: object
properties:
workflowExecutionId:
type: string
description: The workflow execution id
example: 0e11cefa-96e7-4b67-90d0-065bc1da5753
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/workflows/{id}/executions':
get:
operationId: listWorkflowExecutions
tags:
- Workflows
summary: List Workflow Executions
description: |-
This lists the executions for a given workflow. Workflow executions are available for up to 90 days before being archived. By default, you can get a maximum of 250 executions. To get executions past the first 250 records, you can do the following:
1. Use the [Get Workflows](https://developer.sailpoint.com/idn/api/beta/list-workflows) endpoint to get your workflows.
2. Get your workflow ID from the response.
3. You can then do either of the following:
- Filter to find relevant workflow executions.
For example, you can filter for failed workflow executions: `GET /workflows/:workflowID/executions?filters=status eq "Failed"`
- You can paginate through results with the `offset` parameter.
For example, you can page through 50 executions per page and use that as a way to get to the records past the first 250.
Refer to [Paginating Results](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-results) for more information about the query parameters you can use to achieve pagination.
security:
- UserContextAuth:
- 'sp:workflow:read'
parameters:
- name: id
in: path
description: Id of the workflow
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
example: status eq "Failed"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**startTime**: *eq, lt, le, gt, ge*
**status**: *eq*
required: false
responses:
'200':
description: List of workflow executions for the given workflow
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The workflow execution ID
example: b393f4e2-4785-4d7f-ab27-3a6b8ded4c81
workflowId:
type: string
description: The workflow ID
example: d201c5d9-d37b-4a2f-af14-66414f39d568
requestId:
type: string
description: This backend ID tracks a workflow request in the system. You can provide this ID in a customer support ticket for debugging purposes.
example: 41e12a74fa7b4a6a98ae47887b64acdb
startTime:
type: string
format: date-time
description: The date/time the workflow started
example: '2022-02-07T20:13:29.356648026Z'
closeTime:
type: string
format: date-time
description: The date/time the workflow ended
example: '2022-02-07T20:13:31.682410165Z'
status:
description: The workflow execution status
type: string
enum:
- Completed
- Failed
- Canceled
- Running
example: Completed
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/workflow-executions/{id}':
get:
operationId: getWorkflowExecution
tags:
- Workflows
summary: Get a Workflow Execution
description: 'Get a single workflow execution. Workflow executions are available for up to 90 days before being archived. If you attempt to access a workflow execution that has been archived, you will receive a 404 Not Found.'
security:
- UserContextAuth:
- 'sp:workflow:read'
parameters:
- name: id
in: path
description: Id of the workflow execution
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
responses:
'200':
description: The workflow execution
content:
application/json:
schema:
items:
type: object
properties:
id:
type: string
description: The workflow execution ID
example: b393f4e2-4785-4d7f-ab27-3a6b8ded4c81
workflowId:
type: string
description: The workflow ID
example: d201c5d9-d37b-4a2f-af14-66414f39d568
requestId:
type: string
description: This backend ID tracks a workflow request in the system. You can provide this ID in a customer support ticket for debugging purposes.
example: 41e12a74fa7b4a6a98ae47887b64acdb
startTime:
type: string
format: date-time
description: The date/time the workflow started
example: '2022-02-07T20:13:29.356648026Z'
closeTime:
type: string
format: date-time
description: The date/time the workflow ended
example: '2022-02-07T20:13:31.682410165Z'
status:
description: The workflow execution status
type: string
enum:
- Completed
- Failed
- Canceled
- Running
example: Completed
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/workflow-executions/{id}/history':
get:
operationId: getWorkflowExecutionHistory
tags:
- Workflows
summary: Get Workflow Execution History
description: 'Get a detailed history of a single workflow execution. Workflow executions are available for up to 90 days before being archived. If you attempt to access a workflow execution that has been archived, you will receive a 404 Not Found.'
security:
- UserContextAuth:
- 'sp:workflow:read'
parameters:
- name: id
in: path
description: Id of the workflow execution
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
responses:
'200':
description: List of workflow execution events for the given workflow execution
content:
application/json:
schema:
type: array
items:
type: object
properties:
type:
description: The type of event
enum:
- WorkflowExecutionScheduled
- WorkflowExecutionStarted
- WorkflowExecutionCompleted
- WorkflowExecutionFailed
- WorkflowTaskScheduled
- WorkflowTaskStarted
- WorkflowTaskCompleted
- WorkflowTaskFailed
- ActivityTaskScheduled
- ActivityTaskStarted
- ActivityTaskCompleted
- ActivityTaskFailed
example: WorkflowTaskScheduled
timestamp:
type: string
format: date-time
description: The date-time when the event occurred
example: '2022-02-07T20:13:31.640618296Z'
attributes:
type: object
description: Additional attributes associated with the event
example: {}
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/workflow-executions/{id}/cancel':
post:
operationId: cancelWorkflowExecution
tags:
- Workflows
summary: Cancel Workflow Execution by ID
description: Use this API to cancel a running workflow execution.
security:
- UserContextAuth:
- 'sp:workflow-execute:external'
parameters:
- name: id
in: path
description: The workflow execution ID
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/workflow-library:
get:
operationId: listCompleteWorkflowLibrary
tags:
- Workflows
summary: List Complete Workflow Library
description: 'This lists all triggers, actions, and operators in the library'
externalDocs:
description: Additional documentation for workflows
url: 'https://documentation.sailpoint.com/saas/help/workflows/workflow-steps.html'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
security:
- UserContextAuth:
- 'sp:workflow:read'
responses:
'200':
description: List of workflow steps
content:
application/json:
schema:
type: array
items:
anyOf:
- title: Workflow Action
type: object
properties:
id:
type: string
description: Action ID. This is a static namespaced ID for the action
example: 'sp:create-campaign'
name:
type: string
description: Action Name
example: Create Certification Campaign
type:
type: string
description: Action type
example: ACTION
description:
type: string
description: Action Description
example: Generates a certification campaign.
formFields:
type: array
description: One or more inputs that the action accepts
items:
type: object
properties:
helpText:
type: string
description: Describes the form field in the UI
example: The name to give to this certification campaign.
label:
type: string
description: A human readable name for this form field in the UI
example: Campaign Name
name:
type: string
description: The name of the input attribute
example: name
required:
type: boolean
description: Denotes if this field is a required attribute
example: false
default: false
type:
description: The type of the form field
nullable: true
enum:
- text
- textarea
- boolean
- email
- url
- number
- json
- checkbox
- jsonpath
- select
- multiType
- duration
- toggle
- identityPicker
- governanceGroupPicker
- string
- object
- array
- secret
- keyValuePairs
- emailPicker
- advancedToggle
example: text
isDynamicSchema:
type: boolean
description: 'Determines whether the dynamic output schema is returned in place of the action''s output schema. The dynamic schema lists non-static properties, like properties of a workflow form where each form has different fields. These will be provided dynamically based on available form fields.'
example: false
default: false
outputSchema:
type: object
description: 'Defines the output schema, if any, that this action produces.'
example:
definitions: {}
properties:
autoRevokeAllowed:
$id: '#sp:create-campaign/autoRevokeAllowed'
default: true
examples:
- false
title: autoRevokeAllowed
type: boolean
deadline:
$id: '#sp:create-campaign/deadline'
default: ''
examples:
- '2020-12-25T06:00:00.468Z'
format: date-time
pattern: ^.*$
title: deadline
type: string
description:
$id: '#sp:create-campaign/description'
default: ''
examples:
- A review of everyone's access by their manager.
pattern: ^.*$
title: description
type: string
emailNotificationEnabled:
$id: '#sp:create-campaign/emailNotificationEnabled'
default: true
examples:
- false
title: emailNotificationEnabled
type: boolean
filter:
$id: '#sp:create-campaign/filter'
properties:
id:
$id: '#sp:create-campaign/filter/id'
default: ''
examples:
- e0adaae69852e8fe8b8a3d48e5ce757c
pattern: ^.*$
title: id
type: string
type:
$id: '#sp:create-campaign/filter/type'
default: ''
examples:
- CAMPAIGN_FILTER
pattern: ^.*$
title: type
type: string
title: filter
type: object
id:
$id: '#sp:create-campaign/id'
default: ''
examples:
- 2c918086719eec070171a7e3355a360a
pattern: ^.*$
title: id
type: string
name:
$id: '#sp:create-campaign/name'
default: ''
examples:
- Manager Review
pattern: ^.*$
title: name
type: string
recommendationsEnabled:
$id: '#sp:create-campaign/recommendationsEnabled'
default: true
examples:
- false
title: recommendationEnabled
type: boolean
type:
$id: '#sp:create-campaign/type'
default: ''
examples:
- MANAGER
pattern: ^.*$
title: type
type: string
title: 'sp:create-campaign'
type: object
- title: Workflow Trigger
type: object
properties:
id:
type: string
description: Trigger ID. This is a static namespaced ID for the trigger.
example: 'idn:identity-attributes-changed'
type:
description: Trigger type
enum:
- EVENT
- SCHEDULED
- EXTERNAL
example: EVENT
name:
type: string
description: Trigger Name
example: Identity Attributes Changed
description:
type: string
description: Trigger Description
example: One or more identity attributes changed.
isDynamicSchema:
type: boolean
description: 'Determines whether the dynamic output schema is returned in place of the action''s output schema. The dynamic schema lists non-static properties, like properties of a workflow form where each form has different fields. These will be provided dynamically based on available form fields.'
example: false
default: false
inputExample:
type: object
description: Example trigger payload if applicable
nullable: true
externalDocs:
description: List of triggers and their input schemas
url: 'https://developer.sailpoint.com/idn/docs/event-triggers/available'
example:
changes:
- attribute: department
newValue: marketing
oldValue: sales
- attribute: manager
newValue:
id: ee769173319b41d19ccec6c235423236c
name: mean.guy
type: IDENTITY
oldValue:
id: ee769173319b41d19ccec6c235423237b
name: nice.guy
type: IDENTITY
- attribute: email
newValue: john.doe@gmail.com
oldValue: john.doe@hotmail.com
identity:
id: ee769173319b41d19ccec6cea52f237b
name: john.doe
type: IDENTITY
formFields:
type: array
nullable: true
description: One or more inputs that the trigger accepts
example: []
items:
type: object
properties:
helpText:
type: string
description: Describes the form field in the UI
example: The name to give to this certification campaign.
label:
type: string
description: A human readable name for this form field in the UI
example: Campaign Name
name:
type: string
description: The name of the input attribute
example: name
required:
type: boolean
description: Denotes if this field is a required attribute
example: false
default: false
type:
description: The type of the form field
nullable: true
enum:
- text
- textarea
- boolean
- email
- url
- number
- json
- checkbox
- jsonpath
- select
- multiType
- duration
- toggle
- identityPicker
- governanceGroupPicker
- string
- object
- array
- secret
- keyValuePairs
- emailPicker
- advancedToggle
example: text
- title: Workflow Operator
type: object
properties:
id:
type: string
description: Operator ID.
example: 'sp:compare-boolean'
name:
type: string
description: Operator friendly name
example: Compare Boolean Values
type:
description: Operator type
type: string
example: OPERATOR
description:
type: string
description: Description of the operator
example: Compare two boolean values and decide what happens based on the result.
formFields:
type: array
description: One or more inputs that the operator accepts
items:
type: object
properties:
helpText:
type: string
description: Describes the form field in the UI
example: The name to give to this certification campaign.
label:
type: string
description: A human readable name for this form field in the UI
example: Campaign Name
name:
type: string
description: The name of the input attribute
example: name
required:
type: boolean
description: Denotes if this field is a required attribute
example: false
default: false
type:
description: The type of the form field
nullable: true
enum:
- text
- textarea
- boolean
- email
- url
- number
- json
- checkbox
- jsonpath
- select
- multiType
- duration
- toggle
- identityPicker
- governanceGroupPicker
- string
- object
- array
- secret
- keyValuePairs
- emailPicker
- advancedToggle
example: text
example:
- description: Enter the JSONPath to a value from the input to compare to Variable B.
helpText: ''
label: Variable A
name: variableA.$
required: true
type: text
- helpText: Select an operation.
label: Operation
name: operator
options:
- label: Equals
value: BooleanEquals
required: true
type: select
- description: Enter the JSONPath to a value from the input to compare to Variable A.
helpText: ''
label: Variable B
name: variableB.$
required: false
type: text
- description: Enter True or False.
helpText: ''
label: Variable B
name: variableB
required: false
type: text
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/workflow-library/actions:
get:
operationId: listWorkflowLibraryActions
tags:
- Workflows
summary: List Workflow Library Actions
description: This lists the workflow actions available to you.
externalDocs:
description: Additional documentation for each action
url: 'https://documentation.sailpoint.com/saas/help/workflows/workflow-steps.html#actions'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: filters
required: false
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq*
example: 'id eq "sp:create-campaign"'
security:
- UserContextAuth:
- 'sp:workflow:read'
responses:
'200':
description: List of workflow actions
content:
application/json:
schema:
type: array
items:
title: Workflow Action
type: object
properties:
id:
type: string
description: Action ID. This is a static namespaced ID for the action
example: 'sp:create-campaign'
name:
type: string
description: Action Name
example: Create Certification Campaign
type:
type: string
description: Action type
example: ACTION
description:
type: string
description: Action Description
example: Generates a certification campaign.
formFields:
type: array
description: One or more inputs that the action accepts
items:
type: object
properties:
helpText:
type: string
description: Describes the form field in the UI
example: The name to give to this certification campaign.
label:
type: string
description: A human readable name for this form field in the UI
example: Campaign Name
name:
type: string
description: The name of the input attribute
example: name
required:
type: boolean
description: Denotes if this field is a required attribute
example: false
default: false
type:
description: The type of the form field
nullable: true
enum:
- text
- textarea
- boolean
- email
- url
- number
- json
- checkbox
- jsonpath
- select
- multiType
- duration
- toggle
- identityPicker
- governanceGroupPicker
- string
- object
- array
- secret
- keyValuePairs
- emailPicker
- advancedToggle
example: text
isDynamicSchema:
type: boolean
description: 'Determines whether the dynamic output schema is returned in place of the action''s output schema. The dynamic schema lists non-static properties, like properties of a workflow form where each form has different fields. These will be provided dynamically based on available form fields.'
example: false
default: false
outputSchema:
type: object
description: 'Defines the output schema, if any, that this action produces.'
example:
definitions: {}
properties:
autoRevokeAllowed:
$id: '#sp:create-campaign/autoRevokeAllowed'
default: true
examples:
- false
title: autoRevokeAllowed
type: boolean
deadline:
$id: '#sp:create-campaign/deadline'
default: ''
examples:
- '2020-12-25T06:00:00.468Z'
format: date-time
pattern: ^.*$
title: deadline
type: string
description:
$id: '#sp:create-campaign/description'
default: ''
examples:
- A review of everyone's access by their manager.
pattern: ^.*$
title: description
type: string
emailNotificationEnabled:
$id: '#sp:create-campaign/emailNotificationEnabled'
default: true
examples:
- false
title: emailNotificationEnabled
type: boolean
filter:
$id: '#sp:create-campaign/filter'
properties:
id:
$id: '#sp:create-campaign/filter/id'
default: ''
examples:
- e0adaae69852e8fe8b8a3d48e5ce757c
pattern: ^.*$
title: id
type: string
type:
$id: '#sp:create-campaign/filter/type'
default: ''
examples:
- CAMPAIGN_FILTER
pattern: ^.*$
title: type
type: string
title: filter
type: object
id:
$id: '#sp:create-campaign/id'
default: ''
examples:
- 2c918086719eec070171a7e3355a360a
pattern: ^.*$
title: id
type: string
name:
$id: '#sp:create-campaign/name'
default: ''
examples:
- Manager Review
pattern: ^.*$
title: name
type: string
recommendationsEnabled:
$id: '#sp:create-campaign/recommendationsEnabled'
default: true
examples:
- false
title: recommendationEnabled
type: boolean
type:
$id: '#sp:create-campaign/type'
default: ''
examples:
- MANAGER
pattern: ^.*$
title: type
type: string
title: 'sp:create-campaign'
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/workflow-library/triggers:
get:
operationId: listWorkflowLibraryTriggers
tags:
- Workflows
summary: List Workflow Library Triggers
description: This lists the workflow triggers available to you
externalDocs:
description: Additional documentation for each trigger
url: 'https://documentation.sailpoint.com/saas/help/workflows/workflow-steps.html#triggers'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: filters
required: false
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq*
example: 'id eq "idn:identity-attributes-changed"'
security:
- UserContextAuth:
- 'sp:workflow:read'
responses:
'200':
description: List of workflow triggers
content:
application/json:
schema:
type: array
items:
title: Workflow Trigger
type: object
properties:
id:
type: string
description: Trigger ID. This is a static namespaced ID for the trigger.
example: 'idn:identity-attributes-changed'
type:
description: Trigger type
enum:
- EVENT
- SCHEDULED
- EXTERNAL
example: EVENT
name:
type: string
description: Trigger Name
example: Identity Attributes Changed
description:
type: string
description: Trigger Description
example: One or more identity attributes changed.
isDynamicSchema:
type: boolean
description: 'Determines whether the dynamic output schema is returned in place of the action''s output schema. The dynamic schema lists non-static properties, like properties of a workflow form where each form has different fields. These will be provided dynamically based on available form fields.'
example: false
default: false
inputExample:
type: object
description: Example trigger payload if applicable
nullable: true
externalDocs:
description: List of triggers and their input schemas
url: 'https://developer.sailpoint.com/idn/docs/event-triggers/available'
example:
changes:
- attribute: department
newValue: marketing
oldValue: sales
- attribute: manager
newValue:
id: ee769173319b41d19ccec6c235423236c
name: mean.guy
type: IDENTITY
oldValue:
id: ee769173319b41d19ccec6c235423237b
name: nice.guy
type: IDENTITY
- attribute: email
newValue: john.doe@gmail.com
oldValue: john.doe@hotmail.com
identity:
id: ee769173319b41d19ccec6cea52f237b
name: john.doe
type: IDENTITY
formFields:
type: array
nullable: true
description: One or more inputs that the trigger accepts
example: []
items:
type: object
properties:
helpText:
type: string
description: Describes the form field in the UI
example: The name to give to this certification campaign.
label:
type: string
description: A human readable name for this form field in the UI
example: Campaign Name
name:
type: string
description: The name of the input attribute
example: name
required:
type: boolean
description: Denotes if this field is a required attribute
example: false
default: false
type:
description: The type of the form field
nullable: true
enum:
- text
- textarea
- boolean
- email
- url
- number
- json
- checkbox
- jsonpath
- select
- multiType
- duration
- toggle
- identityPicker
- governanceGroupPicker
- string
- object
- array
- secret
- keyValuePairs
- emailPicker
- advancedToggle
example: text
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/workflow-library/operators:
get:
operationId: listWorkflowLibraryOperators
tags:
- Workflows
summary: List Workflow Library Operators
description: This lists the workflow operators available to you
security:
- UserContextAuth:
- 'sp:workflow:read'
responses:
'200':
description: List of workflow operators
content:
application/json:
schema:
type: array
items:
title: Workflow Operator
type: object
properties:
id:
type: string
description: Operator ID.
example: 'sp:compare-boolean'
name:
type: string
description: Operator friendly name
example: Compare Boolean Values
type:
description: Operator type
type: string
example: OPERATOR
description:
type: string
description: Description of the operator
example: Compare two boolean values and decide what happens based on the result.
formFields:
type: array
description: One or more inputs that the operator accepts
items:
type: object
properties:
helpText:
type: string
description: Describes the form field in the UI
example: The name to give to this certification campaign.
label:
type: string
description: A human readable name for this form field in the UI
example: Campaign Name
name:
type: string
description: The name of the input attribute
example: name
required:
type: boolean
description: Denotes if this field is a required attribute
example: false
default: false
type:
description: The type of the form field
nullable: true
enum:
- text
- textarea
- boolean
- email
- url
- number
- json
- checkbox
- jsonpath
- select
- multiType
- duration
- toggle
- identityPicker
- governanceGroupPicker
- string
- object
- array
- secret
- keyValuePairs
- emailPicker
- advancedToggle
example: text
example:
- description: Enter the JSONPath to a value from the input to compare to Variable B.
helpText: ''
label: Variable A
name: variableA.$
required: true
type: text
- helpText: Select an operation.
label: Operation
name: operator
options:
- label: Equals
value: BooleanEquals
required: true
type: select
- description: Enter the JSONPath to a value from the input to compare to Variable A.
helpText: ''
label: Variable B
name: variableB.$
required: false
type: text
- description: Enter True or False.
helpText: ''
label: Variable B
name: variableB
required: false
type: text
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/workflows/{id}/external/oauth-clients':
post:
operationId: createWorkflowExternalTrigger
tags:
- Workflows
summary: Generate External Trigger OAuth Client
description: 'Create OAuth client ID, client secret, and callback URL for use in an external trigger. External triggers will need this information to generate an access token to authenticate to the callback URL and submit a trigger payload that will initiate the workflow.'
security:
- UserContextAuth:
- 'sp:workflow:manage'
parameters:
- name: id
in: path
description: Id of the workflow
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
responses:
'200':
description: The OAuth Client object
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: OAuth client ID for the trigger. This is a UUID generated upon creation.
example: 1a58c03a6bf64dc2876f6988c6e2c7b7
secret:
type: string
description: OAuthClient secret.
example: 00cc24a7fe810fe06a7cb38bc168ae104d703c7abb296f9944dc68e69ddb578b
url:
type: string
description: URL for the external trigger to invoke
example: 'https://tenant.api.identitynow.com/beta/workflows/execute/external/c17bea3a-574d-453c-9e04-4365fbf5af0b'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/workflows/execute/external/{id}':
post:
operationId: createExternalExecuteWorkflow
tags:
- Workflows
summary: Execute Workflow via External Trigger
description: This endpoint allows a service outside of IdentityNow to initiate a workflow that uses the "External Trigger" step. The external service will invoke this endpoint with the input data it wants to send to the workflow in the body.
security:
- UserContextAuth:
- 'sp:workflow-execute:external'
parameters:
- name: id
in: path
description: Id of the workflow
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
requestBody:
required: false
content:
application/json:
schema:
type: object
properties:
input:
type: object
description: The input for the workflow
example:
customAttribute1: value1
customAttribute2: value2
responses:
'200':
description: The Workflow object
content:
application/json:
schema:
type: object
properties:
workflowExecutionId:
type: string
description: The workflow execution id
example: 0e11cefa-96e7-4b67-90d0-065bc1da5753
message:
type: string
description: An error message if any errors occurred
example: Workflow was not executed externally. Check enabled flag on workflow definition
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/workflows/execute/external/{id}/test':
post:
operationId: testExternalExecuteWorkflow
tags:
- Workflows
summary: Test Workflow via External Trigger
description: 'Validate a workflow with an "External Trigger" can receive input. The response includes the input that the workflow received, which can be used to validate that the input is intact when it reaches the workflow.'
security:
- UserContextAuth:
- 'sp:workflow-execute:external'
parameters:
- name: id
in: path
description: Id of the workflow
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
requestBody:
required: false
content:
application/json:
schema:
type: object
properties:
input:
type: object
description: The test input for the workflow
example:
test: hello world
responses:
'200':
description: Responds with the test input
content:
application/json:
schema:
type: object
properties:
payload:
type: object
description: The input that was received
example:
test: hello world
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/source-usages/{sourceId}/status':
get:
tags:
- Source Usages
summary: Finds status of source usage
description: This API returns the status of the source usage insights setup by IDN source ID.
operationId: getStatusBySourceId
parameters:
- name: sourceId
in: path
description: ID of IDN source
required: true
schema:
type: string
example: 2c9180835d191a86015d28455b4a2329
security:
- UserContextAuth:
- 'idn:accounts:read'
responses:
'200':
description: Status of the source usage insights setup by IDN source ID.
content:
application/json:
schema:
type: object
properties:
status:
type: string
description: |-
Source Usage Status. Acceptable values are:
- COMPLETE
- This status means that an activity data source has been setup and usage insights are available for the source.
- INCOMPLETE
- This status means that an activity data source has not been setup and usage insights are not available for the source.
example: COMPLETE
enum:
- COMPLETE
- INCOMPLETE
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/source-usages/{sourceId}/summaries':
get:
tags:
- Source Usages
summary: Returns source usage insights
description: This API returns a summary of source usage insights for past 12 months.
operationId: getUsagesBySourceId
parameters:
- name: sourceId
in: path
description: ID of IDN source
required: true
schema:
type: string
example: 2c9180835d191a86015d28455b4a2329
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **date**
example: '-date'
security:
- UserContextAuth:
- 'idn:accounts:read'
responses:
'200':
description: Summary of source usage insights for past 12 months.
content:
application/json:
schema:
type: array
items:
type: object
properties:
date:
type: string
format: date
description: The first day of the month for which activity is aggregated.
example: '2023-04-21'
count:
type: number
format: float
description: 'The average number of days that accounts were active within this source, for the month.'
example: 10.45
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/account-usages/{accountId}/summaries':
get:
tags:
- Account Usages
summary: Returns account usage insights
description: This API returns a summary of account usage insights for past 12 months.
operationId: getUsagesByAccountId
parameters:
- name: accountId
in: path
description: ID of IDN account
required: true
schema:
type: string
example: ef38f94347e94562b5bb8424a56397d8
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **date**
example: '-date'
security:
- UserContextAuth:
- 'idn:accounts:read'
responses:
'200':
description: Summary of account usage insights for past 12 months.
content:
application/json:
schema:
type: array
items:
type: object
properties:
date:
type: string
format: date
description: The first day of the month for which activity is aggregated.
example: '2023-04-21'
count:
type: integer
format: int64
description: The number of days within the month that the account was active in a source.
example: 10
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- UserContextAuth: []
components:
securitySchemes:
UserContextAuth:
type: oauth2
description: |
OAuth2 Bearer token (JWT) generated using either a Personal Access token or through the Authorization Code flow.
See [Identity Security Cloud REST API Authentication](https://developer.sailpoint.com/docs/api/authentication/) for more information.
- Directions for generating a [personal access token](https://developer.sailpoint.com/docs/api/authentication/#personal-access-tokens)
- Directions using [client credentials flow](https://developer.sailpoint.com/docs/api/authentication/#client-credentials-grant-flow)
- Directions for using [authorization code flow](https://developer.sailpoint.com/docs/api/authentication/#authorization-code-grant-flow)
Which authentication method should I choose? See the [guide](https://developer.sailpoint.com/docs/api/authentication/#which-oauth-20-grant-flow-should-i-use).
Learn more about how to find your `tokenUrl` and `authorizationUrl` [in the docs](https://developer.sailpoint.com/docs/api/authentication/#find-your-tenants-oauth-details).
flows:
clientCredentials:
tokenUrl: 'https://tenant.api.identitynow.com/oauth/token'
scopes:
'sp:scopes:default': default scope
'sp:scopes:all': access to all scopes
authorizationCode:
authorizationUrl: 'https://tenant.login.sailpoint.com/oauth/authorize'
tokenUrl: 'https://tenant.api.identitynow.com/oauth/token'
scopes:
'sp:scopes:default': default scope
'sp:scopes:all': access to all scopes
ApplicationOnlyAuth:
type: oauth2
description: |
OAuth2 Bearer token (JWT) generated using client credentials flow.
See [Identity Security Cloud REST API Authentication](https://developer.sailpoint.com/docs/api/authentication/) for more information.
- Directions using [client credentials flow](https://developer.sailpoint.com/docs/api/authentication/#client-credentials-grant-flow)
Which authentication method should I choose? See the [guide](https://developer.sailpoint.com/docs/api/authentication/#which-oauth-20-grant-flow-should-i-use).
Learn more about how to find your `tokenUrl` and `authorizationUrl` [in the docs](https://developer.sailpoint.com/docs/api/authentication/#find-your-tenants-oauth-details).
flows:
clientCredentials:
tokenUrl: 'https://tenant.api.identitynow.com/oauth/token'
scopes:
'sp:scopes:default': default scope
schemas:
AccessRequest:
type: object
properties:
requestedFor:
description: 'A list of Identity IDs for whom the Access is requested. If it''s a Revoke request, there can only be one Identity ID.'
type: array
items:
type: string
example: 2c918084660f45d6016617daa9210584
requestType:
type: string
enum:
- GRANT_ACCESS
- REVOKE_ACCESS
- null
description: Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field.
example: GRANT_ACCESS
nullable: true
requestedItems:
type: array
items:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: The type of the item being requested.
example: ACCESS_PROFILE
id:
type: string
description: 'ID of Role, Access Profile or Entitlement being requested.'
example: 2c9180835d2e5168015d32f890ca1581
comment:
type: string
description: |
Comment provided by requester.
* Comment is required when the request is of type Revoke Access.
example: Requesting access profile for John Doe
clientMetadata:
type: object
additionalProperties:
type: string
example:
requestedAppId: 2c91808f7892918f0178b78da4a305a1
requestedAppName: test-app
example:
requestedAppName: test-app
requestedAppId: 2c91808f7892918f0178b78da4a305a1
description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities and /access-request-status.
removeDate:
type: string
description: |
The date the role or access profile is no longer assigned to the specified identity. Also known as the expiration date.
* Specify a date in the future.
* The current SLA for the deprovisioning is 24 hours.
* This date can be modified to either extend or decrease the duration of access item assignments for the specified identity. You can change the expiration date for requests for yourself or direct reports, but you cannot remove an expiration date on an already approved item. If the access request has not been approved, you can cancel it and submit a new one without the expiration. If it has already been approved, then you have to revoke the access and then re-request without the expiration.
* Currently it is not supported for entitlements.
format: date-time
example: '2020-07-11T21:23:15.000Z'
required:
- id
- type
minItems: 1
maxItems: 25
clientMetadata:
type: object
additionalProperties:
type: string
example:
requestedAppId: 2c91808f7892918f0178b78da4a305a1
requestedAppName: test-app
example:
requestedAppId: 2c91808f7892918f0178b78da4a305a1
requestedAppName: test-app
description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities.
required:
- requestedFor
- requestedItems
AccessRequestItem:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: The type of the item being requested.
example: ACCESS_PROFILE
id:
type: string
description: 'ID of Role, Access Profile or Entitlement being requested.'
example: 2c9180835d2e5168015d32f890ca1581
comment:
type: string
description: |
Comment provided by requester.
* Comment is required when the request is of type Revoke Access.
example: Requesting access profile for John Doe
clientMetadata:
type: object
additionalProperties:
type: string
example:
requestedAppId: 2c91808f7892918f0178b78da4a305a1
requestedAppName: test-app
example:
requestedAppName: test-app
requestedAppId: 2c91808f7892918f0178b78da4a305a1
description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities and /access-request-status.
removeDate:
type: string
description: |
The date the role or access profile is no longer assigned to the specified identity. Also known as the expiration date.
* Specify a date in the future.
* The current SLA for the deprovisioning is 24 hours.
* This date can be modified to either extend or decrease the duration of access item assignments for the specified identity. You can change the expiration date for requests for yourself or direct reports, but you cannot remove an expiration date on an already approved item. If the access request has not been approved, you can cancel it and submit a new one without the expiration. If it has already been approved, then you have to revoke the access and then re-request without the expiration.
* Currently it is not supported for entitlements.
format: date-time
example: '2020-07-11T21:23:15.000Z'
required:
- id
- type
AccessProfileDocument:
description: 'More complete representation of an access profile. '
allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
description:
type: string
description: Access item's description.
example: The admin role
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
nullable: true
format: date-time
example: '2018-06-25T20:22:33.104Z'
enabled:
type: boolean
description: Indicates whether the access item is currently enabled.
default: false
example: true
requestable:
type: boolean
description: Indicates whether the access item can be requested.
default: true
example: true
requestCommentsRequired:
type: boolean
description: Indicates whether comments are required for requests to access the item.
default: false
example: false
owner:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's display name.
example: Support
email:
type: string
description: Owner's email.
example: cloud-support@sailpoint.com
- type: object
required:
- id
- name
- _type
properties:
id:
type: string
description: Access profile's ID.
example: 2c9180825a6c1adc015a71c9023f0818
name:
type: string
description: Access profile's name.
example: Cloud Eng
_type:
description: |-
Access profile's document type.
This enum represents the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- account
- aggregation
- entitlement
- event
- identity
- role
example: accessprofile
source:
type: object
description: Access profile's source.
properties:
id:
type: string
description: Source's ID.
example: ff8081815757d4fb0157588f3d9d008f
name:
type: string
description: Source's name.
example: Employees
entitlements:
type: array
description: Entitlements the access profile has access to.
items:
type: object
properties:
hasPermissions:
type: boolean
description: Indicates whether the entitlement has permissions.
default: false
example: false
description:
type: string
description: Entitlement's description.
example: Cloud engineering
attribute:
type: string
description: Entitlement attribute's name.
example: memberOf
value:
type: string
description: Entitlement's value.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
schema:
type: string
description: Entitlement's schema.
example: group
privileged:
type: boolean
description: Indicates whether the entitlement is privileged.
default: false
example: false
id:
type: string
description: Entitlement's ID.
example: 2c918084575812550157589064f33b89
name:
type: string
description: Entitlement's name.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
entitlementCount:
type: integer
description: Number of entitlements.
example: 5
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
AccessProfileSummary:
description: This is a summary representation of an access profile.
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
description:
type: string
nullable: true
example: null
- type: object
properties:
source:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
owner:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
revocable:
type: boolean
example: true
AccessReviewReassignment:
type: object
properties:
reassign:
type: array
items:
type: object
properties:
id:
type: string
description: The ID of item or identity being reassigned.
example: ef38f94347e94562b5bb8424a56397d8
type:
type: string
description: The type of item or identity being reassigned.
enum:
- TARGET_SUMMARY
- ITEM
- IDENTITY_SUMMARY
example: ITEM
required:
- id
- type
reassignTo:
type: string
description: The ID of the identity to which the certification is reassigned
example: ef38f94347e94562b5bb8424a56397d8
reason:
type: string
description: The reason comment for why the reassign was made
example: reassigned for some reason
required:
- reassign
- reassignTo
- reason
Account:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
required:
- sourceId
- sourceName
- attributes
- authoritative
- disabled
- locked
- nativeIdentity
- systemAccount
- uncorrelated
- manuallyCorrelated
- hasEntitlements
properties:
sourceId:
type: string
example: 2c9180835d2e5168015d32f890ca1581
description: The unique ID of the source this account belongs to
sourceName:
type: string
example: Employees
description: The display name of the source this account belongs to
identityId:
type: string
example: 2c9180835d2e5168015d32f890ca1581
description: The unique ID of the identity this account is correlated to
attributes:
type: object
nullable: true
additionalProperties: true
description: The account attributes that are aggregated
example:
firstName: SailPoint
lastName: Support
displayName: SailPoint Support
authoritative:
type: boolean
description: Indicates if this account is from an authoritative source
example: false
description:
type: string
description: A description of the account
nullable: true
example: null
disabled:
type: boolean
description: Indicates if the account is currently disabled
example: false
locked:
type: boolean
description: Indicates if the account is currently locked
example: false
nativeIdentity:
type: string
description: The unique ID of the account generated by the source system
example: '552775'
systemAccount:
type: boolean
example: false
description: 'If true, this is a user account within IdentityNow. If false, this is an account from a source system.'
uncorrelated:
type: boolean
description: Indicates if this account is not correlated to an identity
example: false
uuid:
type: string
description: The unique ID of the account as determined by the account schema
example: slpt.support
nullable: true
manuallyCorrelated:
type: boolean
description: Indicates if the account has been manually correlated to an identity
example: false
hasEntitlements:
type: boolean
description: Indicates if the account has entitlements
example: true
identity:
description: The identity this account is correlated to
example:
id: 2c918084660f45d6016617daa9210584
type: IDENTITY
name: Adam Kennedy
type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
sourceOwner:
description: The owner of the source this account belongs to
example:
id: 4c5c8534e99445de98eef6c75e25eb01
type: IDENTITY
name: SailPoint Support
type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
features:
type: string
description: A string list containing the owning source's features
example: ENABLE
nullable: true
AccountActivity:
type: object
properties:
id:
type: string
description: Id of the account activity
example: 2c9180835d2e5168015d32f890ca1581
name:
type: string
description: The name of the activity
example: 2c9180835d2e5168015d32f890ca1581
created:
description: When the activity was first created
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
modified:
description: When the activity was last modified
type: string
format: date-time
example: '2018-06-25T20:22:28.104Z'
nullable: true
completed:
description: When the activity was completed
type: string
format: date-time
nullable: true
example: '2018-10-19T13:49:37.385Z'
completionStatus:
allOf:
- nullable: true
type: string
description: The status after completion.
enum:
- SUCCESS
- FAILURE
- INCOMPLETE
- PENDING
- null
example: SUCCESS
- nullable: true
type:
nullable: true
type: string
example: appRequest
description: |
The type of action the activity performed. Please see the following list of types. This list may grow over time.
- CloudAutomated
- IdentityAttributeUpdate
- appRequest
- LifecycleStateChange
- AccountStateUpdate
- AccountAttributeUpdate
- CloudPasswordRequest
- Attribute Synchronization Refresh
- Certification
- Identity Refresh
- Lifecycle Change Refresh
[Learn more here](https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data).
requesterIdentitySummary:
type: object
nullable: true
properties:
id:
type: string
description: ID of this identity summary
example: ff80818155fe8c080155fe8d925b0316
name:
type: string
description: Human-readable display name of identity
example: SailPoint Services
identityId:
type: string
description: ID of the identity that this summary represents
example: c15b9f5cca5a4e9599eaa0e64fa921bd
completed:
type: boolean
description: Indicates if all access items for this summary have been decided on
example: true
targetIdentitySummary:
type: object
nullable: true
properties:
id:
type: string
description: ID of this identity summary
example: ff80818155fe8c080155fe8d925b0316
name:
type: string
description: Human-readable display name of identity
example: SailPoint Services
identityId:
type: string
description: ID of the identity that this summary represents
example: c15b9f5cca5a4e9599eaa0e64fa921bd
completed:
type: boolean
description: Indicates if all access items for this summary have been decided on
example: true
errors:
nullable: true
description: 'A list of error messages, if any, that were encountered.'
type: array
items:
type: string
example:
- 'sailpoint.connector.ConnectorException: java.lang.InterruptedException: Timeout waiting for response to message 0 from client 57a4ab97-ab3f-4aef-9fe2-0eaf15c73d26 after 60 seconds.'
warnings:
nullable: true
description: 'A list of warning messages, if any, that were encountered.'
type: array
items:
type: string
example:
- 'Some warning, another warning'
items:
nullable: true
type: array
description: Individual actions performed as part of this account activity
items:
type: object
properties:
id:
type: string
description: Item id
example: 48c545831b264409a81befcabb0e3c5a
name:
type: string
description: Human-readable display name of item
example: 48c545831b264409a81befcabb0e3c5a
requested:
type: string
format: date-time
description: Date and time item was requested
example: '2017-07-11T18:45:37.098Z'
approvalStatus:
allOf:
- type: string
enum:
- FINISHED
- REJECTED
- RETURNED
- EXPIRED
- PENDING
- CANCELED
- null
example: FINISHED
description: The state of a work item
- nullable: true
provisioningStatus:
type: string
enum:
- PENDING
- FINISHED
- UNVERIFIABLE
- COMMITED
- FAILED
- RETRY
description: Provisioning state of an account activity item
example: PENDING
requesterComment:
type: object
nullable: true
properties:
commenterId:
type: string
description: Id of the identity making the comment
example: 2c918084660f45d6016617daa9210584
commenterName:
type: string
description: Human-readable display name of the identity making the comment
example: Adam Kennedy
body:
type: string
description: Content of the comment
example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.
date:
type: string
format: date-time
description: Date and time comment was made
example: '2017-07-11T18:45:37.098Z'
reviewerIdentitySummary:
type: object
nullable: true
properties:
id:
type: string
description: ID of this identity summary
example: ff80818155fe8c080155fe8d925b0316
name:
type: string
description: Human-readable display name of identity
example: SailPoint Services
identityId:
type: string
description: ID of the identity that this summary represents
example: c15b9f5cca5a4e9599eaa0e64fa921bd
completed:
type: boolean
description: Indicates if all access items for this summary have been decided on
example: true
reviewerComment:
type: object
nullable: true
properties:
commenterId:
type: string
description: Id of the identity making the comment
example: 2c918084660f45d6016617daa9210584
commenterName:
type: string
description: Human-readable display name of the identity making the comment
example: Adam Kennedy
body:
type: string
description: Content of the comment
example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.
date:
type: string
format: date-time
description: Date and time comment was made
example: '2017-07-11T18:45:37.098Z'
operation:
allOf:
- type: string
enum:
- ADD
- CREATE
- MODIFY
- DELETE
- DISABLE
- ENABLE
- UNLOCK
- LOCK
- REMOVE
- SET
- null
description: Represents an operation in an account activity item
example: ADD
- nullable: true
attribute:
type: string
description: Attribute to which account activity applies
nullable: true
example: detectedRoles
value:
type: string
description: Value of attribute
nullable: true
example: 'Treasury Analyst [AccessProfile-1529010191212]'
nativeIdentity:
nullable: true
type: string
description: Native identity in the target system to which the account activity applies
example: Sandie.Camero
sourceId:
type: string
description: Id of Source to which account activity applies
example: 2c91808363ef85290164000587130c0c
accountRequestInfo:
type: object
nullable: true
properties:
requestedObjectId:
type: string
description: Id of requested object
example: 2c91808563ef85690164001c31140c0c
requestedObjectName:
type: string
description: Human-readable name of requested object
example: Treasury Analyst
requestedObjectType:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: 'The currently supported requestable object types. '
example: ACCESS_PROFILE
description: 'If an account activity item is associated with an access request, captures details of that request.'
clientMetadata:
nullable: true
type: object
additionalProperties:
type: string
description: 'Arbitrary key-value pairs, if any were included in the corresponding access request item'
example:
customKey1: custom value 1
customKey2: custom value 2
removeDate:
nullable: true
type: string
description: The date the role or access profile is no longer assigned to the specified identity.
format: date-time
example: '2020-07-11T00:00:00Z'
executionStatus:
type: string
description: The current state of execution.
enum:
- EXECUTING
- VERIFYING
- TERMINATED
- COMPLETED
example: COMPLETED
clientMetadata:
nullable: true
type: object
additionalProperties:
type: string
description: 'Arbitrary key-value pairs, if any were included in the corresponding access request'
example:
customKey1: custom value 1
customKey2: custom value 2
AccountActivitySearchedItem:
description: AccountActivity
allOf:
- type: object
required:
- id
- name
- _type
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
name:
type: string
example: john.doe
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- account
- aggregation
- entitlement
- event
- identity
- role
example: identity
- type: object
properties:
action:
type: string
description: Type of action performed in the activity.
externalDocs:
description: Learn more about account activity action types
url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data'
example: Identity Refresh.
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
stage:
type: string
description: Activity's current stage.
example: Completed
origin:
type: string
description: Activity's origin.
nullable: true
example: null
status:
type: string
description: Activity's current status.
example: Complete
requester:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
recipient:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
trackingNumber:
type: string
description: Account activity's tracking number.
example: 61aad0c9e8134eca89e76a35e0cabe3f
errors:
type: array
description: Errors provided by the source while completing account actions.
items:
type: string
nullable: true
example: null
warnings:
type: array
description: Warnings provided by the source while completing account actions.
items:
type: string
nullable: true
example: null
approvals:
type: array
description: Approvals performed on an item during activity.
items:
type: object
properties:
comments:
type: array
items:
type: object
properties:
comment:
type: string
description: The comment text
example: This request was autoapproved by our automated ETS subscriber.
commenter:
type: string
description: The name of the commenter
example: Automated AR Approval
date:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
created:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
modified:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
owner:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
result:
type: string
description: The result of the approval
example: Finished
type:
type: string
nullable: true
example: null
originalRequests:
type: array
description: Original actions that triggered all individual source actions related to the account action.
items:
type: object
properties:
accountId:
type: string
description: Account ID.
example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com'
attributeRequests:
type: array
description: Attribute changes requested for account.
items:
type: object
properties:
name:
type: string
description: Attribute name.
example: groups
op:
type: string
description: Operation to perform on attribute.
example: Add
value:
type: string
description: Value of attribute.
example: '3203537556531076'
op:
type: string
description: Operation used.
example: add
source:
description: Account's source.
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
expansionItems:
type: array
description: Controls that translated the attribute requests into actual provisioning actions on the source.
items:
type: object
properties:
accountId:
type: string
description: The ID of the account
example: 2c91808981f58ea601821c3e93482e6f
cause:
type: string
example: Role
name:
type: string
description: The name of the item
example: smartsheet-role
attributeRequests:
type: array
items:
type: object
properties:
name:
type: string
description: Attribute name.
example: groups
op:
type: string
description: Operation to perform on attribute.
example: Add
value:
type: string
description: Value of attribute.
example: '3203537556531076'
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
accountRequests:
type: array
description: Account data for each individual source action triggered by the original requests.
items:
type: object
properties:
accountId:
type: string
description: Unique ID of the account
example: John.Doe
attributeRequests:
type: array
items:
type: object
properties:
name:
type: string
description: Attribute name.
example: groups
op:
type: string
description: Operation to perform on attribute.
example: Add
value:
type: string
description: Value of attribute.
example: '3203537556531076'
op:
type: string
example: Modify
description: The operation that was performed
provisioningTarget:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
result:
type: object
properties:
errors:
type: array
items:
type: string
example: |-
[ConnectorError] [
{
"code": "unrecognized_keys",
"keys": [
"groups"
],
"path": [],
"message": "Unrecognized key(s) in object: 'groups'"
}
] (requestId: 5e9d6df5-9b1b-47d9-9bf1-dc3a2893299e)
status:
type: string
description: The status of the account request
example: failed
ticketId:
type: string
nullable: true
example: null
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
sources:
type: string
description: Sources involved in the account activity.
example: 'smartsheet-test, airtable-v4, IdentityNow'
AccountAttributes:
type: object
required:
- attributes
properties:
attributes:
description: The schema attribute values for the account
type: object
additionalProperties: true
example:
city: Austin
displayName: John Doe
userName: jdoe
sAMAccountName: jDoe
mail: john.doe@sailpoint.com
AccountsAsyncResult:
description: Accounts async response containing details on started async process
required:
- id
type: object
properties:
id:
description: id of the task
type: string
example: 2c91808474683da6017468693c260195
AccountToggleRequest:
description: Request used for account enable/disable
type: object
properties:
externalVerificationId:
description: 'If set, an external process validates that the user wants to proceed with this request.'
type: string
example: 3f9180835d2e5168015d32f890ca1581
forceProvisioning:
description: 'If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated. Providing ''true'' for an unlocked account will add and process ''Unlock'' operation by the workflow.'
type: boolean
example: false
AccountUnlockRequest:
description: Request used for account unlock
type: object
properties:
externalVerificationId:
description: 'If set, an external process validates that the user wants to proceed with this request.'
type: string
example: 3f9180835d2e5168015d32f890ca1581
unlockIDNAccount:
description: 'If set, the IDN account is unlocked after the workflow completes.'
type: boolean
example: false
forceProvisioning:
description: 'If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated.'
type: boolean
example: false
ApprovalItems:
type: object
properties:
id:
type: string
description: The approval item's ID
example: 2c9180835d2e5168015d32f890ca1581
account:
type: string
description: The account referenced by the approval item
example: john.smith
nullable: true
application:
type: string
description: The name of the application/source
example: Active Directory
name:
type: string
description: The attribute's name
example: emailAddress
nullable: true
operation:
type: string
description: The attribute's operation
example: update
value:
type: string
description: The attribute's value
example: a@b.com
nullable: true
state:
allOf:
- type: string
enum:
- FINISHED
- REJECTED
- RETURNED
- EXPIRED
- PENDING
- CANCELED
- null
example: FINISHED
description: The state of a work item
- nullable: true
Campaign:
type: object
required:
- id
- name
- type
- campaignType
- description
- correlatedStatus
- mandatoryCommentRequirement
properties:
id:
type: string
description: The unique ID of the campaign.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the campaign.
example: Campaign Name
type:
type: string
enum:
- CAMPAIGN
description: The type of object that is being referenced.
example: CAMPAIGN
campaignType:
type: string
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
description: The type of the campaign.
example: MANAGER
description:
type: string
description: The description of the campaign set by the admin who created it.
nullable: true
example: A description of the campaign
correlatedStatus:
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
Certification:
type: object
properties:
id:
example: 2c9180835d2e5168015d32f890ca1581
type: string
description: id of the certification
name:
example: 'Source Owner Access Review for Employees [source]'
type: string
description: name of the certification
campaign:
type: object
required:
- id
- name
- type
- campaignType
- description
- correlatedStatus
- mandatoryCommentRequirement
properties:
id:
type: string
description: The unique ID of the campaign.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the campaign.
example: Campaign Name
type:
type: string
enum:
- CAMPAIGN
description: The type of object that is being referenced.
example: CAMPAIGN
campaignType:
type: string
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
description: The type of the campaign.
example: MANAGER
description:
type: string
description: The description of the campaign set by the admin who created it.
nullable: true
example: A description of the campaign
correlatedStatus:
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
completed:
type: boolean
description: Have all decisions been made?
example: true
identitiesCompleted:
type: integer
description: The number of identities for whom all decisions have been made and are complete.
example: 5
format: int32
identitiesTotal:
type: integer
description: 'The total number of identities in the Certification, both complete and incomplete.'
example: 10
format: int32
created:
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: created date
modified:
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: modified date
decisionsMade:
type: integer
description: The number of approve/revoke/acknowledge decisions that have been made.
example: 20
format: int32
decisionsTotal:
type: integer
description: The total number of approve/revoke/acknowledge decisions.
example: 40
format: int32
due:
type: string
format: date-time
description: The due date of the certification.
example: '2018-10-19T13:49:37.385Z'
signed:
type: string
format: date-time
nullable: true
description: The date the reviewer signed off on the Certification.
example: '2018-10-19T13:49:37.385Z'
reviewer:
type: object
properties:
id:
type: string
description: The id of the reviewer.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the reviewer.
example: Reviewer Name
email:
type: string
description: The email of the reviewing identity.
example: reviewer@test.com
type:
type: string
enum:
- IDENTITY
description: The type of the reviewing identity.
example: IDENTITY
created:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The created date of the reviewing identity.
modified:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The modified date of the reviewing identity.
reassignment:
type: object
nullable: true
properties:
from:
type: object
properties:
id:
type: string
description: The id of the certification.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the certification.
example: Certification Name
type:
type: string
enum:
- CERTIFICATION
example: CERTIFICATION
reviewer:
type: object
properties:
id:
type: string
description: The id of the reviewer.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the reviewer.
example: Reviewer Name
email:
type: string
description: The email of the reviewing identity.
example: reviewer@test.com
type:
type: string
enum:
- IDENTITY
description: The type of the reviewing identity.
example: IDENTITY
created:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The created date of the reviewing identity.
modified:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The modified date of the reviewing identity.
comment:
type: string
description: The comment entered when the Certification was reassigned
example: Reassigned for a reason
hasErrors:
description: Identifies if the certification has an error
type: boolean
example: false
errorMessage:
description: Description of the certification error
nullable: true
type: string
example: The certification has an error
phase:
type: string
description: |
The current phase of the campaign.
* `STAGED`: The campaign is waiting to be activated.
* `ACTIVE`: The campaign is active.
* `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete.
enum:
- STAGED
- ACTIVE
- SIGNED
example: ACTIVE
CertificationReference:
type: object
properties:
id:
type: string
description: The id of the certification.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the certification.
example: Certification Name
type:
type: string
enum:
- CERTIFICATION
example: CERTIFICATION
reviewer:
type: object
properties:
id:
type: string
description: The id of the reviewer.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the reviewer.
example: Reviewer Name
email:
type: string
description: The email of the reviewing identity.
example: reviewer@test.com
type:
type: string
enum:
- IDENTITY
description: The type of the reviewing identity.
example: IDENTITY
created:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The created date of the reviewing identity.
modified:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The modified date of the reviewing identity.
EntitlementDocument:
description: Entitlement
allOf:
- type: object
required:
- id
- name
- _type
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
name:
type: string
example: john.doe
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- account
- aggregation
- entitlement
- event
- identity
- role
example: identity
- type: object
properties:
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
displayName:
type: string
description: Entitlement's display name.
example: Admin
source:
type: object
description: Entitlement's source.
properties:
id:
type: string
description: ID of entitlement's source.
example: 2c91808b6e9e6fb8016eec1a2b6f7b5f
name:
type: string
description: Display name of entitlement's source.
example: ODS-HR-Employees
segments:
type: array
description: Segments with the role.
items:
type: object
properties:
id:
type: string
example: b009b6e3-b56d-41d9-8735-cb532ea0b017
description: Segment's unique ID.
name:
type: string
example: Test Segment
description: Segment's display name.
segmentCount:
type: integer
description: Number of segments with the role.
format: int32
example: 1
requestable:
type: boolean
description: Indicates whether the entitlement is requestable.
default: false
example: false
cloudGoverned:
type: boolean
description: Indicates whether the entitlement is cloud governed.
default: false
example: false
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
privileged:
type: boolean
description: Indicates whether the entitlement is privileged.
default: false
example: false
identityCount:
type: integer
description: Number of identities who have access to the entitlement.
format: int32
example: 3
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
EntitlementSummary:
description: EntitlementReference
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
description:
type: string
nullable: true
example: null
- type: object
properties:
source:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
privileged:
type: boolean
example: false
attribute:
type: string
example: memberOf
value:
type: string
example: 'CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
standalone:
type: boolean
example: false
Event:
description: Event
allOf:
- type: object
required:
- id
- name
- _type
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
name:
type: string
example: john.doe
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- account
- aggregation
- entitlement
- event
- identity
- role
example: identity
- type: object
properties:
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
action:
type: string
description: Name of the event as it's displayed in audit reports.
example: update
type:
type: string
description: 'Event type. Refer to [Event Types](https://documentation.sailpoint.com/saas/help/search/index.html#event-types) for a list of event types and their meanings.'
example: SYSTEM_CONFIG
actor:
type: string
description: Name of the actor that generated the event.
example: System
target:
type: string
description: 'Name of the target, or recipient, of the event.'
example: Carol.Adams
stack:
type: string
description: The event's stack.
example: tpe
trackingNumber:
type: string
description: ID of the group of events.
example: 63f891e0735f4cc8bf1968144a1e7440
ipAddress:
type: string
description: Target system's IP address.
example: 52.52.97.85
details:
type: string
description: ID of event's details.
example: 73b65dfbed1842548c207432a18c84b0
attributes:
type: object
description: Attributes involved in the event.
additionalProperties: true
example:
pod: stg03-useast1
org: acme
sourceName: SailPoint
objects:
type: array
description: Objects the event is happening to.
items:
type: string
example: AUTHENTICATION
operation:
type: string
description: 'Operation, or action, performed during the event.'
example: REQUEST
status:
type: string
description: 'Event status. Refer to [Event Statuses](https://documentation.sailpoint.com/saas/help/search/index.html#event-statuses) for a list of event statuses and their meanings.'
example: PASSED
technicalName:
type: string
description: Event's normalized name. This normalized name always follows the pattern of 'objects_operation_status'.
example: AUTHENTICATION_REQUEST_PASSED
IdentityDocument:
description: Identity
allOf:
- type: object
required:
- id
- name
- _type
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
name:
type: string
example: john.doe
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- account
- aggregation
- entitlement
- event
- identity
- role
example: identity
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
displayName:
type: string
example: Carol.Adams
description: Identity's display name.
firstName:
type: string
description: Identity's first name.
example: Carol
lastName:
type: string
description: Identity's last name.
example: Adams
email:
type: string
description: Identity's primary email address.
example: Carol.Adams@sailpointdemo.com
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
phone:
type: string
description: Identity's phone number.
example: +1 440-527-3672
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
inactive:
type: boolean
description: Indicates whether the identity is inactive.
default: false
example: false
protected:
type: boolean
description: Indicates whether the identity is protected.
default: false
example: false
status:
type: string
description: Identity's status in SailPoint.
example: UNREGISTERED
employeeNumber:
type: string
description: Identity's employee number.
example: 1a2a3d4e
manager:
type: object
description: Identity's manager.
nullable: true
properties:
id:
type: string
description: ID of identity's manager.
example: 2c9180867dfe694b017e208e27c05799
name:
type: string
description: Name of identity's manager.
example: Amanda.Ross
displayName:
type: string
description: Display name of identity's manager.
example: Amanda.Ross
isManager:
type: boolean
description: Indicates whether the identity is a manager of other identities.
example: false
identityProfile:
type: object
description: Identity's identity profile.
properties:
id:
type: string
description: Identity profile's ID.
example: 3bc8ad26b8664945866b31339d1ff7d2
name:
type: string
description: Identity profile's name.
example: HR Employees
source:
type: object
description: Identity's source.
properties:
id:
type: string
description: ID of identity's source.
example: 2c91808b6e9e6fb8016eec1a2b6f7b5f
name:
type: string
description: Display name of identity's source.
example: ODS-HR-Employees
attributes:
type: object
description: Map or dictionary of key/value pairs.
additionalProperties: true
example:
country: US
firstname: Carol
cloudStatus: UNREGISTERED
processingState:
type: string
description: Identity's processing state.
nullable: true
example: null
processingDetails:
description: Identity's processing details.
nullable: true
type: object
properties:
date:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
stage:
type: string
example: In Process
retryCount:
type: integer
example: 0
format: int32
stackTrace:
type: string
example:
message:
type: string
example:
accounts:
type: array
description: List of accounts associated with the identity.
items:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
accountId:
type: string
description: Account ID.
example: John.Doe
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
disabled:
type: boolean
description: Indicates whether the account is disabled.
default: false
example: false
locked:
type: boolean
description: Indicates whether the account is locked.
default: false
example: false
privileged:
type: boolean
description: Indicates whether the account is privileged.
default: false
example: false
manuallyCorrelated:
type: boolean
description: Indicates whether the account has been manually correlated to an identity.
default: false
example: false
passwordLastSet:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
entitlementAttributes:
type: object
nullable: true
description: Map or dictionary of key/value pairs.
additionalProperties: true
example:
moderator: true
admin: true
trust_level: '4'
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
accountCount:
type: integer
description: Number of accounts associated with the identity.
format: int32
example: 3
apps:
type: array
description: List of applications the identity has access to.
items:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
source:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
account:
type: object
properties:
id:
type: string
description: The SailPoint generated unique ID
example: 2c9180837dfe6949017e21f3d8cd6d49
accountId:
type: string
description: The account ID generated by the source
example: 'CN=Carol Adams,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
appCount:
type: integer
format: int32
description: Number of applications the identity has access to.
example: 2
access:
type: array
description: List of access items assigned to the identity.
items:
discriminator:
propertyName: type
mapping:
ACCESS_PROFILE: ../access/AccessProfileSummary.yaml
ENTITLEMENT: ../access/AccessProfileEntitlement.yaml
ROLE: ../access/AccessProfileRole.yaml
oneOf:
- description: This is a summary representation of an access profile.
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
description:
type: string
nullable: true
example: null
- type: object
properties:
source:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
owner:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
revocable:
type: boolean
example: true
- description: EntitlementReference
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
description:
type: string
nullable: true
example: null
- type: object
properties:
source:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
privileged:
type: boolean
example: false
attribute:
type: string
example: memberOf
value:
type: string
example: 'CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
standalone:
type: boolean
example: false
- description: Role
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
description:
type: string
nullable: true
example: null
- type: object
properties:
owner:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
disabled:
type: boolean
revocable:
type: boolean
accessCount:
type: integer
format: int32
description: Number of access items assigned to the identity.
example: 5
entitlementCount:
type: integer
format: int32
description: Number of entitlements assigned to the identity.
example: 10
roleCount:
type: integer
format: int32
description: Number of roles assigned to the identity.
example: 1
accessProfileCount:
type: integer
format: int32
description: Number of access profiles assigned to the identity.
example: 1
owns:
type: array
description: Access items the identity owns.
items:
type: object
properties:
sources:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
entitlements:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
accessProfiles:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
roles:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
apps:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
governanceGroups:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
fallbackApprover:
type: boolean
example: false
ownsCount:
type: integer
format: int32
description: Number of access items the identity owns.
example: 5
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
IdentityProfile:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
required:
- authoritativeSource
properties:
description:
type: string
description: The description of the Identity Profile.
example: My custom flat file profile
nullable: true
owner:
type: object
description: The owner of the Identity Profile.
nullable: true
properties:
type:
type: string
enum:
- IDENTITY
description: Type of the object to which this reference applies
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
priority:
type: integer
format: int64
description: The priority for an Identity Profile.
example: 10
authoritativeSource:
type: object
properties:
type:
type: string
enum:
- SOURCE
description: Type of the object to which this reference applies
example: SOURCE
id:
type: string
description: ID of the object to which this reference applies
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: HR Active Directory
identityRefreshRequired:
type: boolean
default: false
description: True if a identity refresh is needed. Typically triggered when a change on the source has been made.
example: true
identityCount:
type: integer
description: The number of identities that belong to the Identity Profile.
format: int32
example: 8
identityAttributeConfig:
type: object
description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process.
properties:
enabled:
description: The backend will only promote values if the profile/mapping is enabled.
type: boolean
default: false
example: true
attributeTransforms:
type: array
items:
type: object
description: Defines a transformation definition for an identity attribute.
properties:
identityAttributeName:
type: string
description: Name of the identity attribute.
example: email
transformDefinition:
description: The seaspray transformation definition.
type: object
properties:
type:
type: string
description: The type of the transform definition.
example: accountAttribute
attributes:
type: object
additionalProperties:
anyOf:
- type: string
- type: object
description: Arbitrary key-value pairs to store any metadata for the object
example:
attributeName: e-mail
sourceName: MySource
sourceId: 2c9180877a826e68017a8c0b03da1a53
identityExceptionReportReference:
type: object
nullable: true
properties:
taskResultId:
type: string
format: uuid
description: The id of the task result.
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
reportName:
type: string
example: My annual report
description: The name of the report.
hasTimeBasedAttr:
description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile.
type: boolean
default: false
example: true
IdentityReferenceWithNameAndEmail:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only
example: IDENTITY
id:
type: string
description: Identity id.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Human-readable display name of identity. This is read-only
example: Alison Ferguso
email:
type: string
description: Email address of identity. This is read-only
example: alison.ferguso@identitysoon.com
ProvisioningConfig:
type: object
description: Specification of a Service Desk integration provisioning configuration.
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
nullable: true
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
ProvisioningPolicy:
type: object
required:
- name
properties:
name:
type: string
description: the provisioning policy name
example: example provisioning policy for inactive identities
description:
type: string
description: the description of the provisioning policy
example: this provisioning policy creates access based on an identity going inactive
usageType:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
fields:
type: array
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: userName
transform:
type: object
description: The transform to apply to the field
example:
type: rule
attributes:
name: Create Unique LDAP Attribute
default: {}
attributes:
type: object
description: Attributes required for the transform
example:
template: '${firstname}.${lastname}${uniqueCounter}'
cloudMaxUniqueChecks: '50'
cloudMaxSize: '20'
cloudRequired: 'true'
isRequired:
type: boolean
readOnly: true
description: Flag indicating whether or not the attribute is required.
default: false
example: false
type:
type: string
description: The type of the attribute.
example: string
isMultiValued:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
default: false
example: false
QueuedCheckConfigDetails:
description: Configuration of maximum number days and interval for checking Service Desk integration queue status
required:
- provisioningStatusCheckIntervalMinutes
- provisioningMaxStatusCheckDays
type: object
properties:
provisioningStatusCheckIntervalMinutes:
description: interval in minutes between status checks
type: string
example: '30'
provisioningMaxStatusCheckDays:
description: maximum number of days to check
type: string
example: '2'
Reassignment:
type: object
nullable: true
properties:
from:
type: object
properties:
id:
type: string
description: The id of the certification.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the certification.
example: Certification Name
type:
type: string
enum:
- CERTIFICATION
example: CERTIFICATION
reviewer:
type: object
properties:
id:
type: string
description: The id of the reviewer.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the reviewer.
example: Reviewer Name
email:
type: string
description: The email of the reviewing identity.
example: reviewer@test.com
type:
type: string
enum:
- IDENTITY
description: The type of the reviewing identity.
example: IDENTITY
created:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The created date of the reviewing identity.
modified:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The modified date of the reviewing identity.
comment:
type: string
description: The comment entered when the Certification was reassigned
example: Reassigned for a reason
ReassignmentReference:
type: object
properties:
id:
type: string
description: The ID of item or identity being reassigned.
example: ef38f94347e94562b5bb8424a56397d8
type:
type: string
description: The type of item or identity being reassigned.
enum:
- TARGET_SUMMARY
- ITEM
- IDENTITY_SUMMARY
example: ITEM
required:
- id
- type
RemediationItems:
type: object
properties:
id:
type: string
description: The ID of the certification
example: 2c9180835d2e5168015d32f890ca1581
targetId:
type: string
description: The ID of the certification target
example: 2c9180835d2e5168015d32f890ca1581
targetName:
type: string
description: The name of the certification target
example: john.smith
targetDisplayName:
type: string
description: The display name of the certification target
example: emailAddress
applicationName:
type: string
description: The name of the application/source
example: Active Directory
attributeName:
type: string
description: The name of the attribute being certified
example: phoneNumber
attributeOperation:
type: string
description: The operation of the certification on the attribute
example: update
attributeValue:
type: string
description: The value of the attribute being certified
example: 512-555-1212
nativeIdentity:
type: string
description: The native identity of the target
example: jason.smith2
RequestableObject:
type: object
properties:
id:
type: string
description: Id of the requestable object itself
example: 2c9180835d2e5168015d32f890ca1581
name:
type: string
description: Human-readable display name of the requestable object
example: Applied Research Access
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
description: The time when the requestable object was created
modified:
nullable: true
type: string
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: The time when the requestable object was last modified
description:
type: string
description: Description of the requestable object.
example: 'Access to research information, lab results, and schematics.'
nullable: true
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: 'The currently supported requestable object types. '
example: ACCESS_PROFILE
requestStatus:
allOf:
- type: string
enum:
- AVAILABLE
- PENDING
- ASSIGNED
- null
description: 'Status indicating the ability of an access request for the object to be made by or on behalf of the identity specified by *identity-id*. *AVAILABLE* indicates the object is available to request. *PENDING* indicates the object is unavailable because the identity has a pending request in flight. *ASSIGNED* indicates the object is unavailable because the identity already has the indicated role or access profile. If *identity-id* is not specified (allowed only for admin users), then status will be *AVAILABLE* for all results.'
example: AVAILABLE
- nullable: true
identityRequestId:
type: string
description: 'If *requestStatus* is *PENDING*, indicates the id of the associated account activity.'
nullable: true
example: null
ownerRef:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only
example: IDENTITY
id:
type: string
description: Identity id.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Human-readable display name of identity. This is read-only
example: Alison Ferguso
email:
type: string
description: Email address of identity. This is read-only
example: alison.ferguso@identitysoon.com
requestCommentsRequired:
type: boolean
description: Whether the requester must provide comments when requesting the object.
example: false
RequestableObjectType:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: 'The currently supported requestable object types. '
example: ACCESS_PROFILE
RequestableObjectRequestStatus:
type: string
enum:
- AVAILABLE
- PENDING
- ASSIGNED
- null
description: 'Status indicating the ability of an access request for the object to be made by or on behalf of the identity specified by *identity-id*. *AVAILABLE* indicates the object is available to request. *PENDING* indicates the object is unavailable because the identity has a pending request in flight. *ASSIGNED* indicates the object is unavailable because the identity already has the indicated role or access profile. If *identity-id* is not specified (allowed only for admin users), then status will be *AVAILABLE* for all results.'
example: AVAILABLE
Reviewer:
type: object
properties:
id:
type: string
description: The id of the reviewer.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the reviewer.
example: Reviewer Name
email:
type: string
description: The email of the reviewing identity.
example: reviewer@test.com
type:
type: string
enum:
- IDENTITY
description: The type of the reviewing identity.
example: IDENTITY
created:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The created date of the reviewing identity.
modified:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The modified date of the reviewing identity.
RoleDocument:
description: Role
allOf:
- type: object
required:
- id
- name
- _type
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
name:
type: string
example: john.doe
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- account
- aggregation
- entitlement
- event
- identity
- role
example: identity
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
description:
type: string
description: Access item's description.
example: The admin role
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
nullable: true
format: date-time
example: '2018-06-25T20:22:33.104Z'
enabled:
type: boolean
description: Indicates whether the access item is currently enabled.
default: false
example: true
requestable:
type: boolean
description: Indicates whether the access item can be requested.
default: true
example: true
requestCommentsRequired:
type: boolean
description: Indicates whether comments are required for requests to access the item.
default: false
example: false
owner:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's display name.
example: Support
email:
type: string
description: Owner's email.
example: cloud-support@sailpoint.com
- type: object
properties:
accessProfiles:
type: array
description: Access profiles included with the role.
items:
type: object
properties:
id:
type: string
example: 2c91809c6faade77016fb4f0b63407ae
description: Access profile's unique ID.
name:
type: string
example: Admin Access
description: Access profile's display name.
accessProfileCount:
type: integer
description: Number of access profiles included with the role.
format: int32
example: 1
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
segments:
type: array
description: Segments with the role.
items:
type: object
properties:
id:
type: string
example: b009b6e3-b56d-41d9-8735-cb532ea0b017
description: Segment's unique ID.
name:
type: string
example: Test Segment
description: Segment's display name.
segmentCount:
type: integer
description: Number of segments with the role.
format: int32
example: 1
entitlements:
type: array
description: Entitlements included with the role.
items:
type: object
properties:
hasPermissions:
type: boolean
description: Indicates whether the entitlement has permissions.
default: false
example: false
description:
type: string
description: Entitlement's description.
example: Cloud engineering
attribute:
type: string
description: Entitlement attribute's name.
example: memberOf
value:
type: string
description: Entitlement's value.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
schema:
type: string
description: Entitlement's schema.
example: group
privileged:
type: boolean
description: Indicates whether the entitlement is privileged.
default: false
example: false
id:
type: string
description: Entitlement's ID.
example: 2c918084575812550157589064f33b89
name:
type: string
description: Entitlement's name.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
entitlementCount:
type: integer
description: Number of entitlements included with the role.
format: int32
example: 3
RoleSummary:
description: Role
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
description:
type: string
nullable: true
example: null
- type: object
properties:
owner:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
disabled:
type: boolean
revocable:
type: boolean
SearchDocument:
discriminator:
propertyName: _type
mapping:
accessprofile: ../model/access/profile/AccessProfileDocument.yaml
accountactivity: ../model/account/activity/AccountActivityDocument.yaml
entitlement: ../model/entitlement/EntitlementDocument.yaml
event: ../model/event/EventDocument.yaml
identity: ../model/identity/IdentityDocument.yaml
role: ../model/role/RoleDocument.yaml
oneOf:
- description: 'More complete representation of an access profile. '
allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
description:
type: string
description: Access item's description.
example: The admin role
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
nullable: true
format: date-time
example: '2018-06-25T20:22:33.104Z'
enabled:
type: boolean
description: Indicates whether the access item is currently enabled.
default: false
example: true
requestable:
type: boolean
description: Indicates whether the access item can be requested.
default: true
example: true
requestCommentsRequired:
type: boolean
description: Indicates whether comments are required for requests to access the item.
default: false
example: false
owner:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's display name.
example: Support
email:
type: string
description: Owner's email.
example: cloud-support@sailpoint.com
- type: object
required:
- id
- name
- _type
properties:
id:
type: string
description: Access profile's ID.
example: 2c9180825a6c1adc015a71c9023f0818
name:
type: string
description: Access profile's name.
example: Cloud Eng
_type:
description: |-
Access profile's document type.
This enum represents the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- account
- aggregation
- entitlement
- event
- identity
- role
example: accessprofile
source:
type: object
description: Access profile's source.
properties:
id:
type: string
description: Source's ID.
example: ff8081815757d4fb0157588f3d9d008f
name:
type: string
description: Source's name.
example: Employees
entitlements:
type: array
description: Entitlements the access profile has access to.
items:
type: object
properties:
hasPermissions:
type: boolean
description: Indicates whether the entitlement has permissions.
default: false
example: false
description:
type: string
description: Entitlement's description.
example: Cloud engineering
attribute:
type: string
description: Entitlement attribute's name.
example: memberOf
value:
type: string
description: Entitlement's value.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
schema:
type: string
description: Entitlement's schema.
example: group
privileged:
type: boolean
description: Indicates whether the entitlement is privileged.
default: false
example: false
id:
type: string
description: Entitlement's ID.
example: 2c918084575812550157589064f33b89
name:
type: string
description: Entitlement's name.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
entitlementCount:
type: integer
description: Number of entitlements.
example: 5
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
- description: AccountActivity
allOf:
- type: object
required:
- id
- name
- _type
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
name:
type: string
example: john.doe
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- account
- aggregation
- entitlement
- event
- identity
- role
example: identity
- type: object
properties:
action:
type: string
description: Type of action performed in the activity.
externalDocs:
description: Learn more about account activity action types
url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data'
example: Identity Refresh.
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
stage:
type: string
description: Activity's current stage.
example: Completed
origin:
type: string
description: Activity's origin.
nullable: true
example: null
status:
type: string
description: Activity's current status.
example: Complete
requester:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
recipient:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
trackingNumber:
type: string
description: Account activity's tracking number.
example: 61aad0c9e8134eca89e76a35e0cabe3f
errors:
type: array
description: Errors provided by the source while completing account actions.
items:
type: string
nullable: true
example: null
warnings:
type: array
description: Warnings provided by the source while completing account actions.
items:
type: string
nullable: true
example: null
approvals:
type: array
description: Approvals performed on an item during activity.
items:
type: object
properties:
comments:
type: array
items:
type: object
properties:
comment:
type: string
description: The comment text
example: This request was autoapproved by our automated ETS subscriber.
commenter:
type: string
description: The name of the commenter
example: Automated AR Approval
date:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
created:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
modified:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
owner:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
result:
type: string
description: The result of the approval
example: Finished
type:
type: string
nullable: true
example: null
originalRequests:
type: array
description: Original actions that triggered all individual source actions related to the account action.
items:
type: object
properties:
accountId:
type: string
description: Account ID.
example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com'
attributeRequests:
type: array
description: Attribute changes requested for account.
items:
type: object
properties:
name:
type: string
description: Attribute name.
example: groups
op:
type: string
description: Operation to perform on attribute.
example: Add
value:
type: string
description: Value of attribute.
example: '3203537556531076'
op:
type: string
description: Operation used.
example: add
source:
description: Account's source.
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
expansionItems:
type: array
description: Controls that translated the attribute requests into actual provisioning actions on the source.
items:
type: object
properties:
accountId:
type: string
description: The ID of the account
example: 2c91808981f58ea601821c3e93482e6f
cause:
type: string
example: Role
name:
type: string
description: The name of the item
example: smartsheet-role
attributeRequests:
type: array
items:
type: object
properties:
name:
type: string
description: Attribute name.
example: groups
op:
type: string
description: Operation to perform on attribute.
example: Add
value:
type: string
description: Value of attribute.
example: '3203537556531076'
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
accountRequests:
type: array
description: Account data for each individual source action triggered by the original requests.
items:
type: object
properties:
accountId:
type: string
description: Unique ID of the account
example: John.Doe
attributeRequests:
type: array
items:
type: object
properties:
name:
type: string
description: Attribute name.
example: groups
op:
type: string
description: Operation to perform on attribute.
example: Add
value:
type: string
description: Value of attribute.
example: '3203537556531076'
op:
type: string
example: Modify
description: The operation that was performed
provisioningTarget:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
result:
type: object
properties:
errors:
type: array
items:
type: string
example: |-
[ConnectorError] [
{
"code": "unrecognized_keys",
"keys": [
"groups"
],
"path": [],
"message": "Unrecognized key(s) in object: 'groups'"
}
] (requestId: 5e9d6df5-9b1b-47d9-9bf1-dc3a2893299e)
status:
type: string
description: The status of the account request
example: failed
ticketId:
type: string
nullable: true
example: null
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
sources:
type: string
description: Sources involved in the account activity.
example: 'smartsheet-test, airtable-v4, IdentityNow'
- description: Entitlement
allOf:
- type: object
required:
- id
- name
- _type
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
name:
type: string
example: john.doe
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- account
- aggregation
- entitlement
- event
- identity
- role
example: identity
- type: object
properties:
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
displayName:
type: string
description: Entitlement's display name.
example: Admin
source:
type: object
description: Entitlement's source.
properties:
id:
type: string
description: ID of entitlement's source.
example: 2c91808b6e9e6fb8016eec1a2b6f7b5f
name:
type: string
description: Display name of entitlement's source.
example: ODS-HR-Employees
segments:
type: array
description: Segments with the role.
items:
type: object
properties:
id:
type: string
example: b009b6e3-b56d-41d9-8735-cb532ea0b017
description: Segment's unique ID.
name:
type: string
example: Test Segment
description: Segment's display name.
segmentCount:
type: integer
description: Number of segments with the role.
format: int32
example: 1
requestable:
type: boolean
description: Indicates whether the entitlement is requestable.
default: false
example: false
cloudGoverned:
type: boolean
description: Indicates whether the entitlement is cloud governed.
default: false
example: false
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
privileged:
type: boolean
description: Indicates whether the entitlement is privileged.
default: false
example: false
identityCount:
type: integer
description: Number of identities who have access to the entitlement.
format: int32
example: 3
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
- description: Event
allOf:
- type: object
required:
- id
- name
- _type
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
name:
type: string
example: john.doe
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- account
- aggregation
- entitlement
- event
- identity
- role
example: identity
- type: object
properties:
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
action:
type: string
description: Name of the event as it's displayed in audit reports.
example: update
type:
type: string
description: 'Event type. Refer to [Event Types](https://documentation.sailpoint.com/saas/help/search/index.html#event-types) for a list of event types and their meanings.'
example: SYSTEM_CONFIG
actor:
type: string
description: Name of the actor that generated the event.
example: System
target:
type: string
description: 'Name of the target, or recipient, of the event.'
example: Carol.Adams
stack:
type: string
description: The event's stack.
example: tpe
trackingNumber:
type: string
description: ID of the group of events.
example: 63f891e0735f4cc8bf1968144a1e7440
ipAddress:
type: string
description: Target system's IP address.
example: 52.52.97.85
details:
type: string
description: ID of event's details.
example: 73b65dfbed1842548c207432a18c84b0
attributes:
type: object
description: Attributes involved in the event.
additionalProperties: true
example:
pod: stg03-useast1
org: acme
sourceName: SailPoint
objects:
type: array
description: Objects the event is happening to.
items:
type: string
example: AUTHENTICATION
operation:
type: string
description: 'Operation, or action, performed during the event.'
example: REQUEST
status:
type: string
description: 'Event status. Refer to [Event Statuses](https://documentation.sailpoint.com/saas/help/search/index.html#event-statuses) for a list of event statuses and their meanings.'
example: PASSED
technicalName:
type: string
description: Event's normalized name. This normalized name always follows the pattern of 'objects_operation_status'.
example: AUTHENTICATION_REQUEST_PASSED
- description: Identity
allOf:
- type: object
required:
- id
- name
- _type
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
name:
type: string
example: john.doe
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- account
- aggregation
- entitlement
- event
- identity
- role
example: identity
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
displayName:
type: string
example: Carol.Adams
description: Identity's display name.
firstName:
type: string
description: Identity's first name.
example: Carol
lastName:
type: string
description: Identity's last name.
example: Adams
email:
type: string
description: Identity's primary email address.
example: Carol.Adams@sailpointdemo.com
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
phone:
type: string
description: Identity's phone number.
example: +1 440-527-3672
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
inactive:
type: boolean
description: Indicates whether the identity is inactive.
default: false
example: false
protected:
type: boolean
description: Indicates whether the identity is protected.
default: false
example: false
status:
type: string
description: Identity's status in SailPoint.
example: UNREGISTERED
employeeNumber:
type: string
description: Identity's employee number.
example: 1a2a3d4e
manager:
type: object
description: Identity's manager.
nullable: true
properties:
id:
type: string
description: ID of identity's manager.
example: 2c9180867dfe694b017e208e27c05799
name:
type: string
description: Name of identity's manager.
example: Amanda.Ross
displayName:
type: string
description: Display name of identity's manager.
example: Amanda.Ross
isManager:
type: boolean
description: Indicates whether the identity is a manager of other identities.
example: false
identityProfile:
type: object
description: Identity's identity profile.
properties:
id:
type: string
description: Identity profile's ID.
example: 3bc8ad26b8664945866b31339d1ff7d2
name:
type: string
description: Identity profile's name.
example: HR Employees
source:
type: object
description: Identity's source.
properties:
id:
type: string
description: ID of identity's source.
example: 2c91808b6e9e6fb8016eec1a2b6f7b5f
name:
type: string
description: Display name of identity's source.
example: ODS-HR-Employees
attributes:
type: object
description: Map or dictionary of key/value pairs.
additionalProperties: true
example:
country: US
firstname: Carol
cloudStatus: UNREGISTERED
processingState:
type: string
description: Identity's processing state.
nullable: true
example: null
processingDetails:
description: Identity's processing details.
nullable: true
type: object
properties:
date:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
stage:
type: string
example: In Process
retryCount:
type: integer
example: 0
format: int32
stackTrace:
type: string
example:
message:
type: string
example:
accounts:
type: array
description: List of accounts associated with the identity.
items:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
accountId:
type: string
description: Account ID.
example: John.Doe
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
disabled:
type: boolean
description: Indicates whether the account is disabled.
default: false
example: false
locked:
type: boolean
description: Indicates whether the account is locked.
default: false
example: false
privileged:
type: boolean
description: Indicates whether the account is privileged.
default: false
example: false
manuallyCorrelated:
type: boolean
description: Indicates whether the account has been manually correlated to an identity.
default: false
example: false
passwordLastSet:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
entitlementAttributes:
type: object
nullable: true
description: Map or dictionary of key/value pairs.
additionalProperties: true
example:
moderator: true
admin: true
trust_level: '4'
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
accountCount:
type: integer
description: Number of accounts associated with the identity.
format: int32
example: 3
apps:
type: array
description: List of applications the identity has access to.
items:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
source:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
account:
type: object
properties:
id:
type: string
description: The SailPoint generated unique ID
example: 2c9180837dfe6949017e21f3d8cd6d49
accountId:
type: string
description: The account ID generated by the source
example: 'CN=Carol Adams,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
appCount:
type: integer
format: int32
description: Number of applications the identity has access to.
example: 2
access:
type: array
description: List of access items assigned to the identity.
items:
discriminator:
propertyName: type
mapping:
ACCESS_PROFILE: ../access/AccessProfileSummary.yaml
ENTITLEMENT: ../access/AccessProfileEntitlement.yaml
ROLE: ../access/AccessProfileRole.yaml
oneOf:
- description: This is a summary representation of an access profile.
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
description:
type: string
nullable: true
example: null
- type: object
properties:
source:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
owner:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
revocable:
type: boolean
example: true
- description: EntitlementReference
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
description:
type: string
nullable: true
example: null
- type: object
properties:
source:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
privileged:
type: boolean
example: false
attribute:
type: string
example: memberOf
value:
type: string
example: 'CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
standalone:
type: boolean
example: false
- description: Role
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
description:
type: string
nullable: true
example: null
- type: object
properties:
owner:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
disabled:
type: boolean
revocable:
type: boolean
accessCount:
type: integer
format: int32
description: Number of access items assigned to the identity.
example: 5
entitlementCount:
type: integer
format: int32
description: Number of entitlements assigned to the identity.
example: 10
roleCount:
type: integer
format: int32
description: Number of roles assigned to the identity.
example: 1
accessProfileCount:
type: integer
format: int32
description: Number of access profiles assigned to the identity.
example: 1
owns:
type: array
description: Access items the identity owns.
items:
type: object
properties:
sources:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
entitlements:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
accessProfiles:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
roles:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
apps:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
governanceGroups:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
fallbackApprover:
type: boolean
example: false
ownsCount:
type: integer
format: int32
description: Number of access items the identity owns.
example: 5
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
- description: Role
allOf:
- type: object
required:
- id
- name
- _type
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
name:
type: string
example: john.doe
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- account
- aggregation
- entitlement
- event
- identity
- role
example: identity
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
description:
type: string
description: Access item's description.
example: The admin role
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
nullable: true
format: date-time
example: '2018-06-25T20:22:33.104Z'
enabled:
type: boolean
description: Indicates whether the access item is currently enabled.
default: false
example: true
requestable:
type: boolean
description: Indicates whether the access item can be requested.
default: true
example: true
requestCommentsRequired:
type: boolean
description: Indicates whether comments are required for requests to access the item.
default: false
example: false
owner:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's display name.
example: Support
email:
type: string
description: Owner's email.
example: cloud-support@sailpoint.com
- type: object
properties:
accessProfiles:
type: array
description: Access profiles included with the role.
items:
type: object
properties:
id:
type: string
example: 2c91809c6faade77016fb4f0b63407ae
description: Access profile's unique ID.
name:
type: string
example: Admin Access
description: Access profile's display name.
accessProfileCount:
type: integer
description: Number of access profiles included with the role.
format: int32
example: 1
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
segments:
type: array
description: Segments with the role.
items:
type: object
properties:
id:
type: string
example: b009b6e3-b56d-41d9-8735-cb532ea0b017
description: Segment's unique ID.
name:
type: string
example: Test Segment
description: Segment's display name.
segmentCount:
type: integer
description: Number of segments with the role.
format: int32
example: 1
entitlements:
type: array
description: Entitlements included with the role.
items:
type: object
properties:
hasPermissions:
type: boolean
description: Indicates whether the entitlement has permissions.
default: false
example: false
description:
type: string
description: Entitlement's description.
example: Cloud engineering
attribute:
type: string
description: Entitlement attribute's name.
example: memberOf
value:
type: string
description: Entitlement's value.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
schema:
type: string
description: Entitlement's schema.
example: group
privileged:
type: boolean
description: Indicates whether the entitlement is privileged.
default: false
example: false
id:
type: string
description: Entitlement's ID.
example: 2c918084575812550157589064f33b89
name:
type: string
description: Entitlement's name.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
entitlementCount:
type: integer
description: Number of entitlements included with the role.
format: int32
example: 3
SavedSearch:
type: object
allOf:
- type: object
properties:
id:
description: |
The saved search ID.
type: string
example: 0de46054-fe90-434a-b84e-c6b3359d0c64
owner:
description: |
The owner of the saved search.
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
description: |
The id of the object.
type: string
example: 2c91808568c529c60168cca6f90c1313
required:
- type
- id
ownerId:
type: string
description: The ID of the identity that owns this saved search.
example: 2c91808568c529c60168cca6f90c1313
public:
type: boolean
description: Whether this saved search is visible to anyone but the owner. This field will always be false as there is no way to set a saved search as public at this time.
default: false
example: false
- type: object
properties:
name:
description: |
The name of the saved search.
type: string
example: Disabled accounts
description:
description: |
The description of the saved search.
type: string
nullable: true
example: Disabled accounts
- type: object
properties:
created:
description: |
The date the saved search was initially created.
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
description: |
The last date the saved search was modified.
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
indices:
description: |
The names of the Elasticsearch indices in which to search.
type: array
items:
description: |-
Enum representing the currently supported indices.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofiles
- accountactivities
- entitlements
- events
- identities
- roles
- '*'
example: identities
example:
- identities
columns:
description: |
The columns to be returned (specifies the order in which they will be presented) for each document type.
The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_.
type: object
additionalProperties:
type: array
items:
type: object
properties:
field:
description: |
The name of the field.
type: string
example: email
header:
description: |
The value of the header.
type: string
example: Work Email
required:
- field
example:
identity:
- field: displayName
header: Display Name
- field: e-mail
header: Work Email
query:
description: |
The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL.
type: string
example: '@accounts(disabled:true)'
fields:
description: |
The fields to be searched against in a multi-field query.
type: array
nullable: true
items:
type: string
example:
- disabled
orderBy:
description: |
Sort by index. This takes precedence over the `sort` property.
type: object
additionalProperties:
type: array
items:
type: string
nullable: true
example:
identity:
- lastName
- firstName
role:
- name
sort:
description: |
The fields to be used to sort the search results.
type: array
items:
type: string
example:
- displayName
nullable: true
filters:
nullable: true
allOf:
- type: object
description: The filters to be applied for each filtered field name.
example:
attributes.cloudAuthoritativeSource:
type: EXISTS
exclude: true
accessCount:
type: RANGE
range:
lower:
value: '3'
created:
type: RANGE
range:
lower:
value: '2019-12-01'
inclusive: true
upper:
value: '2020-01-01'
source.name:
type: TERMS
terms:
- HR Employees
- Corporate Active Directory
exclude: true
protected:
type: TERMS
terms:
- 'true'
- type: object
properties:
type:
description: |-
Enum representing the currently supported filter types.
Additional values may be added in the future without notice.
type: string
enum:
- EXISTS
- RANGE
- TERMS
example: RANGE
range:
type: object
description: The range of values to be filtered.
properties:
lower:
description: The lower bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
upper:
description: The upper bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
terms:
description: The terms to be filtered.
type: array
items:
type: string
example: account_count
exclude:
description: Indicates if the filter excludes results.
type: boolean
default: false
example: false
required:
- indices
- query
Schedule:
type: object
description: The schedule information.
properties:
type:
description: |
Enum representing the currently supported schedule types.
Additional values may be added in the future without notice.
type: string
enum:
- DAILY
- WEEKLY
- MONTHLY
- CALENDAR
- ANNUALLY
example: WEEKLY
months:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The months to execute the search. This only applies to schedules with a type of `ANNUALLY`.
example:
type: LIST
values:
- '3'
- '6'
- '9'
- '12'
nullable: true
days:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The days to execute the search.
If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.
If `type` is `MONTHLY` or `ANNUALLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month.
example:
type: LIST
values:
- MON
- WED
- FRI
nullable: true
hours:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: The hours selected.
example:
type: RANGE
values:
- '9'
- '18'
interval: 3
expiration:
description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000'''
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
timeZoneId:
description: 'The canonical TZ identifier the schedule will run in (ex. America/New_York). If no timezone is specified, the org''s default timezone is used.'
nullable: true
type: string
example: America/Chicago
required:
- type
- hours
ScheduledSearch:
type: object
allOf:
- type: object
properties:
id:
description: The scheduled search ID.
type: string
example: 0de46054-fe90-434a-b84e-c6b3359d0c64
readOnly: true
owner:
description: The owner of the scheduled search
readOnly: true
type: object
properties:
type:
type: string
description: The type of object being referenced
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: The ID of the referenced object
example: 2c9180867624cbd7017642d8c8c81f67
required:
- type
- id
ownerId:
description: |
The ID of the scheduled search owner.
Please use the `id` in the `owner` object instead.
type: string
example: 2c9180867624cbd7017642d8c8c81f67
readOnly: true
deprecated: true
- type: object
properties:
name:
description: |
The name of the scheduled search.
type: string
example: Daily disabled accounts
nullable: true
description:
description: |
The description of the scheduled search.
type: string
nullable: true
example: Daily disabled accounts
- type: object
properties:
savedSearchId:
description: The ID of the saved search that will be executed.
type: string
example: 554f1511-f0a1-4744-ab14-599514d3e57c
created:
allOf:
- type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
description: The date the scheduled search was initially created.
readOnly: true
modified:
allOf:
- type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
description: The last date the scheduled search was modified.
readOnly: true
schedule:
type: object
description: The schedule information.
properties:
type:
description: |
Enum representing the currently supported schedule types.
Additional values may be added in the future without notice.
type: string
enum:
- DAILY
- WEEKLY
- MONTHLY
- CALENDAR
- ANNUALLY
example: WEEKLY
months:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The months to execute the search. This only applies to schedules with a type of `ANNUALLY`.
example:
type: LIST
values:
- '3'
- '6'
- '9'
- '12'
nullable: true
days:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The days to execute the search.
If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.
If `type` is `MONTHLY` or `ANNUALLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month.
example:
type: LIST
values:
- MON
- WED
- FRI
nullable: true
hours:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: The hours selected.
example:
type: RANGE
values:
- '9'
- '18'
interval: 3
expiration:
description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000'''
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
timeZoneId:
description: 'The canonical TZ identifier the schedule will run in (ex. America/New_York). If no timezone is specified, the org''s default timezone is used.'
nullable: true
type: string
example: America/Chicago
required:
- type
- hours
recipients:
description: A list of identities that should receive the scheduled search report via email.
type: array
items:
type: object
properties:
type:
type: string
description: The type of object being referenced
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: The ID of the referenced object
example: 2c9180867624cbd7017642d8c8c81f67
required:
- type
- id
enabled:
description: |
Indicates if the scheduled search is enabled.
type: boolean
default: false
example: false
emailEmptyResults:
description: |
Indicates if email generation should occur when search returns no results.
type: boolean
default: false
example: false
displayQueryDetails:
description: |
Indicates if the generated email should include the query and search results preview (which could include PII).
type: boolean
default: false
example: false
required:
- savedSearchId
- schedule
- recipients
required:
- id
- owner
- ownerId
ServiceDeskIntegrationDto:
allOf:
- type: object
description: Service Desk integration's specification.
required:
- name
- description
- type
- attributes
properties:
id:
type: string
description: Unique identifier for the Service Desk integration
example: 62945a496ef440189b1f03e3623411c8
name:
description: Service Desk integration's name. The name must be unique.
type: string
example: Service Desk Integration Name
created:
type: string
format: date-time
description: The date and time the Service Desk integration was created
example: '2024-01-17T18:45:25.994Z'
modified:
type: string
format: date-time
description: The date and time the Service Desk integration was last modified
example: '2024-02-18T18:45:25.994Z'
description:
description: Service Desk integration's description.
type: string
example: A very nice Service Desk integration
type:
description: |
Service Desk integration types:
- ServiceNowSDIM
- ServiceNow
type: string
default: ServiceNowSDIM
example: ServiceNowSDIM
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
clusterRef:
allOf:
- type: object
description: Source cluster.
properties:
type:
type: string
description: Source cluster DTO type.
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Source cluster ID.
example: 2c9180847a7fccdd017aa5896f9f4f6f
name:
type: string
description: Source cluster display name.
example: Training VA
cluster:
description: 'Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility).'
type: string
example: xyzzy999
deprecated: true
nullable: true
managedSources:
description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility).'
type: array
items:
type: string
deprecated: true
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
nullable: true
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
attributes:
description: Service Desk integration's attributes. Validation constraints enforced by the implementation.
type: object
additionalProperties: true
example:
property: value
key: value
beforeProvisioningRule:
allOf:
- type: object
description: Before Provisioning Rule.
properties:
type:
type: string
description: Before Provisioning Rule DTO type.
enum:
- RULE
example: RULE
id:
type: string
description: Before Provisioning Rule ID.
example: 048eb3d55c5a4758bd07dccb87741c78
name:
type: string
description: Rule display name.
example: Before Provisioning Airtable Rule
ServiceDeskIntegrationTemplateDto:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
description: 'This is the model for a Service Desk integration template, used to create and edit Service Desk Integrations.'
required:
- type
- attributes
- provisioningConfig
properties:
type:
description: The 'type' property specifies the type of the Service Desk integration template.
type: string
example: Web Service SDIM
default: Web Service SDIM
attributes:
description: The 'attributes' property value is a map of attributes available for integrations using this Service Desk integration template.
type: object
additionalProperties: true
example:
property: value
key: value
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations using the template.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
nullable: true
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
ServiceDeskIntegrationTemplateType:
description: This represents a Service Desk Integration template type.
required:
- type
- scriptName
type: object
properties:
name:
description: This is the name of the type.
example: aName
type: string
type:
description: This is the type value for the type.
example: aType
type: string
scriptName:
description: This is the scriptName attribute value for the type.
example: aScriptName
type: string
Source:
type: object
properties:
id:
type: string
readOnly: true
description: the id of the Source
example: 2c91808568c529c60168cca6f90c1324
name:
type: string
description: Human-readable name of the source
example: My Source
description:
type: string
description: Human-readable description of the source
example: This is the corporate directory.
owner:
description: Reference to an owning Identity Object
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of the identity
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the identity
example: MyName
cluster:
description: Reference to the associated Cluster
type: object
nullable: true
required:
- name
- id
- type
properties:
type:
description: The type of object being referenced
type: string
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: ID of the cluster
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Human-readable display name of the cluster
example: Corporate Cluster
accountCorrelationConfig:
description: Reference to an Account Correlation Config object
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
example: ACCOUNT_CORRELATION_CONFIG
id:
type: string
description: ID of the account correlation config
example: 2c9180855d191c59015d28583727245a
name:
type: string
description: Human-readable display name of the account correlation config
example: 'Directory [source-62867] Account Correlation'
accountCorrelationRule:
description: 'Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can''t be used.'
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- RULE
example: RULE
id:
type: string
description: ID of the rule
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Human-readable display name of the rule
example: Example Rule
managerCorrelationMapping:
allOf:
- type: object
properties:
accountAttributeName:
type: string
description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
example: manager
identityAttributeName:
type: string
description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
example: manager
- nullable: true
description: |
Filter Object used during manager correlation to match incoming manager values to an existing manager's
Account/Identity
managerCorrelationRule:
description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.'
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- RULE
example: RULE
id:
type: string
description: ID of the rule
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Human-readable display name of the rule
example: Example Rule
beforeProvisioningRule:
description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- RULE
example: RULE
id:
type: string
description: ID of the rule
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Human-readable display name of the rule
example: Example Rule
schemas:
type: array
items:
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: ID of the schema
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Human-readable display name of the schema
example: MySchema
description: List of references to Schema objects
example:
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232a
name: account
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232b
name: group
passwordPolicies:
type: array
nullable: true
items:
type: object
properties:
type:
description: The type of object being referenced
type: string
enum:
- PASSWORD_POLICY
example: PASSWORD_POLICY
id:
type: string
description: ID of the policy
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Human-readable display name of the policy
example: My Password Policy
description: List of references to the associated PasswordPolicy objects.
example:
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb053980
name: Corporate Password Policy
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb057777
name: Vendor Password Policy
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
type:
type: string
description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. '
example: OpenLDAP - Direct
connector:
type: string
description: Connector script name.
example: active-directory
connectorClass:
type: string
description: The fully qualified name of the Java class that implements the connector interface.
example: sailpoint.connector.LDAPConnector
connectorAttributes:
type: object
description: Connector specific configuration; will differ from type to type.
example:
healthCheckTimeout: 30
authSearchAttributes:
- cn
- uid
- mail
deleteThreshold:
type: integer
format: int32
description: Number from 0 to 100 that specifies when to skip the delete phase.
example: 10
authoritative:
type: boolean
description: When true indicates the source is referenced by an IdentityProfile.
default: false
example: false
managementWorkgroup:
description: Reference to Management Workgroup for this Source
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- GOVERNANCE_GROUP
example: GOVERNANCE_GROUP
id:
type: string
description: ID of the management workgroup
example: 2c91808568c529c60168cca6f90c2222
name:
type: string
description: Human-readable display name of the management workgroup
example: My Management Workgroup
healthy:
type: boolean
description: When true indicates a healthy source
default: false
example: true
status:
type: string
description: 'A status identifier, giving specific information on why a source is healthy or not'
example: SOURCE_STATE_HEALTHY
since:
type: string
description: Timestamp showing when a source health check was last performed
example: '2021-09-28T15:48:29.3801666300Z'
connectorId:
type: string
description: The id of connector
example: active-directory
connectorName:
type: string
description: The name of the connector that was chosen on source creation
example: Active Directory
connectionType:
type: string
description: The type of connection (direct or file)
example: file
connectorImplementationId:
type: string
description: The connector implementation id
example: delimited-file
created:
type: string
description: The date-time when the source was created
format: date-time
example: 2022-02-08T14:50:03.827Z
modified:
type: string
description: The date-time when the source was last modified
format: date-time
example: 2024-01-23T18:08:50.897Z
credentialProviderEnabled:
type: boolean
description: Enables credential provider for this source. If credentialProvider is turned on then source can use credential provider(s) to fetch credentials.
default: false
example: false
category:
type: string
nullable: true
default: null
description: 'The category of source (e.g. null, CredentialProvider)'
example: CredentialProvider
required:
- name
- owner
- connector
SourceHealthDto:
type: object
description: Dto for source health data
properties:
id:
type: string
readOnly: true
description: the id of the Source
example: 2c91808568c529c60168cca6f90c1324
type:
type: string
description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. '
example: OpenLDAP - Direct
name:
type: string
description: the name of the source
example: Source1234
org:
type: string
description: source's org
example: denali-cjh
isAuthoritative:
type: boolean
example: false
description: Is the source authoritative
isCluster:
type: boolean
example: false
description: Is the source in a cluster
hostname:
type: string
example: megapod-useast1-secret-hostname.sailpoint.com
description: source's hostname
pod:
type: string
description: source's pod
example: megapod-useast1
iqServiceVersion:
type: string
description: The version of the iqService
example: iqVersion123
status:
type: string
enum:
- SOURCE_STATE_ERROR_CLUSTER
- SOURCE_STATE_ERROR_SOURCE
- SOURCE_STATE_ERROR_VA
- SOURCE_STATE_FAILURE_CLUSTER
- SOURCE_STATE_FAILURE_SOURCE
- SOURCE_STATE_HEALTHY
- SOURCE_STATE_UNCHECKED_CLUSTER
- SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES
- SOURCE_STATE_UNCHECKED_SOURCE
- SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS
description: connection test result
example: SOURCE_STATE_UNCHECKED_SOURCE
Transform:
type: object
description: The representation of an internally- or customer-defined transform.
required:
- name
- type
- attributes
properties:
name:
type: string
description: Unique name of this transform
example: Timestamp To Date
minLength: 1
maxLength: 50
type:
type: string
description: The type of transform operation
enum:
- accountAttribute
- base64Decode
- base64Encode
- concat
- conditional
- dateCompare
- dateFormat
- dateMath
- decomposeDiacriticalMarks
- e164phone
- firstValid
- rule
- identityAttribute
- indexOf
- iso3166
- lastIndexOf
- leftPad
- lookup
- lower
- normalizeNames
- randomAlphaNumeric
- randomNumeric
- reference
- replaceAll
- replace
- rightPad
- split
- static
- substring
- trim
- upper
- usernameGenerator
- uuid
- displayName
- rfc5646
example: dateFormat
externalDocs:
description: Transform Operations
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations'
attributes:
nullable: true
description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed.
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Decode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Encode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: concat
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of items to join together
example:
- John
- ' '
- Smith
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: conditional
type: object
required:
- expression
- positiveCondition
- negativeCondition
properties:
expression:
type: string
description: |-
A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms.
The `eq` operator is the only valid comparison
example: ValueA eq ValueB
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: 'false'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateCompare
type: object
required:
- firstDate
- secondDate
- operator
- positiveCondition
- negativeCondition
properties:
firstDate:
description: This is the first date to consider (The date that would be on the left hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
secondDate:
description: This is the second date to consider (The date that would be on the right hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
operator:
type: string
description: |
This is the comparison to perform.
| Operation | Description |
| --------- | ------- |
| LT | Strictly less than: firstDate < secondDate |
| LTE | Less than or equal to: firstDate <= secondDate |
| GT | Strictly greater than: firstDate > secondDate |
| GTE | Greater than or equal to: firstDate >= secondDate |
enum:
- LT
- LTE
- GT
- GTE
example: LT
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateMath
type: object
required:
- expression
properties:
expression:
type: string
description: |
A string value of the date and time components to operation on, along with the math operations to execute.
externalDocs:
description: Date Math Expressions
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure'
example: now+1w
roundUp:
type: boolean
description: |
A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression.
If not provided, the transform will default to `false`
`true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)
`false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated)
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: decomposeDiacriticalMarks
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: e164phone
type: object
properties:
defaultRegion:
type: string
description: |
This is an optional attribute that can be used to define the region of the phone number to format into.
If defaultRegion is not provided, it will take US as the default country.
The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)
example: US
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: firstValid
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of attributes to evaluate for existence.
example:
- attributes:
sourceName: Active Directory
attributeName: sAMAccountName
type: accountAttribute
- attributes:
sourceName: Okta
attributeName: login
type: accountAttribute
- attributes:
sourceName: HR Source
attributeName: employeeID
type: accountAttribute
ignoreErrors:
type: boolean
description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: rule
oneOf:
- type: object
required:
- name
properties:
name:
type: string
description: This is the name of the Generic rule that needs to be invoked by the transform
example: Generic Calculation Rule
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- type: object
required:
- name
- operation
- includeNumbers
- includeSpecialChars
- length
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `generateRandomString`
example: generateRandomString
includeNumbers:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include numbers
example: true
includeSpecialChars:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include special characters
example: true
length:
type: string
description: |
This specifies how long the randomly generated string needs to be
>NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- type: object
required:
- name
- operation
- uid
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `getReferenceIdentityAttribute`
example: getReferenceIdentityAttribute
uid:
type: string
description: |
This is the SailPoint User Name (uid) value of the identity whose attribute is desired
As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute.
example: 2c91808570313110017040b06f344ec9
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- title: identityAttribute
type: object
required:
- name
properties:
name:
type: string
description: The system (camel-cased) name of the identity attribute to bring in
example: email
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: indexOf
type: object
required:
- substring
properties:
substring:
type: string
description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.'
example: admin_
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: iso3166
type: object
properties:
format:
type: string
description: |
An optional value to denote which ISO 3166 format to return. Valid values are:
`alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied
`alpha3` - Three-character country code (e.g., "USA")
`numeric` - The numeric country code (e.g., "840")
example: alpha2
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: leftPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lookup
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: |
This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched
>**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform.
example:
USA: Americas
FRA: EMEA
AUS: APAC
default: Unknown Region
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lower
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: nameNormalizer
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomAlphaNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: reference
type: object
required:
- id
properties:
id:
type: string
description: This ID specifies the name of the pre-existing transform which you want to use within your current transform
example: Existing Transform
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replaceAll
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.'
example:
'-': ' '
'"': ''''
ñ: 'n'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replace
type: object
required:
- regex
- replacement
properties:
regex:
type: string
description: This can be a string or a regex pattern in which you want to replace.
example: '[^a-zA-Z]'
externalDocs:
description: Regex Builder
url: 'https://regex101.com/'
replacement:
type: string
description: This is the replacement string that should be substituded wherever the string or pattern is found.
example: ' '
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: rightPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: split
type: object
required:
- delimiter
- index
properties:
delimiter:
type: string
description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data'
example: ','
index:
type: string
description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.'
example: '5'
throws:
type: boolean
description: |
A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)
`true` - The transform should return "IndexOutOfBoundsException"
`false` - The transform should return null
If not provided, the transform will default to false and return a null
example: true
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: static
type: object
required:
- values
properties:
values:
type: string
description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.'
example: string$variable
externalDocs:
description: Static Transform Documentation
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: substring
type: object
required:
- begin
properties:
begin:
type: integer
description: |
The index of the first character to include in the returned substring.
If `begin` is set to -1, the transform will begin at character 0 of the input data
example: 1
format: int32
beginOffset:
type: integer
description: |
This integer value is the number of characters to add to the begin attribute when returning a substring.
This attribute is only used if begin is not -1.
example: 3
format: int32
end:
type: integer
description: |
The index of the first character to exclude from the returned substring.
If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.
example: 6
format: int32
endOffset:
type: integer
description: |
This integer value is the number of characters to add to the end attribute when returning a substring.
This attribute is only used if end is provided and is not -1.
example: 1
format: int32
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: trim
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: upper
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: uuid
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
WorkItems:
type: object
properties:
id:
type: string
description: ID of the work item
example: 2c9180835d2e5168015d32f890ca1581
requesterId:
type: string
description: ID of the requester
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
requesterDisplayName:
type: string
description: The displayname of the requester
example: John Smith
nullable: true
ownerId:
type: string
description: The ID of the owner
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
ownerName:
type: string
description: The name of the owner
example: Jason Smith
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
description: Time when the work item was created
modified:
type: string
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: Time when the work item was last updated
nullable: true
description:
type: string
description: The description of the work item
example: Create account on source 'AD'
state:
type: string
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
example: Finished
description: The state of a work item
type:
type: string
enum:
- Generic
- Certification
- Remediation
- Delegation
- Approval
- ViolationReview
- Form
- PolicyVioloation
- Challenge
- ImpactAnalysis
- Signoff
- Event
- ManualAction
- Test
example: Generic
description: The type of the work item
remediationItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The ID of the certification
example: 2c9180835d2e5168015d32f890ca1581
targetId:
type: string
description: The ID of the certification target
example: 2c9180835d2e5168015d32f890ca1581
targetName:
type: string
description: The name of the certification target
example: john.smith
targetDisplayName:
type: string
description: The display name of the certification target
example: emailAddress
applicationName:
type: string
description: The name of the application/source
example: Active Directory
attributeName:
type: string
description: The name of the attribute being certified
example: phoneNumber
attributeOperation:
type: string
description: The operation of the certification on the attribute
example: update
attributeValue:
type: string
description: The value of the attribute being certified
example: 512-555-1212
nativeIdentity:
type: string
description: The native identity of the target
example: jason.smith2
description: A list of remediation items
approvalItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The approval item's ID
example: 2c9180835d2e5168015d32f890ca1581
account:
type: string
description: The account referenced by the approval item
example: john.smith
nullable: true
application:
type: string
description: The name of the application/source
example: Active Directory
name:
type: string
description: The attribute's name
example: emailAddress
nullable: true
operation:
type: string
description: The attribute's operation
example: update
value:
type: string
description: The attribute's value
example: a@b.com
nullable: true
state:
allOf:
- type: string
enum:
- FINISHED
- REJECTED
- RETURNED
- EXPIRED
- PENDING
- CANCELED
- null
example: FINISHED
description: The state of a work item
- nullable: true
description: A list of items that need to be approved
name:
type: string
description: The work item name
example: Account Create
nullable: true
completed:
type: string
format: date-time
example: '2018-10-19T13:49:37.385Z'
description: The time at which the work item completed
nullable: true
numItems:
type: integer
format: int32
description: The number of items in the work item
example: 19
nullable: true
form:
allOf:
- type: object
properties:
id:
type: string
description: ID of the form
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
name:
type: string
description: Name of the form
example: AccountSelection Form
nullable: true
title:
type: string
description: The form title
example: Account Selection for John.Doe
subtitle:
type: string
description: The form subtitle.
example: Please select from the following
targetUser:
type: string
description: The name of the user that should be shown this form
example: Jane.Doe
sections:
type: array
items:
type: object
allOf:
- type: object
properties:
name:
type: string
description: Name of the FormItem
example: Field1
- type: object
properties:
label:
type: string
description: Label of the section
example: Section 1
formItems:
type: array
items:
type: object
description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
example: []
description: Sections of the form
- nullable: true
errors:
type: array
items:
type: string
example:
- The work item ID that was specified was not found.
description: An array of errors that ocurred during the work item
WorkItemsCount:
type: object
properties:
count:
type: integer
description: The count of work items
example: 29
WorkItemsSummary:
type: object
properties:
open:
type: integer
description: The count of open work items
example: 29
completed:
type: integer
description: The count of completed work items
example: 1
total:
type: integer
description: The count of total work items
example: 30
AccountUsage:
type: object
properties:
date:
type: string
format: date
description: The first day of the month for which activity is aggregated.
example: '2023-04-21'
count:
type: integer
format: int64
description: The number of days within the month that the account was active in a source.
example: 10
SourceUsage:
type: object
properties:
date:
type: string
format: date
description: The first day of the month for which activity is aggregated.
example: '2023-04-21'
count:
type: number
format: float
description: 'The average number of days that accounts were active within this source, for the month.'
example: 10.45
SourceUsageStatus:
type: object
properties:
status:
type: string
description: |-
Source Usage Status. Acceptable values are:
- COMPLETE
- This status means that an activity data source has been setup and usage insights are available for the source.
- INCOMPLETE
- This status means that an activity data source has not been setup and usage insights are not available for the source.
example: COMPLETE
enum:
- COMPLETE
- INCOMPLETE
BrandingItem:
type: object
properties:
name:
type: string
description: name of branding item
example: default
productName:
type: string
description: product name
example: product name
nullable: true
actionButtonColor:
type: string
description: hex value of color for action button
example: 0074D9
nullable: true
activeLinkColor:
type: string
description: hex value of color for link
example: 011E69
nullable: true
navigationColor:
type: string
description: hex value of color for navigation bar
example: 011E69
nullable: true
emailFromAddress:
type: string
description: email from address
example: no-reply@sailpoint.com
nullable: true
standardLogoURL:
type: string
description: url to standard logo
example: ''
nullable: true
loginInformationalMessage:
type: string
description: login information message
example: ''
nullable: true
BrandingItemCreate:
type: object
required:
- name
- productName
properties:
name:
type: string
description: name of branding item
example: custom-branding-item
productName:
type: string
description: product name
example: product name
nullable: true
actionButtonColor:
type: string
description: hex value of color for action button
example: 0074D9
activeLinkColor:
type: string
description: hex value of color for link
example: 011E69
navigationColor:
type: string
description: hex value of color for navigation bar
example: 011E69
emailFromAddress:
type: string
description: email from address
example: no-reply@sailpoint.com
loginInformationalMessage:
type: string
description: login information message
example: ''
fileStandard:
type: string
format: binary
description: png file with logo
example: \x00\x00\x00\x02