openapi: 3.0.1 info: title: Identity Security Cloud V3 API description: Use these APIs to interact with the Identity Security Cloud platform to achieve repeatable, automated processes with greater scalability. We encourage you to join the SailPoint Developer Community forum at https://developer.sailpoint.com/discuss to connect with other developers using our APIs. termsOfService: https://developer.sailpoint.com/discuss/tos contact: name: Developer Relations url: https://developer.sailpoint.com/discuss/api-help license: name: MIT url: https://opensource.org/licenses/MIT version: 3.0.0 servers: - url: https://{tenant}.api.identitynow.com/v3 description: This is the production API server. variables: tenant: default: sailpoint description: This is the name of your tenant, typically your company's name. - url: https://{apiUrl}/v3 description: This is the V3 API server. variables: apiUrl: default: sailpoint.api.identitynow.com description: This is the api url of your tenant security: - userAuth: - sp:scopes:all tags: - name: Access Profiles description: | Use this API to implement and customize access profile functionality. With this functionality in place, administrators can create access profiles and configure them for use throughout Identity Security Cloud, enabling users to get the access they need quickly and securely. Access profiles group entitlements, which represent access rights on sources. For example, an Active Directory source in Identity Security Cloud can have multiple entitlements: the first, 'Employees,' may represent the access all employees have at the organization, and a second, 'Developers,' may represent the access all developers have at the organization. An administrator can then create a broader set of access in the form of an access profile, 'AD Developers' grouping the 'Employees' entitlement with the 'Developers' entitlement. When users only need Active Directory employee access, they can request access to the 'Employees' entitlement. When users need both Active Directory employee and developer access, they can request access to the 'AD Developers' access profile. Identity Security Cloud uses access profiles in many features, including the following: - Provisioning: When you use the Provisioning Service, lifecycle states and roles both grant access to users in the form of access profiles. - Certifications: You can approve or revoke access profiles in certification campaigns, just like entitlements. - Access Requests: You can assign access profiles to applications, and when a user requests access to the app associated with an access profile and someone approves the request, access is granted to both the application and its associated access profile. - Roles: You can group one or more access profiles into a role to quickly assign access items based on an identity's role. In Identity Security Cloud, administrators can use the Access drop-down menu and select Access Profiles to view, configure, and delete existing access profiles, as well as create new ones. Administrators can enable and disable an access profile, and they can also make the following configurations: - Manage Entitlements: Manage the profile's access by adding and removing entitlements. - Access Requests: Configure access profiles to be requestable and establish an approval process for any requests that the access profile be granted or revoked. Do not configure an access profile to be requestable without first establishing a secure access request approval process for the access profile. - Multiple Account Options: Define the logic Identity Security Cloud uses to provision access to an identity with multiple accounts on the source. Refer to [Managing Access Profiles](https://documentation.sailpoint.com/saas/help/access/access-profiles.html) for more information about access profiles. - name: Access Request Approvals description: | Use this API to implement and customize access request approval functionality. With this functionality in place, administrators can delegate qualified users to review users' requests for access or managers' requests to revoke team members' access to applications, entitlements, or roles. This enables more qualified users to review access requests and the others to spend their time on other tasks. In Identity Security Cloud, users can request access to applications, entitlements, and roles, and managers can request that team members' access be revoked. For applications and entitlements, administrators can set access profiles to require approval from the access profile owner, the application owner, the source owner, the requesting user's manager, or a governance group for access to be granted or revoked. For roles, administrators can also set roles to allow access requests and require approval from the role owner, the requesting user's manager, or a governance group for access to be granted or revoked. If the administrator designates a governance group as the required approver, any governance group member can approve the requests. When a user submits an access request, Identity Security Cloud sends the first required approver in the queue an email notification, based on the access request configuration's approval and reminder escalation configuration. In Approvals in Identity Security Cloud, required approvers can view pending access requests under the Requested tab and approve or deny them, or the approvers can reassign the requests to different reviewers for approval. If the required approver approves the request and is the only reviewer required, Identity Security Cloud grants or revokes access, based on the request. If multiple reviewers are required, Identity Security Cloud sends the request to the next reviewer in the queue, based on the access request configuration's approval reminder and escalation configuration. The required approver can then view any completed access requests under the Reviewed tab. Refer to [Access Requests](https://documentation.sailpoint.com/saas/help/requests/index.html) for more information about access request approvals. - name: Access Requests description: | Use this API to implement and customize access request functionality. With this functionality in place, users can request access to applications, entitlements, or roles, and managers can request that team members' access be revoked. This allows users to get access to the tools they need quickly and securely, and it allows managers to take away access to those tools. Identity Security Cloud's Access Request service allows end users to request access that requires approval before it can be granted to users and enables qualified users to review those requests and approve or deny them. In the Request Center in Identity Security Cloud, users can view available applications, roles, and entitlements and request access to them. If the requested tools requires approval, the requests appear as 'Pending' under the My Requests tab until the required approver approves, rejects, or cancels them. Users can use My Requests to track and/or cancel the requests. In My Team on the Identity Security Cloud Home, managers can submit requests to revoke their team members' access. They can use the My Requests tab under Request Center to track and/or cancel the requests. Refer to [Requesting Access](https://documentation.sailpoint.com/saas/user-help/requests/request_center.html) for more information about access requests. - name: Account Activities description: | Use this API to implement account activity tracking functionality. With this functionality in place, users can track source account activity in Identity Security Cloud, which greatly improves traceability in the system. An account activity refers to a log of each action performed on a source account. This is useful for auditing the changes performed on an account throughout its life. In Identity Security Cloud's Search, users can search for account activities and select the activity's row to get an overview of the activity's account action and view its progress, its involved sources, and its most basic metadata, such as the identity requesting the option and the recipient. Account activity includes most actions Identity Security Cloud completes on source accounts. Users can search in Identity Security Cloud for the following account action types: - Access Request: These include any access requests the source account is involved in. - Account Attribute Updates: These include updates to a single attribute on an account on a source. - Account State Update: These include locking or unlocking actions on an account on a source. - Certification: These include actions removing an entitlement from an account on a source as a result of the entitlement's revocation during a certification. - Cloud Automated `Lifecyclestate`: These include automated lifecycle state changes that result in a source account's correlated identity being assigned to a different lifecycle state. Identity Security Cloud replaces the `Lifecyclestate` variable with the name of the lifecycle state it has moved the account's identity to. - Identity Attribute Update: These include updates to a source account's correlated identity attributes as the result of a provisioning action. When you update an identity attribute that also updates an identity's lifecycle state, the cloud automated `Lifecyclestate` event also displays. Account Activity does not include attribute updates that occur as a result of aggregation. - Identity Refresh: These include correlated identity refreshes that occur for an account on a source whenever the account's correlated identity profile gets a new role or updates. These also include refreshes that occur whenever Identity Security Cloud assigns an application to the account's correlated identity based on the application's being assigned to All Users From Source or Specific Users From Source. - Lifecycle State Refresh: These include the actions that took place when a lifecycle state changed. This event only occurs after a cloud automated `Lifecyclestate` change or a lifecycle state change. - Lifecycle State Change: These include the account activities that result from an identity's manual assignment to a null lifecycle state. - Password Change: These include password changes on sources. Refer to [Account Activity](https://documentation.sailpoint.com/saas/help/search/index.html#account-activity) for more information about account activities. - name: Account Usages description: | Use this API to implement account usage insight functionality. With this functionality in place, administrators can gather information and insights about how their tenants' source accounts are being used. This allows organizations to get the information they need to start optimizing and securing source account usage. - name: Accounts description: | Use this API to implement and customize account functionality. With this functionality in place, administrators can manage users' access across sources in Identity Security Cloud. In Identity Security Cloud, an account refers to a user's account on a supported source. This typically includes a unique identifier for the user, a unique password, a set of permissions associated with the source and a set of attributes. Identity Security Cloud loads accounts through the creation of sources in Identity Security Cloud. Administrators can correlate users' identities with the users' accounts on the different sources they use. This allows Identity Security Cloud to govern the access of identities and all their correlated accounts securely and cohesively. To view the accounts on a source and their correlated identities, administrators can use the Connections drop-down menu, select Sources, select the relevant source, and select its Account tab. To view and edit source account statuses for an identity in Identity Security Cloud, administrators can use the Identities drop-down menu, select Identity List, select the relevant identity, and select its Accounts tab. Administrators can toggle an account's Actions to aggregate the account, enable/disable it, unlock it, or remove it from the identity. Accounts can have the following statuses: - Enabled: The account is enabled. The user can access it. - Disabled: The account is disabled, and the user cannot access it, but the identity is not disabled in Identity Security Cloud. This can occur when an administrator disables the account or when the user's lifecycle state changes. - Locked: The account is locked. This may occur when someone has entered an incorrect password for the account too many times. - Pending: The account is currently updating. This status typically lasts seconds. Administrators can select the source account to view its attributes, entitlements, and the last time the account's password was changed. Refer to [Managing User Accounts](https://documentation.sailpoint.com/saas/help/accounts/identities.html?h=disabling+identities#managing-access) for more information about accounts. - name: Application Discovery description: | Use this API to implement application discovery functionality. With this functionality in place, you can discover applications within your Okta connector and receive connector recommendations by manually uploading application names. - name: Auth Users description: | Use this API to implement user authentication system functionality. With this functionality in place, users can get a user's authentication system details, including their capabilities, and modify those capabilities. The user's capabilities refer to their access to different systems, or authorization, within the tenant, like access to certifications (CERT_ADMIN) or reports (REPORT_ADMIN). These capabilities also determine a user's access to the different APIs. This API provides users with a way to determine a user's access and make quick and easy changes to that access. - name: Branding description: | Use this API to implement and customize branding functionality. With this functionality in place, administrators can get and manage existing branding items, and they can also create new branding items and configure them for use throughout Identity Security Cloud. The Branding APIs provide administrators with a way to customize branding items. This customization includes details like their colors, logos, and other information. Refer to [Certifications](https://documentation.sailpoint.com/saas/user-help/certs/reviewing/index.html) for more information about certifications. - name: Certification Campaign Filters description: | Use this API to implement the certification campaign filter functionality. These filters can be used to create a certification campaign that includes a subset of your entitlements or users to certify. For example, if for a certification campaign an organization wants to certify only specific users or entitlements, then those can be included/excluded on the basis of campaign filters. For more information about creating a campaign filter, refer to [Creating a Campaign Filter](https://documentation.sailpoint.com/saas/help/certs/campaign_filters.html#creating-a-campaign-filter) You can create campaign filters using any of the following criteria types: - Access Profile : This criteria type includes or excludes access profiles from a campaign. - Account Attribute : This criteria type includes or excludes certification items that match a specified value in an account attribute. - Entitlement : This criteria type includes or excludes entitlements from a campaign. - Identity : This criteria type includes or excludes specific identities from your campaign. - Identity Attribute : This criteria type includes or excludes identities based on whether they have an identity attribute that matches criteria you've chosen. - Role : This criteria type includes or excludes roles, as opposed to identities. - Source : This criteria type includes or excludes entitlements from a source you select. For more information about these criteria types, refer to [Types of Campaign Filters](https://documentation.sailpoint.com/saas/help/certs/campaign_filters.html#types-of-campaign-filters) Once the campaign filter is created, it can be linked while creating the campaign. The generated campaign will have the items to review as per the campaign filter. For example, An inclusion campaign filter is created with a source of Source 1, an operation of Equals, and an entitlement of Entitlement 1. When this filter is selected, only users who have Entitlement 1 are included in the campaign, and only Entitlement 1 is shown in the certification. - name: Certification Campaigns description: | Use this API to implement certification campaign functionality. With this functionality in place, administrators can create, customize, and manage certification campaigns for their organizations' use. Certification campaigns provide Identity Security Cloud users with an interactive review process they can use to identify and verify access to systems. Campaigns help organizations reduce risk of inappropriate access and satisfy audit requirements. A certification refers to Identity Security Cloud's mechanism for reviewing a user's access to entitlements (sets of permissions) and approving or removing that access. These certifications serve as a way of showing that a user's access has been reviewed and approved. Multiple certifications by different reviewers are often required to approve a user's access. A set of multiple certifications is called a certification campaign. For example, an organization may use a Manager Certification campaign as a way of showing that a user's access has been reviewed and approved by multiple managers. Once this campaign has been completed, Identity Security Cloud would provision all the access the user needs, nothing more. Identity Security Cloud provides two simple campaign types users can create without using search queries, Manager and Source Owner campaigns: You can create these types of campaigns without using any search queries in Identity Security Cloud: - ManagerCampaign: Identity Security Cloud provides this campaign type as a way to ensure that an identity's access is certified by their managers. You only need to provide a name and description to create one. - Source Owner Campaign: Identity Security Cloud provides this campaign type as a way to ensure that an identity's access to a source is certified by its source owners. You only need to provide a name and description to create one. You can specify the sources whose owners you want involved or just run it across all sources. For more information about these campaign types, refer to [Starting a Manager or Source Owner Campaign](https://documentation.sailpoint.com/saas/help/certs/starting_campaign.html). One useful way to create certification campaigns in Identity Security Cloud is to use a specific search and then run a campaign on the results returned by that search. This allows you to be much more specific about whom you are certifying in your campaigns and what access you are certifying in your campaigns. For example, you can search for all identities who are managed by "Amanda.Ross" and also have the access to the "Accounting" role and then run a certification campaign based on that search to ensure that the returned identities are appropriately certified. You can use Identity Security Cloud search queries to create these types of campaigns: - Identities: Use this campaign type to review and revoke access items for specific identities. You can either build a search query and create a campaign certifying all identities returned by that query, or you can search for individual identities and add those identities to the certification campaign. - Access Items: Use this campaign type to review and revoke a set of roles, access profiles, or entitlements from the identities that have them. You can either build a search query and create a campaign certifying all access items returned by that query, or you can search for individual access items and add those items to the certification campaign. - Role Composition: Use this campaign type to review a role's composition, including its title, description, and membership criteria. You can either build a search query and create a campaign certifying all roles returned by that query, or you can search for individual roles and add those roles to the certification campaign. - Uncorrelated Accounts: Use this campaign type to certify source accounts that aren't linked to an authoritative identity in Identity Security Cloud. You can use this campaign type to view all the uncorrelated accounts for a source and certify them. For more information about search-based campaigns, refer to [Starting a Campaign from Search](https://documentation.sailpoint.com/saas/help/certs/starting_search_campaign.html). Once you have generated your campaign, it becomes available for preview. An administrator can review the campaign and make changes, or if it's ready and accurate, activate it. Once the campaign is active, organization administrators or certification administrators can designate other Identity Security Cloud users as certification reviewers. Those reviewers can view any of the certifications they either need to review (active) or have already reviewed (completed). When a certification campaign is in progress, certification reviewers see the listed active certifications whose involved identities they can review. Reviewers can then make decisions to grant or revoke access, as well as reassign the certification to another reviewer. If the reviewer chooses this option, they must provide a reason for reassignment in the form of a comment. Once a reviewer has made decisions on all the certification's involved access items, he or she must "Sign Off" to complete the review process. Doing so converts the certification into read-only status, preventing any further changes to the review decisions and deleting the work item (task) from the reviewer's list of work items. Once all the reviewers have signed off, the certification campaign either completes or, if any reviewers decided to revoke access for any of the involved identities, it moves into a remediation phase. In the remediation phase, identities' entitlements are altered to remove any entitlements marked for revocation. In this situation, the certification campaign completes once all the remediation requests are completed. The end of a certification campaign is determined by its deadline, its completion status, or by an administrator's decision. For more information about certifications and certification campaigns, refer to [Certifications](https://documentation.sailpoint.com/saas/user-help/certs/reviewing/index.html). - name: Certification Summaries description: | Use this API to implement certification summary functionality. With this functionality in place, administrators and designated certification reviewers can review summaries of identity certification campaigns and draw conclusions about the campaigns' scope, security, and effectiveness. Implementing certification summary functionality improves organizations' ability to review their [certifications](https://documentation.sailpoint.com/saas/user-help/certs/reviewing/index.html) and helps them satisfy audit and regulatory requirements by enabling them to trace access changes and the decisions made in their review processes. A certification refers to Identity Security Cloud's mechanism for reviewing a user's access to entitlements (sets of permissions) and approving or removing that access. These certifications serve as a way of showing that a user's access has been reviewed and approved. Multiple certifications by different reviewers are often required to approve a user's access. A set of multiple certifications is called a certification campaign. For example, an organization may use a Manager Certification as a way of showing that a user's access has been reviewed and approved by their manager, or if the certification is part of a campaign, that the user's access has been reviewed and approved by multiple managers. Once this certification has been completed, Identity Security Cloud would provision all the access the user needs, nothing more. Certification summaries provide information about identity certification campaigns such as the identities involved, the number of decisions made, and the access changed. For example, an administrator or designated certification reviewer can examine the Manager Certification campaign to get an overview of how many entitlement decisions are made in that campaign as opposed to role decisions, which identities would be affected by changes to the campaign, and how those identities' access would be affected. - name: Certifications description: | Use this API to implement certification functionality. With this functionality in place, administrators and designated certification reviewers can review users' access certifications and decide whether to approve access, revoke it, or reassign the review to another reviewer. Implementing certifications improves organizations' data security by reducing inappropriate access through a distributed review process and helping them satisfy audit and regulatory requirements. A certification refers to Identity Security Cloud's mechanism for reviewing a user's access to entitlements (sets of permissions) and approving or removing that access. These serve as a way of showing that a user's access has been reviewed and approved. Multiple certifications by different reviewers are often required to approve a user's access. A set of multiple certifications is called a certification campaign. For example, an organization may use a Manager Certification as a way of showing that a user's access has been reviewed and approved by their manager, or if the certification is part of a campaign, that the user's access has been reviewed and approved by multiple managers. Once this certification has been completed, Identity Security Cloud would provision all the access the user needs, nothing more. Organization administrators or certification administrators can designate other Identity Security Cloud users as certification reviewers. Those reviewers can select the 'Certifications' tab to view any of the certifications they either need to review or have already reviewed under the 'Active' and 'Completed' tabs, respectively. When a certification campaign is in progress, certification reviewers will see certifications listed under 'Active,' where they can review the involved identities. Under the 'Decision' column on the right, next to each access item, reviewers can select the checkmark to approve access, select the 'X' to revoke access, or they can toggle the 'More Options' menu to reassign the certification to another reviewer and provide a reason for reassignment in the form of a comment. Once a reviewer has made decisions on all the certification's involved access items, he or she must select 'Sign Off' to complete the review process. Doing so converts the certification into read-only status, preventing any further changes to the review decisions and deleting the work item (task) from the reviewer's list of work items. Once all the reviewers have signed off, the certification campaign either completes or, if any reviewers decided to revoke access for any of the involved identities, it moves into a remediation phase. In the remediation phase, identities' entitlements are altered to remove any entitlements marked for revocation. In this situation, the certification campaign completes once all the remediation requests are completed. - name: Configuration Hub description: | Upload configurations and manage object mappings between tenants. Configuration files can be managed and deployed using Configuration Hub by uploading a JSON file which contains configuration data. The function of object mapping allows objects with varying names and IDs to be compared. While objects are compared, a user can replace a value in the source tenant with a new value. Object mapping also helps in locating referenced objects to the source object during the drafting process. Refer to [Uploading a Configuration File](https://documentation.sailpoint.com/saas/help/confighub/config_hub.html#uploading-a-configuration-file) for more information about uploading Configuration Files Refer to [Mapping Objects](https://documentation.sailpoint.com/saas/help/confighub/config_hub.html#mapping-objects) for more information about object mappings. - name: Connectors description: | Use this API to implement connector functionality. With this functionality in place, administrators can view available connectors. Connectors are the bridges Identity Security Cloud uses to communicate with and aggregate data from sources. For example, if it is necessary to set up a connection between Identity Security Cloud and the Active Directory source, a connector can bridge the two and enable Identity Security Cloud to synchronize data between the systems. This ensures account entitlements and states are correct throughout the organization. In Identity Security Cloud, administrators can use the Connections drop-down menu and select Sources to view the available source connectors. Refer to [Identity Security Cloud Connectors](https://documentation.sailpoint.com/connectors/identitynow/landingpages/help/landingpages/identitynow_connectivity_landing.html) for more information about the connectors available in Identity Security Cloud. Refer to [SaaS Connectivity](https://developer.sailpoint.com/docs/connectivity/saas-connectivity/) for more information about the SaaS custom connectors that do not need VAs (virtual appliances) to communicate with their sources. Refer to [Managing Sources](https://documentation.sailpoint.com/saas/help/sources/index.html) for more information about using connectors in Identity Security Cloud. - name: Global Tenant Security Settings description: | Use this API to implement and customize global tenant security settings. With this functionality in place, administrators can manage the global security settings that a tenant/org has. This API can be used to configure the networks and Geographies allowed to access Identity Security Cloud URLs. - name: Identity Profiles description: | Use this API to implement identity profile functionality. With this functionality in place, administrators can view identity profiles and their configurations. Identity profiles represent the configurations that can be applied to identities as a way of granting them a set of security and access, as well as defining the mappings between their identity attributes and their source attributes. In Identity Security Cloud, administrators can use the Identities drop-down menu and select Identity Profiles to view the list of identity profiles. This list shows some details about each identity profile, along with its status. They can select an identity profile to view its settings, its mappings between identity attributes and correlating source account attributes, and its provisioning settings. Refer to [Creating Identity Profiles](https://documentation.sailpoint.com/saas/help/setup/identity_profiles.html) for more information about identity profiles. - name: Lifecycle States description: | Use this API to implement and customize lifecycle state functionality. With this functionality in place, administrators can create and configure custom lifecycle states for use across their organizations, which is key to controlling which users have access, when they have access, and the access they have. A lifecycle state describes a user's status in a company. For example, two lifecycle states come by default with Identity Security Cloud: 'Active' and 'Inactive.' When an active employee takes an extended leave of absence from a company, his or her lifecycle state may change to 'Inactive,' for security purposes. The inactive employee would lose access to all the applications, sources, and sensitive data during the leave of absence, but when the employee returns and becomes active again, all that access would be restored. This saves administrators the time that would otherwise be spent provisioning the employee's access to each individual tool, reviewing the employee's certification history, etc. Administrators can create a variety of custom lifecycle states. Refer to [Planning New Lifecycle States](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html#planning-new-lifecycle-states) for some custom lifecycle state ideas. Administrators must define the criteria for being in each lifecycle state, and they must define how Identity Security Cloud manages users' access to apps and sources for each lifecycle state. In Identity Security Cloud, administrators can manage lifecycle states by going to Admin > Identities > Identity Profile, selecting the identity profile whose lifecycle states they want to manage, selecting the 'Provisioning' tab, and using the left panel to either select the lifecycle state they want to modify or create a new lifecycle state. In the 'Provisioning' tab, administrators can make the following access changes to an identity profile's lifecycle state: - Enable/disable the lifecycle state for the identity profile. - Enable/disable source accounts for the identity profile's lifecycle state. - Add existing access profiles to grant to the identity profiles in that lifecycle state. - Create a new access profile to grant to the identity profile in that lifecycle state. Access profiles granted in a previous lifecycle state are automatically revoked when the identity moves to a new lifecycle state. To maintain access across multiple lifecycle states, administrators must grant the access profiles in each lifecycle state. For example, if an administrator wants users with the 'HR Employee' identity profile to maintain their building access in both the 'Active' and 'Leave of Absence' lifecycle states, the administrator must grant the access profile for that building access to both lifecycle states. During scheduled refreshes, Identity Security Cloud evaluates lifecycle states to determine whether their assigned identities have the access defined in the lifecycle states' access profiles. If the identities are missing access, Identity Security Cloud provisions that access. Administrators can also use the 'Provisioning' tab to configure email notifications for Identity Security Cloud to send whenever an identity with that identity profile has a lifecycle state change. Refer to [Configuring Lifecycle State Notifications](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html#configuring-lifecycle-state-notifications) for more information on how to do so. An identity's lifecycle state can have four different statuses: the lifecycle state's status can be 'Active,' it can be 'Not Set,' it can be 'Not Valid,' or it 'Does Not Match Technical Name Case.' Refer to [Moving Identities into Lifecycle States](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html#moving-identities-into-lifecycle-states) for more information about these different lifecycle state statuses. Refer to [Setting Up Lifecycle States](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html) for more information about lifecycle states. - name: Managed Clients description: | Use this API to implement managed client functionality. With this functionality in place, administrators can modify and delete existing managed clients, create new ones, and view and make changes to their log configurations. - name: Managed Clusters description: | Use this API to implement managed cluster functionality. With this functionality in place, administrators can modify and delete existing managed clients, get their statuses, and create new ones. - name: MFA Configuration description: Configure and test multifactor authentication (MFA) methods - name: MFA Controller description: This API used for multifactor authentication functionality belong to gov-multi-auth service. This controller allow you to verify authentication by specified method - name: Non-Employee Lifecycle Management description: | Use this API to implement non-employee lifecycle management functionality. With this functionality in place, administrators can create non-employee records and configure them for use in their organizations. This allows organizations to provide secure access to non-employees and control that access. The 'non-employee' term refers to any consultant, contractor, intern, or other user in an organization who is not a full-time permanent employee. Organizations can track non-employees' access and activity in Identity Security Cloud by creating and maintaining non-employee sources. Organizations can have a maximum of 50 non-employee sources. By using SailPoint's Non-Employee Lifecycle Management functionality, you agree to the following: - SailPoint is not responsible for storing sensitive data. You may only add account attributes to non-employee identities that are necessary for business operations and are consistent with your contractual limitations on data that may be sent or stored in Identity Security Cloud. - You are responsible for regularly downloading your list of non-employee accounts for all the sources you create and storing this list of accounts in a managed location to maintain an authoritative system of record and backup data for these accounts. To manage non-employees in Identity Security Cloud, administrators must create a non-employee source and add accounts to the source. To create a non-employee source in Identity Security Cloud, administrators must use the Admin panel to go to Connections > Sources. They must then specify 'Non-Employee' in the 'Source Type' field. Refer to [Creating a Non-Employee Source](https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html#creating-a-non-employee-source) for more details about how to create non-employee sources. To add accounts to a non-employee source in Identity Security Cloud, administrators can select the non-employee source and add the accounts. They can also use the 'Manage Non-Employees' widget on their user dashboards to reach the list of sources and then select the non-employee source they want to add the accounts to. Administrators can either add accounts individually or in bulk. Each non-employee source can have a maximum of 20,000 accounts. To add accounts in bulk, they must select the 'Bulk Upload' option and upload a CSV file. Refer to [Adding Accounts](https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html#adding-accounts) for more details about how to add accounts to non-employee sources. Once administrators have created the non-employee source and added accounts to it, they can create identity profiles to generate identities for the non-employee accounts and manage the non-employee identities the same way they would any other identities. Refer to [Managing Non-Employee Sources and Accounts](https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html) for more information about non-employee lifecycle management. - name: OAuth Clients description: | Use this API to implement OAuth client functionality. With this functionality in place, users with the appropriate security scopes can create and configure OAuth clients to use as a way to obtain authorization to use the Identity Security Cloud REST API. Refer to [Authentication](https://developer.sailpoint.com/docs/api/authentication/) for more information about OAuth and how it works with the Identity Security Cloud REST API. - name: Password Configuration description: | Use this API to implement organization password configuration functionality. With this functionality in place, organization administrators can create organization-specific password configurations. These configurations include details like custom password instructions, as well as digit token length and duration. Refer to [Configuring User Authentication for Password Resets](https://documentation.sailpoint.com/saas/help/pwd/pwd_reset.html) for more information about organization password configuration functionality. - name: Password Dictionary description: | Use this API to implement password dictionary functionality. With this functionality in place, administrators can create password dictionaries to prevent users from using certain words or characters in their passwords. A password dictionary is a list of words or characters that users are prevented from including in their passwords. This can help protect users from themselves and force them to create passwords that are not easy to break. A password dictionary must meet the following requirements to for the API to handle them correctly: - It must be in .txt format. - All characters must be UTF-8 characters. - Each line must contain a single word or character with no spaces or whitespace characters. - It must contain at least one line other than the locale string. - Each line must not exceed 128 characters. - The file must not exceed 2500 lines. Administrators should also consider the following when they create their dictionaries: - Lines starting with a # represent comments. - All words in the password dictionary are case-insensitive. For example, adding the word "password" to the dictionary also disallows the following: PASSWORD, Password, and PassWord. - The dictionary uses substring matching. For example, adding the word "spring" to the dictionary also disallows the following: Spring124, 345SprinG, and 8spring. Users can then select 'Change Password' to update their passwords. Administrators must do the following to create a password dictionary: - Create the text file that will contain the prohibited password values. - If the dictionary is not in English, they must add a locale string to the top line: locale:`languageCode`_`countryCode` The languageCode value refers to the language's 2-letter ISO 639-1 code. The countryCode value refers to the country's 2-letter ISO 3166-1 code. Refer to this list https://docs.oracle.com/cd/E13214_01/wli/docs92/xref/xqisocodes.html to see all the available ISO 639-1 language codes and ISO 3166-1 country codes. - Upload the .txt file to Identity Security Cloud with [Update Password Dictionary](https://developer.sailpoint.com/docs/api/v3/put-password-dictionary). Uploading a new file always overwrites the previous dictionary file. Administrators can then specify which password policies check new passwords against the password dictionary by doing the following: In the Admin panel, they can use the Password Mgmt dropdown menu to select Policies, select the policy, and select the 'Prevent use of words in this site's password dictionary' checkbox beside it. Refer to [Configuring Advanced Password Management Options](https://documentation.sailpoint.com/saas/help/pwd/adv_config.html) for more information about password dictionaries. - name: Password Management description: | Use this API to implement password management functionality. With this functionality in place, users can manage their identity passwords for all their applications. In Identity Security Cloud, users can select their names in the upper right corner of the page and use the drop-down menu to select Password Manager. Password Manager lists the user's identity's applications, possibly grouped to share passwords. Users can then select 'Change Password' to update their passwords. Grouping passwords allows users to update their passwords more broadly, rather than requiring them to update each password individually. Password Manager may list the applications and sources in the following groups: - Password Group: This refers to a group of applications that share a password. For example, a user can use the same password for Google Drive, Google Mail, and YouTube. Updating the password for the password group updates the password for all its included applications. - Multi-Application Source: This refers to a source with multiple applications that share a password. For example, a user can have a source, G Suite, that includes the Google Calendar, Google Drive, and Google Mail applications. Updating the password for the multi-application source updates the password for all its included applications. - Applications: These are applications that do not share passwords with other applications. An organization may require some authentication for users to update their passwords. Users may be required to answer security questions or use a third-party authenticator before they can confirm their updates. Refer to [Managing Passwords](https://documentation.sailpoint.com/saas/user-help/accounts/passwords.html) for more information about password management. - name: Password Policies description: | Use these APIs to implement password policies functionality. These APIs allow you to define the policy parameters for choosing passwords. IdentityNow comes with a default policy that you can modify to define the password requirements your users must meet to log in to IdentityNow, such as requiring a minimum password length, including special characters, and disallowing certain patterns. If you have licensed Password Management, you can create additional password policies beyond the default one to manage passwords for supported sources in your org. In the Identity Security Cloud Admin panel, administrators can use the Password Mgmt dropdown menu to select Sync Groups. Refer to [Managing Password Policies](https://documentation.sailpoint.com/saas/help/pwd/pwd_policies/pwd_policies.html) for more information about password policies. - name: Password Sync Groups description: | Use this API to implement password sync group functionality. With this functionality in place, administrators can group sources into password sync groups so that all their applications share the same password. This allows users to update the password for all the applications in a sync group if they want, rather than updating each password individually. A password sync group is a group of applications that shares a password. Administrators create these groups by grouping the applications' sources. For example, an administrator can group the ActiveDirectory, GitHub, and G Suite sources together so that all those sources' applications can also be grouped to share a password. A user can then update his or her password for ActiveDirectory, GitHub, Gmail, Google Drive, and Google Calendar all at once, rather then updating each one individually. The following are required for administrators to create a password sync group in Identity Security Cloud: - At least two direct connect sources connected to Identity Security Cloud and configured for Password Management. - Each authentication source in a sync group must have at least one application. Refer to [Adding and Resetting Application Passwords](https://documentation.sailpoint.com/saas/help/pwd/adv_config.html#adding-and-resetting-application-passwords) for more information about adding applications to sources. - At least one password policy. Refer to [Managing Password Policies](https://documentation.sailpoint.com/saas/help/pwd/pwd_policies/index.html) for more information about password policies. In the Admin panel in Identity Security Cloud, administrators can use the Password Mgmt dropdown menu to select Sync Groups. To create a sync group, administrators must provide a name, choose a password policy to be enforced across the sources in the sync group, and select the sources to include in the sync group. Administrators can also delete sync groups in Identity Security Cloud, but they should know the following before they do: - Passwords related to the associated sources will become independent, so changing one will not change the others anymore. - Passwords for the sources' connected applications will also become independent. - Password policies assigned to the sync group are then assigned directly to the associated sources. To change the password policy for a source, administrators must edit it directly. Once the password sync group has been created, users can update the password for the group in Password Manager. Refer to [Managing Password Sync Groups](https://documentation.sailpoint.com/saas/help/pwd/sync_grps.html) for more information about password sync groups. - name: Personal Access Tokens description: | Use this API to implement personal access token (PAT) functionality. With this functionality in place, users can use PATs as an alternative to passwords for authentication in Identity Security Cloud. PATs embed user information into the client ID and secret. This replaces the API clients' need to store and provide a username and password to establish a connection, improving Identity Security Cloud organizations' integration security. In Identity Security Cloud, users can do the following to create and manage their PATs: Select the dropdown menu under their names, select Preferences, and then select Personal Access Tokens. They must then provide a description about the token's purpose. They can then select 'Create Token' at the bottom of the page to generate and view the Secret and Client ID. Refer to [Managing Personal Access Tokens](https://documentation.sailpoint.com/saas/help/common/api_keys.html?h=token#generating-a-personal-access-token) for more information about PATs. - name: Public Identities description: | Use this API in conjunction with [Public Identites Config](https://developer.sailpoint.com/docs/api/v3/public-identities-config/) to enable non-administrators to view identities' publicly visible attributes. With this functionality in place, non-administrators can view identity attributes other than the default attributes (email, lifecycle state, and manager), depending on which identity attributes their organization administrators have made public. This can be helpful for access approvers, certification reviewers, managers viewing their direct reports' access, and source owners viewing their tasks. - name: Public Identities Config description: | Use this API to implement public identity configuration functionality. With this functionality in place, administrators can make up to 5 identity attributes publicly visible so other non-administrator users can see the relevant information they need to make decisions. This can be helpful for approvers making approvals, certification reviewers, managers viewing their direct reports' access, and source owners viewing their tasks. By default, non-administrators can select an identity and view the following attributes: email, lifecycle state, and manager. However, it may be helpful for a non-administrator reviewer to see other identity attributes like department, region, title, etc. Administrators can use this API to make those necessary identity attributes public to non-administrators. For example, a non-administrator deciding whether to approve another identity's request for access to the Workday application, whose access may be restricted to members of the HR department, would want to know whether the identity is a member of the HR department. If an administrator has used [Update Public Identity Config](https://developer.sailpoint.com/docs/api/v3/update-public-identity-config/) to make the "department" attribute public, the approver can see the department and make a decision without requesting any more information. - name: Reports Data Extraction description: | Use this API to implement reports lifecycle managing and monitoring. With this functionality in place, users can run reports, view their results, and cancel reports in progress. This can be potentially helpful for auditing purposes. - name: Requestable Objects description: | Use this API to implement requestable object functionality. With this functionality in place, administrators can determine which access items can be requested with the [Access Request APIs](https://developer.sailpoint.com/docs/api/v3/access-requests/), along with their statuses. This can be helpful for administrators who are implementing and customizing access request functionality as a way of checking which items are requestable as they are created, assigned, and made available. - name: Roles description: | Use this API to implement and customize role functionality. With this functionality in place, administrators can create roles and configure them for use throughout Identity Security Cloud. Identity Security Cloud can use established criteria to automatically assign the roles to qualified users. This enables users to get all the access they need quickly and securely and administrators to spend their time on other tasks. Entitlements represent the most granular level of access in Identity Security Cloud. Access profiles represent the next level and often group entitlements. Roles represent the broadest level of access and often group access profiles. For example, an Active Directory source in Identity Security Cloud can have multiple entitlements: the first, 'Employees,' may represent the access all employees have at the organization, and a second, 'Developers,' may represent the access all developers have at the organization. An administrator can then create a broader set of access in the form of an access profile, 'AD Developers' grouping the 'Employees' entitlement with the 'Developers' entitlement. An administrator can then create an even broader set of access in the form of a role grouping the 'AD Developers' access profile with another profile, 'GitHub Developers,' grouping entitlements for the GitHub source. When users only need Active Directory employee access, they can request access to the 'Employees' entitlement. When users need both Active Directory employee and developer access, they can request access to the 'AD Developers' access profile. When users need both the 'AD Developers' access profile and the 'GitHub Developers' access profile, they can request access to the role grouping both. Roles often represent positions within organizations. For example, an organization's accountant can access all the tools the organization's accountants need with the 'Accountant' role. If the accountant switches to engineering, a qualified member of the organization can quickly revoke the accountant's 'Accountant' access and grant access to the 'Engineer' role instead, granting access to all the tools the organization's engineers need. In Identity Security Cloud, adminstrators can use the Access drop-down menu and select Roles to view, configure, and delete existing roles, as well as create new ones. Administrators can enable and disable the role, and they can also make the following configurations: - Manage Access: Manage the role's access by adding or removing access profiles. - Define Assignment: Define the criteria Identity Security Cloud uses to assign the role to identities. Use the first option, 'Standard Criteria,' to provide specific criteria for assignment like specific account attributes, entitlements, or identity attributes. Use the second, 'Identity List,' to specify the identities for assignment. - Access Requests: Configure roles to be requestable and establish an approval process for any requests that the role be granted or revoked. Do not configure a role to be requestable without establishing a secure access request approval process for that role first. Refer to [Working with Roles](https://documentation.sailpoint.com/saas/help/access/roles.html) for more information about roles. - name: Saved Search description: | Use this API to implement saved search functionality. With saved search functionality in place, users can save search queries and then view those saved searches, as well as rerun them. Search queries in Identity Security Cloud can grow very long and specific, which can make reconstructing them difficult or tedious, so it can be especially helpful to save search queries. It also opens the possibility to configure Identity Security Cloud to run the saved queries on a schedule, which is essential to detecting user information and access changes throughout an organization's tenant and across all its sources. Refer to [Scheduled Search](https://developer.sailpoint.com/docs/api/v3/scheduled-search/) for more information about running saved searches on a schedule. In Identity Security Cloud, users can save searches under a name, and then they can access that saved search and run it again when they want. Refer to [Managing Saved Searches](https://documentation.sailpoint.com/saas/help/search/saved-searches.html) for more information about saving searches and using them. - name: Scheduled Search description: | Use this API to implement scheduled search functionality. With scheduled search functionality in place, users can run saved search queries on their tenants on a schedule, and Identity Security Cloud emails them the search results. Users can also share these search results with other users by email by adding those users as subscribers, or those users can subscribe themselves. One of the greatest benefits of saving searches is the ability to run those searches on a schedule. This is essential for organizations to constantly detect any changes to user information or access throughout their tenants and across all their sources. For example, the manager Amanda Ross can schedule a saved search "manager.name:amanda.ross AND attributes.location:austin" on a schedule to regularly stay aware of changes with the Austin employees reporting to her. Identity Security Cloud emails her the search results when the search runs, so she can work on other tasks instead of actively running this search. In Identity Security Cloud, scheduling a search involves a subscription. Users can create a subscription for a saved search and schedule it to run daily, weekly, or monthly (you can only use one schedule option at a time). The user can add other identities as subscribers so when the scheduled search runs, the subscribers and the user all receive emails. By default, subscriptions exclude detailed results from the emails, for security purposes. Including detailed results about user access in an email may expose sensitive information. However, the subscription creator can choose to include the information in the emails. By default, Identity Security Cloud sends emails to the subscribers even when the searches do not return new results. However, the subscription creator can choose to suppress these empty emails. Users can also subscribe to saved searches that already have existing subscriptions so they receive emails when the searches run. A saved search can have up to 10 subscriptions configured at a time. The subscription creator can enable, disable, or delete the subscription. Refer to [Subscribing to Saved Searches](https://documentation.sailpoint.com/saas/help/search/saved-searches.html#subscribing-to-saved-searches) for more information about scheduling searches and subscribing to them. - name: Search description: | Use this API to implement search functionality. With search functionality in place, users can search their tenants for nearly any information from throughout their organizations. Identity Security Cloud enables organizations to store user data from across all their connected sources and manage the users' access, so the ability to query and filter that data is essential. Its search goes through all those sources and finds the results quickly and specifically. The search query is flexible - it can be very broad or very narrow. The search only returns results for searchable objects it is filtering for. The following objects are searchable: identities, roles, access profiles, entitlements, events, and account activities. By default, no filter is applied, so a search for "Ad" returns both the identity "Adam.Archer" as well as the role "Administrator." Users can further narrow their results by using Identity Security Cloud's specific syntax and punctuation to structure their queries. For example, the query "attributes.location:austin AND NOT manager.name:amanda.ross" returns all results associated with the Austin location, but it excludes those associated with the manager Amanda Ross. Refer to [Building a Search Query](https://documentation.sailpoint.com/saas/help/search/building-query.html) for more information about how to construct specific search queries. Refer to [Using Search](https://documentation.sailpoint.com/saas/help/search/index.html) for more information about Identity Security Cloud's search and its different possibilities. The search feature uses Elasticsearch as a datastore and query engine. The power of Elasticsearch makes this feature suitable for ad-hoc reporting. However, data from the operational databases (ex. identities, roles, events, etc) has to be ingested into Elasticsearch. This ingestion process introduces a latency from when the operational data is created to when it is available in search. Depending on the system load, this can take a few seconds to a few minutes. Please keep this latency in mind when you use search. - name: Search Attribute Configuration description: | Use this API to implement search attribute configuration functionality, along with [Search](https://developer.sailpoint.com/docs/api/v3/search). With this functionality in place, administrators can create custom search attributes that and run extended searches based on those attributes to further narrow down their searches and get the information and insights they want. Identity Security Cloud (ISC) enables organizations to store user data from across all their connected sources and manage the users' access, so the ability to query and filter that data is essential. Its search goes through all those sources and finds the results quickly and specifically. The search query is flexible - it can be very broad or very narrow. The search only returns results for searchable objects it is filtering for. The following objects are searchable: identities, roles, access profiles, entitlements, events, and account activities. By default, no filter is applied, so a search for "Ad" returns both the identity "Adam.Archer" as well as the role "Administrator." Users can further narrow their results by using ISC's specific syntax and punctuation to structure their queries. For example, the query "attributes.location:austin AND NOT manager.name:amanda.ross" returns all results associated with the Austin location, but it excludes those associated with the manager Amanda Ross. Refer to [Building a Search Query](https://documentation.sailpoint.com/saas/help/search/building-query.html) for more information about how to construct specific search queries. Refer to [Search Attribute Configuration](https://developer.sailpoint.com/docs/extensibility/rules/rule-utility/#configuration-of-search-attributes-within-identity-security-cloud) for more information about ISC's search and its different possibilities. With Search Attribute Configuration, administrators can create, manage, and run searches based on the attributes they want to search. - name: Segments description: | Use this API to implement and customize access request segment functionality. With this functionality in place, administrators can create and manage access request segments. Segments provide organizations with a way to make the access their users have even more granular - this can simply the access request process for the organization's users and improves security by reducing the risk of overprovisoning access. Segments represent sets of identities, all grouped by specified identity attributes, who are only able to see and access the access items associated with their segments. For example, administrators could group all their organization's London office employees into one segment, "London Office Employees," by their shared location. The administrators could then define the access items the London employees would need, and the identities in the "London Office Employees" would then only be able to see and access those items. In Identity Security Cloud, administrators can use the 'Access' drop-down menu and select 'Segments' to reach the 'Access Requests Segments' page. This page lists all the existing access request segments, along with their statuses, enabled or disabled. Administrators can use this page to create, edit, enable, disable, and delete segments. To create a segment, an administrator must provide a name, define the identities grouped in the segment, and define the items the identities in the segment can access. These items can be access profiles, roles, or entitlements. When administrators use the API to create and manage segments, they use a JSON expression in the `visibilityCriteria` object to define the segment's identities and access items. Refer to [Managing Access Request Segments](https://documentation.sailpoint.com/saas/help/requests/segments.html) for more information about segments in Identity Security Cloud. - name: Service Desk Integration description: | Use this API to build an integration between Identity Security Cloud and a service desk ITSM (IT service management) solution. Once an administrator builds this integration between Identity Security Cloud and a service desk, users can use Identity Security Cloud to raise and track tickets that are synchronized between Identity Security Cloud and the service desk. In Identity Security Cloud, administrators can create a service desk integration (sometimes also called an SDIM, or Service Desk Integration Module) by going to Admin > Connections > Service Desk and selecting 'Create.' To create a Generic Service Desk integration, for example, administrators must provide the required information on the General Settings page, the Connectivity and Authentication information, Ticket Creation information, Status Mapping information, and Requester Source information on the Configure page. Refer to [Integrating SailPoint with Generic Service Desk](https://documentation.sailpoint.com/connectors/generic_sd/help/integrating_generic_service_desk/intro.html) for more information about the process of setting up a Generic Service Desk in Identity Security Cloud. Administrators can create various service desk integrations, all with their own nuances. The following service desk integrations are available: - [Atlassian Cloud Jira Service Management](https://documentation.sailpoint.com/connectors/atlassian/jira_cloud/help/integrating_jira_cloud_sd/introduction.html) - [Atlassian Server Jira Service Management](https://documentation.sailpoint.com/connectors/atlassian/jira_server/help/integrating_jira_server_sd/introduction.html) - [BMC Helix ITSM Service Desk](https://documentation.sailpoint.com/connectors/bmc/helix_ITSM_sd/help/integrating_bmc_helix_itsm_sd/intro.html) - [BMC Helix Remedyforce Service Desk](https://documentation.sailpoint.com/connectors/bmc/helix_remedyforce_sd/help/integrating_bmc_helix_remedyforce_sd/intro.html) - [Generic Service Desk](https://documentation.sailpoint.com/connectors/generic_sd/help/integrating_generic_service_desk/intro.html) - [ServiceNow Service Desk](https://documentation.sailpoint.com/connectors/servicenow/sdim/help/integrating_servicenow_sdim/intro.html) - [Zendesk Service Desk](https://documentation.sailpoint.com/connectors/zendesk/help/integrating_zendesk_sd/introduction.html) - name: SOD Policies description: | Use this API to implement and manage "separation of duties" (SOD) policies. With SOD policy functionality in place, administrators can organize the access in their tenants to prevent individuals from gaining conflicting or excessive access. "Separation of duties" refers to the concept that people shouldn't have conflicting sets of access - all their access should be configured in a way that protects your organization's assets and data. For example, people who record monetary transactions shouldn't be able to issue payment for those transactions. Any changes to major system configurations should be approved by someone other than the person requesting the change. Organizations can use "separation of duties" (SOD) policies to enforce and track their internal security rules throughout their tenants. These SOD policies limit each user's involvement in important processes and protects the organization from individuals gaining excessive access. To create SOD policies in Identity Security Cloud, administrators use 'Search' and then access 'Policies'. To create a policy, they must configure two lists of access items. Each access item can only be added to one of the two lists. They can search for the entitlements they want to add to these access lists. >Note: You can have a maximum of 500 policies of any type (including general policies) in your organization. In each access-based SOD policy, you can have a maximum of 50 entitlements in each access list. Once a SOD policy is in place, if an identity has access items on both lists, a SOD violation will trigger. These violations are included in SOD violation reports that other users will see in emails at regular intervals if they're subscribed to the SOD policy. The other users can then better help to enforce these SOD policies. To create a subscription to a SOD policy in Identity Security Cloud, administrators use 'Search' and then access 'Layers'. They can create a subscription to the policy and schedule it to run at a regular interval. Refer to [Managing Policies](https://documentation.sailpoint.com/saas/help/sod/manage-policies.html) for more information about SOD policies. Refer to [Subscribe to a SOD Policy](https://documentation.sailpoint.com/saas/help/sod/policy-violations.html#subscribe-to-an-sod-policy) for more information about SOD policy subscriptions. - name: SOD Violations description: | Use this API to check for current "separation of duties" (SOD) policy violations as well as potential future SOD policy violations. With SOD violation functionality in place, administrators can get information about current SOD policy violations and predict whether an access change will trigger new violations, which helps to prevent them from occurring at all. "Separation of duties" refers to the concept that people shouldn't have conflicting sets of access - all their access should be configured in a way that protects your organization's assets and data. For example, people who record monetary transactions shouldn't be able to issue payment for those transactions. Any changes to major system configurations should be approved by someone other than the person requesting the change. Organizations can use "separation of duties" (SOD) policies to enforce and track their internal security rules throughout their tenants. These SOD policies limit each user's involvement in important processes and protects the organization from individuals gaining excessive access. Once a SOD policy is in place, if an identity has conflicting access items, a SOD violation will trigger. These violations are included in SOD violation reports that other users will see in emails at regular intervals if they're subscribed to the SOD policy. The other users can then better help to enforce these SOD policies. Administrators can use the SOD violations APIs to check a set of identities for any current SOD violations, and they can use them to check whether adding an access item would potentially trigger a SOD violation. This second option is a good way to prevent SOD violations from triggering at all. Refer to [Handling Policy Violations](https://documentation.sailpoint.com/saas/help/sod/policy-violations.html) for more information about SOD policy violations. - name: Source Usages description: | Use this API to implement source usage insight functionality. With this functionality in place, administrators can gather information and insights about how their tenants' sources are being used. This allows organizations to get the information they need to start optimizing and securing source usage. - name: Sources description: | Use this API to implement and customize source functionality. With source functionality in place, organizations can use Identity Security Cloud to connect their various sources and user data sets and manage access across all those different sources in a secure, scalable way. [Sources](https://documentation.sailpoint.com/saas/help/sources/index.html) refer to the Identity Security Cloud representations for external applications, databases, and directory management systems that maintain their own sets of users, like Dropbox, GitHub, and Workday, for example. Organizations may use hundreds, if not thousands, of different source systems, and any one employee within an organization likely has a different user record on each source, often with different permissions on many of those records. Connecting these sources to Identity Security Cloud makes it possible to manage user access across them all. Then, if a new hire starts at an organization, Identity Security Cloud can grant the new hire access to all the sources they need. If an employee moves to a new department and needs access to new sources but no longer needs access to others, Identity Security Cloud can grant the necessary access and revoke the unnecessary access for all the employee's various sources. If an employee leaves the company, Identity Security Cloud can revoke access to all the employee's various source accounts immediately. These are just a few examples of the many ways that source functionality makes identity governance easier, more efficient, and more secure. In Identity Security Cloud, administrators can create configure, manage, and edit sources, and they can designate other users as source admins to be able to do so. They can also designate users as source sub-admins, who can perform the same source actions but only on sources associated with their governance groups. Admins go to Connections > Sources to see a list of the existing source representations in their organizations. They can create new sources or select existing ones. To create a new source, the following must be specified: Source Name, Description, Source Owner, and Connection Type. Refer to [Configuring a Source](https://documentation.sailpoint.com/saas/help/accounts/loading_data.html#configuring-a-source) for more information about the source configuration process. Identity Security Cloud connects with its sources either by a direct communication with the source server (connection information specific to the source must be provided) or a flat file feed, a CSV file containing all the relevant information about the accounts to be loaded in. Different sources use different connectors to share data with Identity Security Cloud, and each connector's setup process is specific to that connector. SailPoint has built a number of connectors to come out of the box and connect to the most common sources, and SailPoint actively maintains these connectors. Refer to [Identity Security Cloud Connectors](https://documentation.sailpoint.com/connectors/identitynow/landingpages/help/landingpages/identitynow_connectivity_landing.html) for more information about these SailPoint supported connectors. Refer to the following links for more information about two useful connectors: - [JDBC Connector](https://documentation.sailpoint.com/connectors/jdbc/help/integrating_jdbc/introduction.html): This customizable connector an directly connect to databases that support JDBC (Java Database Connectivity). - [Web Services Connector](https://documentation.sailpoint.com/connectors/webservices/help/integrating_webservices/introduction.html): This connector can directly connect to databases that support Web Services. Refer to [SaaS Connectivity](https://developer.sailpoint.com/docs/connectivity/saas-connectivity/) for more information about SailPoint's new connectivity framework that makes it easy to build and manage custom connectors to SaaS sources. When admins select existing sources, they can view the following information about the source: - Associated connections (any associated identity profiles, apps, or references to the source in a transform). - Associated user accounts. These accounts are linked to their identities - this provides a more complete picture of each user's access across sources. - Associated entitlements (sets of access rights on sources). - Associated access profiles (groupings of entitlements). The user account data and the entitlements update with each data aggregation from the source. Organizations generally run scheduled, automated data aggregations to ensure that their data is always in sync between their sources and their Identity Security Cloud tenants so an access change on a source is detected quickly in Identity Security Cloud. Admins can view a history of these aggregations, and they can also run manual imports. Refer to [Loading Account Data](https://documentation.sailpoint.com/saas/help/accounts/loading_data.html) for more information about manual and scheduled aggregations. Admins can also make changes to determine which user account data Identity Security Cloud collects from the source and how it correlates that account data with identity data. To define which account attributes the source shares with Identity Security Cloud, admins can edit the account schema on the source. Refer to [Managing Source Account Schemas](https://documentation.sailpoint.com/saas/help/accounts/schema.html) for more information about source account schemas and how to edit them. To define the mapping between the source account attributes and their correlating identity attributes, admins can edit the correlation configuration on the source. Refer to [Assigning Source Accounts to Identities](https://documentation.sailpoint.com/saas/help/accounts/correlation.html) for more information about this correlation process between source accounts and identities. Admins can also delete sources, but they must first ensure that the sources no longer have any active connections: the source must not be associated with any identity profile or any app, and it must not be referenced by any transform. Refer to [Deleting Sources](https://documentation.sailpoint.com/saas/help/sources/index.html#deleting-sources) for more information about deleting sources. Well organized, mapped out connections between sources and Identity Security Cloud are essential to achieving comprehensive identity access governance across all the source systems organizations need. Refer to [Managing Sources](https://documentation.sailpoint.com/saas/help/sources/index.html) for more information about all the different things admins can do with sources once they are connected. - name: Tagged Objects description: | Use this API to implement object tagging functionality. With object tagging functionality in place, any user in an organization can use tags as a way to group objects together and find them more quickly when the user searches Identity Security Cloud. In Identity Security Cloud, users can search their tenants for information and add tags objects they find. Tagging an object provides users with a way of grouping objects together and makes it easier to find these objects in the future. For example, if a user is searching for an entitlement that grants a risky level of access to Active Directory, it's possible that the user may have to search through hundreds of entitlements to find the correct one. Once the user finds that entitlement, the user can add a tag to the entitlement, "AD_RISKY" to make it easier to find the entitlement again. The user can add the same tag to multiple objects the user wants to group together for an easy future search, and the user can also do so in bulk. When the user wants to find that tagged entitlement again, the user can search for "tags:AD_RISKY" to find all objects with that tag. With the API, you can tag even more different object types than you can in Identity Security Cloud (access profiles, entitlements, identities, and roles). You can use the API to tag all these objects: - Access profiles - Applications - Certification campaigns - Entitlements - Identities - Roles - SOD (separation of duties) policies - Sources You can also use the API to directly find, create, and manage tagged objects without using search queries. There are limits to tags: - You can have up to 500 different tags in your tenant. - You can apply up to 30 tags to one object. - You can have up to 10,000 tag associations, pairings of 1 tag to 1 object, in your tenant. Because of these limits, it is recommended that you work with your governance experts and security teams to establish a list of tags that are most expressive of governance objects and access managed by Identity Security Cloud. These are the types of information often expressed in tags: - Affected departments - Compliance and regulatory categories - Remediation urgency levels - Risk levels Refer to [Tagging Items in Search](https://documentation.sailpoint.com/saas/help/search/index.html?h=tags#tagging-items-in-search) for more information about tagging objects in Identity Security Cloud. - name: Transforms description: | The purpose of this API is to expose functionality for the manipulation of Transform objects. Transforms are a form of configurable objects which define an easy way to manipulate attribute data without having to write code. Refer to [Transforms](https://developer.sailpoint.com/docs/extensibility/transforms/) for more information about transforms. - name: Work Items description: | Use this API to implement work item functionality. With this functionality in place, users can manage their work items (tasks). Work items refer to the tasks users see in Identity Security Cloud's Task Manager. They can see the pending work items they need to complete, as well as the work items they have already completed. Task Manager lists the work items along with the involved sources, identities, accounts, and the timestamp when the work item was created. For example, a user may see a pending 'Create an Account' work item for the identity Fred.Astaire in GitHub for Fred's GitHub account, fred-astaire-sp. Once the user completes the work item, the work item will be listed with his or her other completed work items. To complete work items, users can use their dashboards and select the 'My Tasks' widget. The widget will list any work items they need to complete, and they can select the work item from the list to review its details. When they complete the work item, they can select 'Mark Complete' to add it to their list of completed work items. Refer to [Task Manager](https://documentation.sailpoint.com/saas/user-help/task_manager.html) for more information about work items, including the different types of work items users may need to complete. - name: Workflows description: | Workflows allow administrators to create custom automation scripts directly within Identity Security Cloud. These automation scripts respond to [event triggers](https://developer.sailpoint.com/docs/extensibility/event-triggers/#how-to-get-started-with-event-triggers) and perform a series of actions to perform tasks that are either too cumbersome or not available in the Identity Security Cloud UI. Workflows can be configured via a graphical user interface within Identity Security Cloud, or by creating and uploading a JSON formatted script to the Workflow service. The Workflows API collection provides the necessary functionality to create, manage, and test your workflows via REST. paths: /access-profiles: get: operationId: listAccessProfiles tags: - Access Profiles summary: List access profiles description: |- Get a list of access profiles. >**Note:** When you filter for access profiles that have the '+' symbol in their names, the response is blank. parameters: - in: query name: for-subadmin schema: type: string description: |- Filters the returned list according to what is visible to the indicated ROLE_SUBADMIN or SOURCE_SUBADMIN identity. The value of the parameter is either an identity ID or the special value **me**, which is shorthand for the calling identity's ID. If you specify an identity that isn't a subadmin, the API returns a 400 Bad Request error. example: 8c190e6787aa4ed9a90bd9d5344523fb required: false - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, sw* **created**: *gt, ge, le* **modified**: *gt, lt, ge, le* **owner.id**: *eq, in* **requestable**: *eq* **source.id**: *eq, in* Supported composite operators are *and, or* Filtering is not supported for access profiles and entitlements that have the '+' symbol in their names. example: name eq "SailPoint Support" required: false - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created, modified** example: name,-modified required: false - in: query name: for-segment-ids schema: type: string format: comma-separated description: |- Filters access profiles to only those assigned to the segment(s) with the specified IDs. If segmentation is currently unavailable, specifying this parameter results in an error. example: 0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d required: false - in: query name: include-unsegmented schema: type: boolean default: true description: Indicates whether the response list should contain unsegmented access profiles. If `for-segment-ids` is absent or empty, specifying *include-unsegmented* as `false` results in an error. example: false required: false responses: '200': description: List of access profiles. content: application/json: schema: type: array items: $ref: '#/components/schemas/AccessProfile' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:access-profile:read x-sailpoint-userLevels: - ORG_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN post: operationId: createAccessProfile tags: - Access Profiles summary: Create access profile description: |- Create an access profile. A user with `ROLE_SUBADMIN` or `SOURCE_SUBADMIN` authority must be associated with the access profile's source. The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing access profiles. However, any new access profiles as well as any updates to existing descriptions are limited to 2000 characters. >**Note:** To use this endpoint, you need all the listed scopes. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AccessProfile' responses: '201': description: Access profile created. content: application/json: schema: $ref: '#/components/schemas/AccessProfile' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:access-profile:manage - idn:entitlement:read - idn:identity:read - idn:sources:read x-sailpoint-userLevels: - ORG_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN /access-profiles/{id}: get: operationId: getAccessProfile tags: - Access Profiles summary: Get an access profile description: This API returns an Access Profile by its ID. parameters: - in: path name: id required: true x-sailpoint-resource-operation-id: listAccessProfiles schema: type: string description: ID of the Access Profile example: 2c9180837ca6693d017ca8d097500149 responses: '200': description: An AccessProfile content: application/json: schema: $ref: '#/components/schemas/AccessProfile' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:access-profile:read x-sailpoint-userLevels: - ORG_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN patch: operationId: patchAccessProfile tags: - Access Profiles summary: Patch a specified access profile description: |- This API updates an existing Access Profile. The following fields are patchable: **name** **description** **enabled** **owner** **requestable** **accessRequestConfig** **revokeRequestConfig** **segments** **entitlements** **provisioningCriteria** **source** (must be updated with entitlements belonging to new source in the same API call) If you need to change the `source` of the access profile, you can do so only if you update the `entitlements` in the same API call. The new entitlements can only come from the target source that you want to change to. Look for the example "Replace Source" in the examples dropdown. A user with SOURCE_SUBADMIN may only use this API to patch Access Profiles which are associated with Sources they are able to administer. > The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing access profiles, however, any new access profiles as well as any updates to existing descriptions will be limited to 2000 characters. > You can only add or replace **entitlements** that exist on the source that the access profile is attached to. You can use the **list entitlements** endpoint with the **filters** query parameter to get a list of available entitlements on the access profile's source. parameters: - name: id in: path description: ID of the Access Profile to patch required: true x-sailpoint-resource-operation-id: listAccessProfiles schema: type: string example: 2c91808a7813090a017814121919ecca requestBody: content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' examples: Add Entitlements: description: Add one or more entitlements to the end of the list value: - op: add path: /entitlements value: - id: 2c9180857725c14301772a93bb77242d type: ENTITLEMENT name: AD User Group Insert Entitlement: description: Add an entitlement at the beginning of the entitlement list value: - op: add path: /entitlements/0 value: id: 2c9180857725c14301772a93bb77242d type: ENTITLEMENT name: AD User Group Replace Entitlements: description: Replace all entitlements with a new list of entitlements value: - op: replace path: /entitlements value: - id: 2c9180857725c14301772a93bb77242d type: ENTITLEMENT name: AD User Group Remove Entitlement: description: Remove the first entitlement in the list value: - op: remove path: /entitlements/0 Replace Source: description: Change the source and the entitlements of the access profile value: - op: replace path: /source value: id: 2c9180887671ff8c01767b4671fb7d5e type: SOURCE name: Employees - op: replace path: /entitlements value: - id: 2c9180877677453d01767b4b08f63386 type: ENTITLEMENT name: DevRel required: true responses: '200': description: Responds with the Access Profile as updated. content: application/json: schema: $ref: '#/components/schemas/AccessProfile' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:access-profile:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN delete: operationId: deleteAccessProfile tags: - Access Profiles summary: Delete the specified access profile description: |- This API deletes an existing Access Profile. The Access Profile must not be in use, for example, Access Profile can not be deleted if they belong to an Application, Life Cycle State or a Role. If it is, a 400 error is returned. A user with SOURCE_SUBADMIN must be able to administer the Source associated with the Access Profile. parameters: - name: id in: path description: ID of the Access Profile to delete required: true x-sailpoint-resource-operation-id: listAccessProfiles schema: type: string example: 2c91808a7813090a017814121919ecca responses: '204': $ref: '#/components/responses/204' '400': description: Returned when an access profile cannot be deleted as it's being used. content: application/json: schema: $ref: '#/components/schemas/ErrorResponseDto' examples: 400.2.1.0 Object in use by another: description: Returned when an access profile cannot be deleted as it's being used value: detailCode: 400.2.1.0 Object in use by another trackingId: c9c1033c55b84ebc9e93e926dcf8b8b3 messages: - locale: en-US localeOrigin: DEFAULT text: The "testAccessProfile" access profile can't be deleted because it's in use. '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:access-profile:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN /access-profiles/bulk-delete: post: operationId: deleteAccessProfilesInBulk summary: Delete access profile(s) tags: - Access Profiles description: |- This endpoint initiates a bulk deletion of one or more access profiles. When the request is successful, the endpoint returns the bulk delete's task result ID. To follow the task, you can use [Get Task Status by ID](https://developer.sailpoint.com/docs/api/beta/get-task-status), which will return the task result's status and information. This endpoint can only bulk delete up to a limit of 50 access profiles per request. By default, if any of the indicated access profiles are in use, no deletions will be performed and the **inUse** field of the response indicates the usages that must be removed first. If the request field **bestEffortOnly** is **true**, however, usages are reported in the **inUse** response field but all other indicated access profiles will be deleted. A SOURCE_SUBADMIN user can only use this endpoint to delete access profiles associated with sources they're able to administer. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AccessProfileBulkDeleteRequest' example: bestEffortOnly: true accessProfileIds: - 2c91808876438bb2017668b91919ecca - 2c91808876438ba801766e129f151816 responses: '200': description: Returned only if **bestEffortOnly** is **false**, and one or more Access Profiles are in use. content: application/json: schema: $ref: '#/components/schemas/AccessProfileBulkDeleteResponse' example: pending: [] inUse: - accessProfileId: 2c91808876438ba801766e129f151816 usages: - type: Role id: 2c9180887643764201766e9f6e121518 '202': description: Returned if at least one deletion will be performed. content: application/json: schema: $ref: '#/components/schemas/AccessProfileBulkDeleteResponse' example: taskId: 2c91808a7813090a01781412a1119a20 pending: - 2c91808a7813090a017813fe1919ecca inUse: - accessProfileId: 2c91808876438ba801766e129f151816 usages: - type: Role id: 2c9180887643764201766e9f6e121518 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:access-profile:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN /access-profiles/{id}/entitlements: get: operationId: getAccessProfileEntitlements tags: - Access Profiles summary: List access profile's entitlements description: |- Use this API to get a list of an access profile's entitlements. A SOURCE_SUBADMIN user must have access to the source associated with the specified access profile. >**Note:** When you filter for access profiles that have the '+' symbol in their names, the response is blank. parameters: - name: id in: path description: ID of the access profile containing the entitlements. required: true x-sailpoint-resource-operation-id: listAccessProfiles schema: type: string example: 2c91808a7813090a017814121919ecca - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, sw* **attribute**: *eq, sw* **value**: *eq, sw* **created**: *gt, lt, ge, le* **modified**: *gt, lt, ge, le* **owner.id**: *eq, in* **source.id**: *eq, in* Filtering is not supported for access profiles and entitlements that have the '+' symbol in their names. example: attribute eq "memberOf" required: false - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, attribute, value, created, modified** example: name,-modified required: false responses: '200': description: List of entitlements. content: application/json: schema: type: array items: $ref: '#/components/schemas/Entitlement' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:access-profile:read x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN /access-requests: post: operationId: createAccessRequest security: - userAuth: - idn:access-request:manage x-sailpoint-userLevels: - ORG_ADMIN - USER summary: Submit access request tags: - Access Requests description: | Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes. :::info The ability to request access using this API is constrained by the Access Request Segments defined in the API token’s user context. ::: Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it doesn't return an error if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected. It's best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting an access request to ensure that you aren't requesting access that is already granted. If you use this API to request access that an identity already has, without changing the account details or end date information from the existing assignment, the API will cancel the request as a duplicate. There are two types of access request: __GRANT_ACCESS__ * Can be requested for multiple identities in a single request. * Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options. * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. * Roles, access profiles and entitlements can be requested. * You can specify a `removeDate` to set or alter a sunset date-time on an assignment. The removeDate must be a future date-time, in the UTC timezone. Additionally, if the user already has the access assigned with a sunset date, you can also submit a request without a `removeDate` to request removal of the sunset date and time. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * Now supports an alternate field 'requestedForWithRequestedItems' for users to specify account selections while requesting items where they have more than one account on the source. :::caution If any entitlements are being requested, then the maximum number of entitlements that can be requested is 25, and the maximum number of identities that can be requested for is 10. If you exceed these limits, the request will fail with a 400 error. If you are not requesting any entitlements, then there are no limits. ::: __REVOKE_ACCESS__ * Can only be requested for a single identity at a time. * You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning. * Does not support self request. Only manager can request to revoke access for their directly managed employees. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * Roles, access profiles, and entitlements can be requested for revocation. * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * You can specify a `removeDate` to add or alter a sunset date and time on an assignment. The `removeDate` must be a future date-time, in the UTC timezone. If the user already has the access assigned with a sunset date and time, the removeDate must be a date-time earlier than the existing sunset date and time. * Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone. * Now supports REVOKE_ACCESS requests for identities with multiple accounts on a single source, with the help of 'assignmentId' and 'nativeIdentity' fields. These fields should be used within the 'requestedItems' section for the revoke requests. * Usage of 'requestedForWithRequestedItems' field is not supported for revoke requests. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AccessRequest' responses: '202': description: Access Request Response. content: application/json: schema: $ref: '#/components/schemas/AccessRequestResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /access-requests/cancel: post: operationId: cancelAccessRequest security: - userAuth: - idn:access-request:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - Access Requests summary: Cancel access request description: |- This API endpoint cancels a pending access request. An access request can be cancelled only if it has not passed the approval step. In addition to users with ORG_ADMIN, any user who originally submitted the access request may cancel it. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CancelAccessRequest' example: accountActivityId: 2c91808568c529c60168cca6f90c1313 comment: I requested this role by mistake. responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /access-request-config: get: operationId: getAccessRequestConfig security: - userAuth: - idn:access-request-config:read summary: Get access request configuration tags: - Access Requests description: This endpoint returns the current access-request configuration. responses: '200': description: Access Request Configuration Details. content: application/json: schema: $ref: '#/components/schemas/AccessRequestConfig' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: setAccessRequestConfig security: - userAuth: - idn:access-request-config:manage x-sailpoint-userLevels: - ORG_ADMIN summary: Update access request configuration tags: - Access Requests description: This endpoint replaces the current access-request configuration. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AccessRequestConfig' responses: '200': description: Access Request Configuration Details. content: application/json: schema: $ref: '#/components/schemas/AccessRequestConfig' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /access-request-status: get: operationId: listAccessRequestStatus security: - userAuth: - idn:access-request-status:read x-sailpoint-userLevels: - ORG_ADMIN tags: - Access Requests summary: Access request status description: |- Use this API to return a list of access request statuses based on the specified query parameters. If an access request was made for access that an identity already has, the API ignores the access request. These ignored requests do not display in the list of access request statuses. Any user with any user level can get the status of their own access requests. A user with ORG_ADMIN is required to call this API to get a list of statuses for other users. parameters: - in: query name: requested-for schema: type: string example: 2c9180877b2b6ea4017b2c545f971429 description: Filter the results by the identity the requests were made for. *me* indicates the current user. Mutually exclusive with *regarding-identity*. required: false - in: query name: requested-by schema: type: string example: 2c9180877b2b6ea4017b2c545f971429 description: Filter the results by the identity who made the requests. *me* indicates the current user. Mutually exclusive with *regarding-identity*. required: false - in: query name: regarding-identity schema: type: string example: 2c9180877b2b6ea4017b2c545f971429 description: Filter the results by the specified identity who is either the requester or target of the requests. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*. required: false - in: query name: assigned-to schema: type: string example: 2c9180877b2b6ea4017b2c545f971429 description: Filter the results by the specified identity who is the owner of the Identity Request Work Item. *me* indicates the current user. required: false - in: query name: count description: If this is true, the *X-Total-Count* response header populates with the number of results that would be returned if limit and offset were ignored. required: false schema: type: boolean default: false example: false - in: query name: limit description: Max number of results to return. required: false schema: type: integer format: int32 minimum: 0 maximum: 250 default: 250 example: 100 - in: query name: offset description: Offset into the full result set. Usually specified with *limit* to paginate through the results. Defaults to 0 if not specified. required: false schema: type: integer format: int32 minimum: 0 example: 10 - in: query name: filters schema: type: string example: accountActivityItemId eq "2c918086771c86df0177401efcdf54c0" description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **accessRequestId**: *eq, ge, gt, le, lt, ne, sw* **accountActivityItemId**: *eq, in, ge, gt, le, ne, sw* **created**: *eq, ge, gt, le, lt, ne* required: false - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **created, modified, accountActivityItemId, name** example: created required: false - in: query name: request-state schema: type: string example: request-state=EXECUTING description: Filter the results by the state of the request. The only valid value is *EXECUTING*. required: false responses: '200': description: List of requested item statuses. content: application/json: schema: type: array items: $ref: '#/components/schemas/RequestedItemStatus' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /access-request-approvals/pending: get: operationId: listPendingApprovals security: - userAuth: - idn:access-request-approvals:read x-sailpoint-userLevels: - ORG_ADMIN summary: Pending access request approvals list tags: - Access Request Approvals description: This endpoint returns a list of pending approvals. See "owner-id" query parameter below for authorization info. parameters: - in: query name: owner-id schema: type: string description: |- If present, the value returns only pending approvals for the specified identity. * ORG_ADMIN users can call this with any identity ID value. * ORG_ADMIN users can also fetch all the approvals in the org, when owner-id is not used. * Non-ORG_ADMIN users can only specify *me* or pass their own identity ID value. example: 2c91808568c529c60168cca6f90c1313 required: false - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters required: false schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **requestedFor.id**: *eq, in* **modified**: *gt, lt, ge, le, eq, in* **accessRequestId**: *eq, in* **created**: *gt, lt, ge, le, eq, in* example: id eq "2c91808568c529c60168cca6f90c1313" - in: query name: sorters required: false schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **created, modified** example: modified responses: '200': description: List of Pending Approvals. content: application/json: schema: type: array items: $ref: '#/components/schemas/PendingApproval' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /access-request-approvals/completed: get: operationId: listCompletedApprovals summary: Completed access request approvals list tags: - Access Request Approvals description: This endpoint returns list of completed approvals. See *owner-id* query parameter below for authorization info. security: - userAuth: - idn:access-request-approvals:read parameters: - in: query name: owner-id required: false schema: type: string description: |- If present, the value returns only completed approvals for the specified identity. * ORG_ADMIN users can call this with any identity ID value. * ORG_ADMIN users can also fetch all the approvals in the org, when owner-id is not used. * Non-ORG_ADMIN users can only specify *me* or pass their own identity ID value. example: 2c91808568c529c60168cca6f90c1313 - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters required: false schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in, ge, gt, le, lt, ne, isnull, sw* **requestedFor.id**: *eq, in, ge, gt, le, lt, ne, isnull, sw* **modified**: *gt, lt, ge, le, eq, in, ne, sw* example: id eq "2c91808568c529c60168cca6f90c1313" - in: query name: sorters required: false schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **created, modified** example: modified responses: '200': description: List of Completed Approvals. content: application/json: schema: type: array items: $ref: '#/components/schemas/CompletedApproval' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /access-request-approvals/{approvalId}/approve: post: operationId: approveAccessRequest security: - userAuth: - idn:access-request-approvals:manage x-sailpoint-userLevels: - ORG_ADMIN - APPROVAL_OWNER summary: Approve access request approval tags: - Access Request Approvals description: Use this endpoint to approve an access request approval. Only the owner of the approval and ORG_ADMIN users are allowed to perform this action. parameters: - in: path name: approvalId schema: type: string required: true x-sailpoint-resource-operation-id: listPendingApprovals description: Approval ID. example: 2c91808b7294bea301729568c68c002e requestBody: description: Reviewer's comment. required: false content: application/json: schema: $ref: '#/components/schemas/CommentDto' responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /access-request-approvals/{approvalId}/reject: post: operationId: rejectAccessRequest summary: Reject access request approval tags: - Access Request Approvals description: Use this API to reject an access request approval. Only the owner of the approval and admin users are allowed to perform this action. parameters: - in: path name: approvalId schema: type: string required: true x-sailpoint-resource-operation-id: listPendingApprovals description: Approval ID. example: 2c91808b7294bea301729568c68c002e requestBody: description: Reviewer's comment. required: true content: application/json: schema: $ref: '#/components/schemas/CommentDto' responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:access-request-approvals:manage /access-request-approvals/{approvalId}/forward: post: operationId: forwardAccessRequest summary: Forward access request approval tags: - Access Request Approvals description: Use this API to forward an access request approval to a new owner. Only the owner of the approval and ORG_ADMIN users are allowed to perform this action. Only the owner of the approval and ORG_ADMIN users are allowed to perform this action. parameters: - in: path name: approvalId schema: type: string required: true x-sailpoint-resource-operation-id: listPendingApprovals description: Approval ID. example: 2c91808b7294bea301729568c68c002e requestBody: description: Information about the forwarded approval. required: true content: application/json: schema: $ref: '#/components/schemas/ForwardApprovalDto' responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:access-request-approvals:manage /access-request-approvals/approval-summary: get: operationId: getAccessRequestApprovalSummary security: - userAuth: - idn:access-request-approvals:read summary: Get access requests approvals number tags: - Access Request Approvals description: Use this API to return the number of pending, approved and rejected access requests approvals. See the "owner-id" query parameter for authorization information. info. parameters: - in: query name: owner-id schema: type: string description: |- The ID of the owner or approver identity of the approvals. If present, the value returns approval summary for the specified identity. * ORG_ADMIN users can call this with any identity ID value. * ORG_ADMIN user can also fetch all the approvals in the org, when owner-id is not used. * Non ORG_ADMIN users can only specify *me* or pass their own identity ID value. example: 2c91808568c529c60168cca6f90c1313 required: false - in: query name: from-date schema: type: string description: This is the date and time the results will be shown from. It must be in a valid ISO-8601 format. example: from-date=2020-03-19T19:59:11Z required: false responses: '200': description: Number of pending, approved, rejected access request approvals. content: application/json: schema: $ref: '#/components/schemas/ApprovalSummary' '400': description: Client Error - Returned if the query parameter is invalid. content: application/json: schema: $ref: '#/components/schemas/ErrorResponseDto' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /accounts: get: operationId: listAccounts tags: - Accounts summary: Accounts list description: 'List accounts. ' security: - userAuth: - idn:accounts:read - idn:accounts:manage - applicationAuth: - idn:accounts:read - idn:accounts:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN - HELPDESK parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: detailLevel required: false schema: type: string enum: - SLIM - FULL description: This value determines whether the API provides `SLIM` or increased level of detail (`FULL`) for each account in the returned list. `FULL` is the default behavior. example: FULL - in: query name: filters required: false schema: type: string example: identityId eq "2c9180858082150f0180893dbaf44201" description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in, sw* **identityId**: *eq, in, sw* **name**: *eq, in, sw* **nativeIdentity**: *eq, in, sw* **hasEntitlements**: *eq* **sourceId**: *eq, in, sw* **uncorrelated**: *eq* **entitlements**: *eq* **origin**: *eq, in* **manuallyCorrelated**: *eq* **identity.name**: *eq, in, sw* **identity.correlated**: *eq* **identity.identityState**: *eq, in* **source.displayableName**: *eq, in* **source.authoritative**: *eq* **source.connectionType**: *eq, in* **recommendation.method**: *eq, in, isnull* **created**: *eq, ge, gt, le, lt* **modified**: *eq, ge, gt, le, lt* - in: query name: sorters required: false schema: type: string format: comma-separated example: id,name description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **id, name, created, modified, sourceId, identityId, nativeIdentity, uuid, manuallyCorrelated, entitlements, origin, identity.name, identity.identityState, identity.correlated, source.displayableName, source.authoritative, source.connectionType** responses: '200': description: List of account objects. content: application/json: schema: type: array items: $ref: '#/components/schemas/Account' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createAccount tags: - Accounts summary: Create account description: | Submit an account creation task - the API then returns the task ID. You must include the `sourceId` where the account will be created in the `attributes` object. This endpoint creates an account on the source record in your ISC tenant. This is useful for Flat File (`DelimitedFile`) type sources because it allows you to aggregate new accounts without needing to import a new CSV file every time. However, if you use this endpoint to create an account for a Direct Connection type source, you must ensure that the account also exists on the target source. The endpoint doesn't actually provision the account on the target source, which means that if the account doesn't also exist on the target source, an aggregation between the source and your tenant will remove it from your tenant. By providing the account ID of an existing account in the request body, this API will function as a PATCH operation and update the account. security: - userAuth: - idn:accounts:manage - applicationAuth: - idn:accounts:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AccountAttributesCreate' responses: '202': description: Async task details. content: application/json: schema: $ref: '#/components/schemas/AccountsAsyncResult' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /accounts/{id}: get: operationId: getAccount tags: - Accounts summary: Account details description: 'Use this API to return the details for a single account by its ID. ' security: - userAuth: - idn:accounts:read - idn:accounts:manage - applicationAuth: - idn:accounts:read - idn:accounts:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN - HELPDESK parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listAccounts description: Account ID. example: ef38f94347e94562b5bb8424a56397d8 responses: '200': description: Account object. content: application/json: schema: $ref: '#/components/schemas/Account' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: updateAccount tags: - Accounts summary: Update account description: | Use this API to update account details. This API supports updating an account's correlation by modifying the `identityId` and `manuallyCorrelated` fields. To reassign an account from one identity to another, replace the current `identityId` with a new value. If the account you're assigning was provisioned by Identity Security Cloud (ISC), it's possible for ISC to create a new account for the previous identity as soon as the account is moved. If the account you're assigning is authoritative, this causes the previous identity to become uncorrelated and can even result in its deletion. All accounts that are reassigned will be set to `manuallyCorrelated: true` unless you specify otherwise. >**Note:** The `attributes` field can only be modified for flat file accounts. security: - userAuth: - idn:accounts:manage - applicationAuth: - idn:accounts:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listAccounts description: Account ID. example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true description: A list of account update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. content: application/json-patch+json: schema: type: array items: type: object examples: Uncorrelate account: description: Remove account from Identity value: - op: remove path: /identityId Reassign account: description: Move account from one Identity to another Identity value: - op: replace path: /identityId value: 2c9180857725c14301772a93bb77242d Add account attribute: description: Add flat file account's attribute value: - op: add path: /attributes/familyName value: Smith Replace account attribute: description: Replace flat file account's attribute value: - op: replace path: /attributes/familyName value: Smith Remove account attribute: description: Remove flat file account's attribute value: - op: remove path: /attributes/familyName responses: '202': description: Accepted. Update request accepted and is in progress. $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: putAccount tags: - Accounts summary: Update account description: | Use this API to update an account with a PUT request. This endpoint submits an account update task and returns the task ID. >**Note: You can only use this PUT endpoint to update accounts from flat file sources.** security: - userAuth: - idn:accounts:manage - applicationAuth: - idn:accounts:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listAccounts description: Account ID. example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AccountAttributes' responses: '202': description: Async task details. content: application/json: schema: $ref: '#/components/schemas/AccountsAsyncResult' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteAccount tags: - Accounts summary: Delete account description: |- Use this API to delete an account. This endpoint submits an account delete task and returns the task ID. This endpoint only deletes the account from IdentityNow, not the source itself, which can result in the account's returning with the next aggregation between the source and IdentityNow. To avoid this scenario, it is recommended that you [disable accounts](https://developer.sailpoint.com/idn/api/v3/disable-account) rather than delete them. This will also allow you to reenable the accounts in the future. >**NOTE: You can only delete accounts from sources of the "DelimitedFile" type.** security: - userAuth: - idn:accounts:manage - applicationAuth: - idn:accounts:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listAccounts description: Account ID. example: ef38f94347e94562b5bb8424a56397d8 responses: '202': description: Async task details. content: application/json: schema: $ref: '#/components/schemas/AccountsAsyncResult' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /accounts/{id}/entitlements: get: operationId: getAccountEntitlements tags: - Accounts summary: Account entitlements description: 'This API returns entitlements of the account. ' security: - userAuth: - idn:accounts:read - idn:accounts:manage - applicationAuth: - idn:accounts:read - idn:accounts:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN - HELPDESK parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listAccounts description: The account id example: ef38f94347e94562b5bb8424a56397d8 responses: '200': description: An array of account entitlements content: application/json: schema: type: array items: $ref: '#/components/schemas/Entitlement' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /accounts/{id}/reload: post: operationId: submitReloadAccount tags: - Accounts summary: Reload account description: 'This API asynchronously reloads the account directly from the connector and performs a one-time aggregation process. ' security: - userAuth: - idn:accounts-state:manage - applicationAuth: - idn:accounts-state:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN - HELPDESK parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listAccounts description: The account id example: ef38f94347e94562b5bb8424a56397d8 responses: '202': description: Async task details content: application/json: schema: $ref: '#/components/schemas/AccountsAsyncResult' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /accounts/{id}/enable: post: operationId: enableAccount tags: - Accounts summary: Enable account description: 'This API submits a task to enable account and returns the task ID. ' security: - userAuth: - idn:accounts-state:manage - applicationAuth: - idn:accounts-state:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN - HELPDESK parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listAccounts description: The account id example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AccountToggleRequest' responses: '202': description: Async task details content: application/json: schema: $ref: '#/components/schemas/AccountsAsyncResult' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /accounts/{id}/disable: post: operationId: disableAccount tags: - Accounts summary: Disable account description: 'This API submits a task to disable the account and returns the task ID. ' security: - userAuth: - idn:accounts-state:manage - applicationAuth: - idn:accounts-state:manage x-sailpont-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN - HELPDESK parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listAccounts description: The account id example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AccountToggleRequest' responses: '202': description: Async task details content: application/json: schema: $ref: '#/components/schemas/AccountsAsyncResult' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /accounts/{id}/unlock: post: operationId: unlockAccount tags: - Accounts summary: Unlock account description: |- This API submits a task to unlock an account and returns the task ID. To use this endpoint to unlock an account that has the `forceProvisioning` option set to true, the `idn:accounts-provisioning:manage` scope is required. security: - userAuth: - idn:accounts-state:manage - applicationAuth: - idn:accounts-state:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN - HELPDESK parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listAccounts description: The account ID. example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AccountUnlockRequest' responses: '202': description: Async task details content: application/json: schema: $ref: '#/components/schemas/AccountsAsyncResult' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /accounts/search-attribute-config: post: operationId: createSearchAttributeConfig security: - userAuth: - idn:account-config:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - Search Attribute Configuration summary: Create extended search attributes description: |- Create and configure extended search attributes. This API accepts an attribute name, an attribute display name and a list of name/value pair associates of application IDs to attribute names. It will then validate the inputs and configure/create the attribute promotion configuration in the Link ObjectConfig. >**Note: Give searchable attributes unique names. Do not give them the same names used for account attributes or source attributes. Also, do not give them the same names present in account schema for a current or future source, regardless of whether that source is included in the searchable attributes' `applicationAttributes`.** requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/SearchAttributeConfig' example: name: newMailAttribute displayName: New Mail Attribute applicationAttributes: 2c9180866166b5b0016167c32ef31a66: mail 2c9180866166b5b0016167c32ef31a67: mail responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' get: operationId: getSearchAttributeConfig security: - userAuth: - idn:account-config:read - idn:account-config:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - Search Attribute Configuration summary: List extended search attributes description: Get a list of attribute/application attributes currently configured in Identity Security Cloud (ISC). parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' responses: '200': description: List of attribute configurations in IdentityNow. content: application/json: schema: type: array items: $ref: '#/components/schemas/SearchAttributeConfig' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /accounts/search-attribute-config/{name}: get: operationId: getSingleSearchAttributeConfig security: - userAuth: - idn:account-config:read - idn:account-config:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - Search Attribute Configuration summary: Get extended search attribute description: Get an extended attribute configuration by name. parameters: - name: name in: path description: Name of the extended search attribute configuration to retrieve. required: true x-sailpoint-resource-operation-id: getSearchAttributeConfig schema: type: string example: newMailAttribute responses: '200': description: Specific attribute configuration in ISC. content: application/json: schema: type: array items: $ref: '#/components/schemas/SearchAttributeConfig' '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteSearchAttributeConfig security: - userAuth: - idn:account-config:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - Search Attribute Configuration summary: Delete extended search attribute description: Delete an extended attribute configuration by name. parameters: - name: name in: path description: Name of the extended search attribute configuration to delete. required: true x-sailpoint-resource-operation-id: getSearchAttributeConfig schema: type: string example: newMailAttribute responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: patchSearchAttributeConfig security: - userAuth: - idn:account-config:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - Search Attribute Configuration summary: Update extended search attribute description: |- Update an existing search attribute configuration. You can patch these fields: * name * displayName * applicationAttributes parameters: - name: name in: path description: Name of the search attribute configuration to patch. required: true x-sailpoint-resource-operation-id: getSearchAttributeConfig schema: type: string example: promotedMailAttribute requestBody: content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /name value: newAttributeName - op: replace path: /displayName value: new attribute display name - op: add path: /applicationAttributes value: 2c91808b79fd2422017a0b35d30f3968: employeeNumber required: true responses: '200': description: The updated search attribute configuration. content: application/json: schema: $ref: '#/components/schemas/SearchAttributeConfig' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /account-activities: get: operationId: listAccountActivities tags: - Account Activities summary: List account activities description: This gets a collection of account activities that satisfy the given query parameters. parameters: - in: query name: requested-for schema: type: string description: The identity that the activity was requested for. *me* indicates the current user. Mutually exclusive with *regarding-identity*. required: false example: 2c91808568c529c60168cca6f90c1313 - in: query name: requested-by schema: type: string description: The identity that requested the activity. *me* indicates the current user. Mutually exclusive with *regarding-identity*. required: false example: 2c91808568c529c60168cca6f90c1313 - in: query name: regarding-identity schema: type: string description: The specified identity will be either the requester or target of the account activity. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*. required: false example: 2c91808568c529c60168cca6f90c1313 - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **type**: *eq, in, ge, le, lt, ne, isnull, sw* **created**: *gt, lt, ge, le, eq, in, ne, isnull, sw* **modified**: *gt, lt, ge, le, eq, in, ne, isnull, sw* example: type eq "Identity Refresh" required: false - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **type, created, modified** example: created required: false responses: '200': description: List of account activities content: application/json: schema: type: array items: $ref: '#/components/schemas/AccountActivity' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /account-activities/{id}: get: operationId: getAccountActivity tags: - Account Activities summary: Get an account activity description: This gets a single account activity by its id. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listAccountActivities description: The account activity id example: ef38f94347e94562b5bb8424a56397d8 responses: '200': description: An account activity object content: application/json: schema: $ref: '#/components/schemas/AccountActivity' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /auth-org/network-config: get: operationId: getAuthOrgNetworkConfig tags: - Global Tenant Security Settings summary: Get security network configuration. description: This API returns the details of an org's network auth configuration. security: - userAuth: - sp:auth-org:read - applicationAuth: - sp:auth-org:read responses: '200': description: Network configuration for the tenant's auth org. content: application/json: schema: $ref: '#/components/schemas/NetworkConfiguration' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createAuthOrgNetworkConfig tags: - Global Tenant Security Settings summary: Create security network configuration. description: 'This API returns the details of an org''s network auth configuration. Requires security scope of: ''sp:auth-org:manage''' security: - userAuth: - sp:auth-org:manage - applicationAuth: - sp:auth-org:manage requestBody: required: true description: |- Network configuration creation request body. The following constraints ensure the request body conforms to certain logical guidelines, which are: 1. Each string element in the range array must be a valid ip address or ip subnet mask. 2. Each string element in the geolocation array must be 2 characters, and they can only be uppercase letters. content: application/json: schema: $ref: '#/components/schemas/NetworkConfiguration' responses: '200': description: Network configuration for the tenant. content: application/json: schema: $ref: '#/components/schemas/NetworkConfiguration' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: patchAuthOrgNetworkConfig tags: - Global Tenant Security Settings summary: Update security network configuration. description: |- This API updates an existing network configuration for an org using PATCH Requires security scope of: 'sp:auth-org:manage' security: - userAuth: - sp:auth-org:manage - applicationAuth: - sp:auth-org:manage requestBody: required: true description: |- A list of auth org network configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Ensures that the patched Network Config conforms to certain logical guidelines, which are: 1. Each string element in the range array must be a valid ip address or ip subnet mask. 2. Each string element in the geolocation array must be 2 characters, and they can only be uppercase letters. content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /whitelisted value: false, - op: add path: /geolocation value: - AF - HN - ES responses: '200': description: Updated Auth Org network configuration. content: application/json: schema: $ref: '#/components/schemas/NetworkConfiguration' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /auth-org/lockout-config: get: operationId: getAuthOrgLockoutConfig tags: - Global Tenant Security Settings summary: Get auth org lockout configuration. description: This API returns the details of an org's lockout auth configuration. security: - userAuth: - sp:auth-org:read - applicationAuth: - sp:auth-org:read responses: '200': description: Lockout configuration for the tenant's auth org. content: application/json: schema: $ref: '#/components/schemas/LockoutConfiguration' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: patchAuthOrgLockoutConfig tags: - Global Tenant Security Settings summary: Update auth org lockout configuration description: | This API updates an existing lockout configuration for an org using PATCH security: - userAuth: - sp:auth-org:manage - applicationAuth: - sp:auth-org:manage x-sailpoint-userLevels: - ORG_ADMIN - HELPDESK requestBody: required: true description: |- A list of auth org lockout configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Ensures that the patched Lockout Config conforms to certain logical guidelines, which are: `1. maximumAttempts >= 1 && maximumAttempts <= 15 2. lockoutDuration >= 5 && lockoutDuration <= 60 3. lockoutWindow >= 5 && lockoutDuration <= 60` content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /maximumAttempts value: 7, - op: add path: /lockoutDuration value: 35 responses: '200': description: Updated Auth Org lockout configuration. content: application/json: schema: $ref: '#/components/schemas/LockoutConfiguration' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /auth-org/service-provider-config: get: operationId: getAuthOrgServiceProviderConfig tags: - Global Tenant Security Settings summary: Get service provider configuration. description: This API returns the details of an org's service provider auth configuration. responses: '200': description: Service provider configuration for the tenant. content: application/json: schema: $ref: '#/components/schemas/ServiceProviderConfiguration' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - 'sp:auth-org:read ' - applicationAuth: - 'sp:auth-org:read ' patch: operationId: patchAuthOrgServiceProviderConfig tags: - Global Tenant Security Settings summary: Update service provider configuration description: This API updates an existing service provider configuration for an org using PATCH. requestBody: required: true description: |- A list of auth org service provider configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Note: /federationProtocolDetails/0 is IdpDetails /federationProtocolDetails/1 is SpDetails Ensures that the patched ServiceProviderConfig conforms to certain logical guidelines, which are: 1. Do not add or remove any elements in the federation protocol details in the service provider configuration. 2. Do not modify, add, or delete the service provider details element in the federation protocol details. 3. If this is the first time the patched ServiceProviderConfig enables Remote IDP sign-in, it must also include IDPDetails. 4. If the patch enables Remote IDP sign in, the entityID in the IDPDetails cannot be null. IDPDetails must include an entityID. 5. Any JIT configuration update must be valid. Just in time configuration update must be valid when enabled. This includes: - A Source ID - Source attribute mappings - Source attribute maps have all the required key values (firstName, lastName, email) content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /enabled value: true, - op: add path: /federationProtocolDetails/0/jitConfiguration value: enabled: true sourceId: 2c9180857377ed2901739c12a2da5ac8 sourceAttributeMappings: firstName: okta.firstName lastName: okta.lastName email: okta.email employeeNumber: okta.employeeNumber responses: '200': description: Auth Org Service Provider configuration updated. content: application/json: schema: $ref: '#/components/schemas/ServiceProviderConfiguration' '400': description: Client Error - Returned if the request body is invalid. content: application/json: schema: $ref: '#/components/schemas/ErrorResponseDto' examples: 400.1 Bad Request Content: description: Response for bad request content value: detailCode: 400.1 Bad Request Content trackingId: e7eab60924f64aa284175b9fa3309599 messages: - locale: en localeOrigin: REQUEST text: firstName is required; accountName is required; 400.1.3 Illegal value: description: Response for Illegal value value: detailCode: 400.1.3 Illegal value trackingId: e7eab60924f64aa284175b9fa3309599 messages: - locale: en localeOrigin: REQUEST text: JIT source id is invalid. '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:auth-org:manage - applicationAuth: - sp:auth-org:manage /auth-org/session-config: get: operationId: getAuthOrgSessionConfig tags: - Global Tenant Security Settings summary: Get auth org session configuration. description: This API returns the details of an org's session auth configuration. security: - userAuth: - sp:auth-org:read - applicationAuth: - sp:auth-org:read responses: '200': description: Session configuration for the tenant's auth org. content: application/json: schema: $ref: '#/components/schemas/SessionConfiguration' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: patchAuthOrgSessionConfig tags: - Global Tenant Security Settings summary: Update auth org session configuration description: This API updates an existing session configuration for an org using PATCH. security: - userAuth: - sp:auth-org:manage - applicationAuth: - sp:auth-org:manage x-sailpoint-userLevels: - ORG_ADMIN - HELPDESK requestBody: required: true description: | A list of auth org session configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Ensures that the patched Session Config conforms to certain logical guidelines, which are: `1. maxSessionTime >= 1 && maxSessionTime <= 10080 (1 week) 2. maxIdleTime >= 1 && maxIdleTime <= 1440 (1 day) 3. maxSessionTime must have a greater duration than maxIdleTime.` content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /rememberMe value: true, - op: add path: /maxSessionTime value: 480 responses: '200': description: Updated Auth Org session configuration. content: application/json: schema: $ref: '#/components/schemas/SessionConfiguration' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /auth-users/{id}: get: operationId: getAuthUser tags: - Auth Users summary: Auth user details description: Return the specified user's authentication system details. parameters: - in: path name: id description: Identity ID required: true x-sailpoint-resource-operation-id: listIdentities schema: type: string example: ef38f94347e94562b5bb8424a56397d8 security: - userAuth: - sp:auth-user:read responses: '200': description: The specified user's authentication system details. content: application/json: schema: $ref: '#/components/schemas/AuthUser' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: patchAuthUser tags: - Auth Users summary: Auth user update description: |- Use a PATCH request to update an existing user in the authentication system. Use this endpoint to modify these fields: * `capabilities` A '400.1.1 Illegal update attempt' detail code indicates that you attempted to PATCH a field that is not allowed. security: - userAuth: - sp:auth-user:manage parameters: - in: path name: id description: Identity ID required: true x-sailpoint-resource-operation-id: listIdentities schema: type: string example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true description: A list of auth user update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /capabilities value: - ORG_ADMIN responses: '200': description: Auth user updated. content: application/json: schema: $ref: '#/components/schemas/AuthUser' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /brandings: get: operationId: getBrandingList tags: - Branding summary: List of branding items description: This API endpoint returns a list of branding items. security: - userAuth: - idn:branding:read - applicationAuth: - idn:branding:read x-sailpoint-userLevels: - ORG_ADMIN responses: '200': description: A list of branding items. content: application/json: schema: type: array items: $ref: '#/components/schemas/BrandingItem' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createBrandingItem tags: - Branding summary: Create a branding item description: This API endpoint creates a branding item. requestBody: required: true content: multipart/form-data: schema: $ref: '#/components/schemas/BrandingItemCreate' security: - userAuth: - idn:branding:manage - applicationAuth: - idn:branding:manage x-sailpoint-userLevels: - ORG_ADMIN responses: '201': description: Branding item created content: application/json: schema: $ref: '#/components/schemas/BrandingItem' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /brandings/{name}: get: operationId: getBranding tags: - Branding summary: Get a branding item description: 'This API endpoint retrieves information for an existing branding item by name. ' security: - userAuth: - idn:branding:read - applicationAuth: - idn:branding:read x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: name schema: type: string required: true x-sailpoint-resource-operation-id: getBrandingList description: The name of the branding item to be retrieved example: default responses: '200': description: A branding item object content: application/json: schema: $ref: '#/components/schemas/BrandingItem' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: setBrandingItem tags: - Branding summary: Update a branding item description: This API endpoint updates information for an existing branding item. parameters: - in: path name: name schema: type: string required: true x-sailpoint-resource-operation-id: getBrandingList description: The name of the branding item to be retrieved example: default requestBody: required: true content: multipart/form-data: schema: $ref: '#/components/schemas/BrandingItemCreate' security: - userAuth: - idn:branding:manage - applicationAuth: - idn:branding:manage x-sailpoint-userLevels: - ORG_ADMIN responses: '200': description: Branding item updated content: application/json: schema: $ref: '#/components/schemas/BrandingItem' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteBranding tags: - Branding summary: Delete a branding item description: 'This API endpoint delete information for an existing branding item by name. ' security: - userAuth: - idn:branding:manage - applicationAuth: - idn:branding:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: name schema: type: string required: true x-sailpoint-resource-operation-id: getBrandingList description: The name of the branding item to be deleted example: default responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /campaigns: get: operationId: getActiveCampaigns tags: - Certification Campaigns summary: List campaigns description: | Use this API to get a list of campaigns. This API can provide increased level of detail for each campaign for the correct provided query. security: - userAuth: - idn:campaign:read - idn:campaign:manage - idn:campaign-report:read - idn:campaign-report:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN - REPORT_ADMIN parameters: - in: query name: detail schema: type: string enum: - SLIM - FULL required: false description: Determines whether slim, or increased level of detail is provided for each campaign in the returned list. Slim is the default behavior. example: FULL - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string required: false description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, sw* **status**: *eq, in* example: name eq "Manager Campaign" - in: query name: sorters schema: type: string format: comma-separated required: false description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created** example: name responses: '200': description: A list of campaign objects. By default list of SLIM campaigns is returned. content: application/json: schema: type: array items: anyOf: - $ref: '#/components/schemas/Campaign-2' - $ref: '#/components/schemas/SlimCampaign' examples: Slim Campaign: $ref: '#/components/examples/SlimCampaigns' Full Campaign: $ref: '#/components/examples/FullCampaigns' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createCampaign tags: - Certification Campaigns summary: Create a campaign description: | Use this API to create a certification campaign with the information provided in the request body. security: - userAuth: - idn:campaign:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/Campaign-2' examples: Manager: $ref: '#/components/examples/CreateCampaignManager' Search: $ref: '#/components/examples/CreateCampaignSearch' Source Owner: $ref: '#/components/examples/CreateCampaignSourceOwner' Role Composition: $ref: '#/components/examples/CreateCampaignRoleComposition' Machine Account: $ref: '#/components/examples/CreateCampaignMachineAccount' responses: '202': description: This response indicates that the requested campaign has been successfully accepted into the system, and its representation is returned by the API. content: application/json: schema: $ref: '#/components/schemas/Campaign-2' examples: Manager: $ref: '#/components/examples/FullCampaignManager' Search: $ref: '#/components/examples/FullCampaignSearch' Source Owner: $ref: '#/components/examples/FullCampaignSourceOwner' Role Composition: $ref: '#/components/examples/FullCampaignRoleComposition' Machine Account Owner: $ref: '#/components/examples/FullCampaignMachineAccount' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /campaigns/{id}: get: operationId: getCampaign tags: - Certification Campaigns summary: Get campaign description: | Use this API to get information for an existing certification campaign by the campaign's ID. security: - userAuth: - idn:campaign:read - idn:campaign:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getActiveCampaigns description: ID of the campaign to be retrieved. example: 2c91808571bcfcf80171c23e4b4221fc - in: query name: detail schema: type: string enum: - SLIM - FULL required: false description: Determines whether slim, or increased level of detail is provided for each campaign in the returned list. Slim is the default behavior. example: FULL responses: '200': description: Requested campaign object. content: application/json: schema: anyOf: - $ref: '#/components/schemas/SlimCampaign' - $ref: '#/components/schemas/Campaign-2' examples: Manager: $ref: '#/components/examples/SlimCampaignManager' Search: $ref: '#/components/examples/SlimCampaignSearch' Source Owner: $ref: '#/components/examples/SlimCampaignSourceOwner' RoleComposition: $ref: '#/components/examples/SlimCampaignRoleComposition' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: updateCampaign tags: - Certification Campaigns summary: Update a campaign description: | Use this API to update individual fields on a certification campaign, using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. security: - userAuth: - idn:campaign:read - idn:campaign:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getActiveCampaigns description: ID of the campaign template being modified. example: 2c91808571bcfcf80171c23e4b4221fc requestBody: required: true description: | A list of campaign update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The fields that can be patched differ based on the status of the campaign. When the campaign is in the *STAGED* status, you can patch these fields: * name * description * recommendationsEnabled * deadline * emailNotificationEnabled * autoRevokeAllowed When the campaign is in the *ACTIVE* status, you can patch these fields: * deadline content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /name value: This field has been updated! - op: copy from: /name path: /description responses: '200': description: This response indicates that the PATCH operation succeeded, and the API returns the campaign's new representation. content: application/json: schema: $ref: '#/components/schemas/SlimCampaign' examples: Manager: $ref: '#/components/examples/SlimCampaignManager' Search: $ref: '#/components/examples/SlimCampaignSearch' Source Owner: $ref: '#/components/examples/SlimCampaignSourceOwner' RoleComposition: $ref: '#/components/examples/SlimCampaignRoleComposition' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /campaigns/{id}/reassign: post: security: - userAuth: - idn:campaign:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN operationId: move tags: - Certification Campaigns summary: Reassign certifications description: | This API reassigns the specified certifications from one identity to another. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getActiveCampaigns description: The certification campaign ID example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AdminReviewReassign' responses: '202': description: The reassign task that has been submitted. content: application/json: schema: $ref: '#/components/schemas/CertificationTask' example: id: 2c918086719eec070171a7e3355a360a type: ADMIN_REASSIGN targetType: CAMPAIGN targetId: 2c918086719eec070171a7e3355a834c status: QUEUED errors: [] created: '2020-09-24T18:10:47.693Z' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /campaigns/{id}/activate: post: operationId: startCampaign tags: - Certification Campaigns summary: Activate a campaign description: | Use this API to submit a job to activate the certified campaign with the specified ID. The campaign must be staged. security: - userAuth: - idn:campaign:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN requestBody: description: Optional. If no timezone is specified, the standard UTC timezone is used (i.e. UTC+00:00). Although this can take any timezone, the intended value is the caller's timezone. The activation time calculated from the given timezone may cause the campaign deadline time to be modified, but it will remain within the original date. The timezone must be in a valid ISO 8601 format. required: false content: application/json: schema: $ref: '#/components/schemas/ActivateCampaignOptions' parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getActiveCampaigns description: Campaign ID. example: ef38f94347e94562b5bb8424a56397d8 responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /campaigns/{id}/complete: post: operationId: completeCampaign tags: - Certification Campaigns summary: Complete a campaign description: | :::caution This endpoint will run successfully for any campaigns that are **past due**. This endpoint will return a content error if the campaign is **not past due**. ::: Use this API to complete a certification campaign. This functionality is provided to admins so that they can complete a certification even if all items have not been completed. security: - userAuth: - idn:campaign:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN requestBody: description: Optional. Default behavior is for the campaign to auto-approve upon completion, unless autoCompleteAction=REVOKE required: false content: application/json: schema: $ref: '#/components/schemas/CampaignCompleteOptions' parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getActiveCampaigns description: Campaign ID. example: ef38f94347e94562b5bb8424a56397d8 responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /campaigns/delete: post: operationId: deleteCampaigns tags: - Certification Campaigns summary: Delete campaigns description: | Use this API to delete certification campaigns whose IDs are specified in the provided list of campaign IDs. security: - userAuth: - idn:campaign:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN requestBody: description: IDs of the campaigns to delete. required: true content: application/json: schema: $ref: '#/components/schemas/CampaignsDeleteRequest' responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /campaigns/{id}/run-remediation-scan: post: operationId: startCampaignRemediationScan tags: - Certification Campaigns summary: Run campaign remediation scan description: | Use this API to run a remediation scan task for a certification campaign. security: - userAuth: - idn:campaign-report:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN - REPORT_ADMIN parameters: - in: path name: id schema: type: string example: 2c91808571bcfcf80171c23e4b4221fc required: true x-sailpoint-resource-operation-id: getActiveCampaigns description: ID of the campaign the remediation scan is being run for. responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /campaigns/{id}/reports: get: operationId: getCampaignReports tags: - Certification Campaigns summary: Get campaign reports description: | Use this API to fetch all reports for a certification campaign by campaign ID. security: - userAuth: - idn:campaign-report:read - idn:campaign-report:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN - REPORT_ADMIN parameters: - in: path name: id schema: type: string example: 2c91808571bcfcf80171c23e4b4221fc required: true x-sailpoint-resource-operation-id: getActiveCampaigns description: ID of the campaign whose reports are being fetched. responses: '200': description: Array of campaign report objects. content: application/json: schema: type: array items: $ref: '#/components/schemas/CampaignReport' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /campaigns/{id}/run-report/{type}: post: operationId: startCampaignReport tags: - Certification Campaigns summary: Run campaign report description: | Use this API to run a report for a certification campaign. security: - userAuth: - idn:campaign-report:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN - REPORT_ADMIN parameters: - in: path name: id schema: type: string example: 2c91808571bcfcf80171c23e4b4221fc required: true x-sailpoint-resource-operation-id: getActiveCampaigns description: ID of the campaign the report is being run for. - in: path name: type schema: $ref: '#/components/schemas/ReportType' required: true description: Type of the report to run. responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /campaigns/reports-configuration: get: operationId: getCampaignReportsConfig tags: - Certification Campaigns summary: Get campaign reports configuration description: | Use this API to fetch the configuration for certification campaign reports. The configuration includes only one element - identity attributes defined as custom report columns. security: - userAuth: - idn:campaign:read - idn:campaign:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN responses: '200': description: Campaign report configuration. content: application/json: schema: $ref: '#/components/schemas/CampaignReportsConfig' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: setCampaignReportsConfig tags: - Certification Campaigns summary: Set campaign reports configuration description: | Use this API to overwrite the configuration for campaign reports. security: - userAuth: - idn:campaign:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN requestBody: required: true description: Campaign report configuration. content: application/json: schema: $ref: '#/components/schemas/CampaignReportsConfig' responses: '200': description: The persisted campaign report configuration. content: application/json: schema: $ref: '#/components/schemas/CampaignReportsConfig' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /campaign-filters: post: operationId: createCampaignFilter tags: - Certification Campaign Filters summary: Create campaign filter description: Use this API to create a campaign filter based on filter details and criteria. security: - userAuth: - idn:campaign-filter:manage requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CampaignFilterDetails' responses: '200': description: Created successfully. content: application/json: schema: $ref: '#/components/schemas/CampaignFilterDetails' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' get: operationId: listCampaignFilters tags: - Certification Campaign Filters summary: List campaign filters description: Use this API to list all campaign filters. You can reduce scope with standard V3 query parameters. security: - userAuth: - idn:campaign-filter:manage parameters: - $ref: '#/components/parameters/limit' - in: query name: start description: Start/Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. required: false example: 0 schema: type: integer format: int32 minimum: 0 default: 0 - in: query name: includeSystemFilters description: 'If this is true, the API includes system filters in the count and results. Otherwise it excludes them. If no value is provided, the default is true. ' required: false example: true schema: type: boolean default: true responses: '200': description: List of campaign filter objects. content: application/json: schema: type: object properties: items: type: array description: List of campaign filters. items: $ref: '#/components/schemas/CampaignFilterDetails' count: type: integer description: Number of filters returned. example: 2 example: items: - id: 5b8a2ba86393dd174495c4436dd76b25 name: IdentityAttribute Inclusion Campaign Filter description: IdentityAttribute Inclusion Campaign Filter owner: SailPoint Support mode: INCLUSION criteriaList: - type: IDENTITY_ATTRIBUTE property: displayName value: '#' operation: CONTAINS negateResult: false shortCircuit: false recordChildMatches: false id: null suppressMatchedItems: false children: null isSystemFilter: false - id: e9f9a1397b842fd5a65842087040d3ac name: Exclusion Campaign Filter description: Campaign filter for Exclusion update owner: SailPoint Support mode: EXCLUSION criteriaList: - type: IDENTITY_ATTRIBUTE property: displayName value: '#@' operation: CONTAINS negateResult: false shortCircuit: false recordChildMatches: false id: null suppressMatchedItems: false children: null isSystemFilter: false count: 2 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /campaign-filters/{id}: get: operationId: getCampaignFilterById tags: - Certification Campaign Filters summary: Get campaign filter by id description: Retrieves information for an existing campaign filter using the filter's ID. security: - userAuth: - idn:campaign-filter:read parameters: - in: path name: id schema: type: string example: e9f9a1397b842fd5a65842087040d3ac required: true x-sailpoint-resource-operation-id: listCampaignFilters description: The ID of the campaign filter to be retrieved. responses: '200': description: A campaign filter object. content: application/json: schema: $ref: '#/components/schemas/CampaignFilterDetails' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: updateCampaignFilter tags: - Certification Campaign Filters summary: Updates a campaign filter description: Updates an existing campaign filter using the filter's ID. security: - userAuth: - idn:campaign-filter:manage parameters: - in: path name: filterId schema: type: string example: e9f9a1397b842fd5a65842087040d3ac required: true x-sailpoint-resource-operation-id: listCampaignFilters description: The ID of the campaign filter being modified. requestBody: required: true description: A campaign filter details with updated field values. content: application/json: schema: $ref: '#/components/schemas/CampaignFilterDetails' responses: '200': description: Created successfully. content: application/json: schema: $ref: '#/components/schemas/CampaignFilterDetails' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /campaign-filters/delete: post: operationId: deleteCampaignFilters tags: - Certification Campaign Filters summary: Deletes campaign filters description: Deletes campaign filters whose Ids are specified in the provided list of campaign filter Ids. Authorized callers must be an ORG_ADMIN or a CERT_ADMIN. security: - userAuth: - idn:campaign-filter:manage requestBody: description: A json list of IDs of campaign filters to delete. required: true content: application/json: schema: type: array items: type: string example: - 0fbe863c063c4c88a35fd7f17e8a3df5 - 2efb374d392c4d88a34sv7b11e8a4eq6 responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /campaign-templates: post: operationId: createCampaignTemplate tags: - Certification Campaigns summary: Create a campaign template description: | Use this API to create a certification campaign template based on campaign. security: - userAuth: - idn:campaign-template:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CampaignTemplate' examples: Manager: $ref: '#/components/examples/CreateCampaignTemplateManager' Search: $ref: '#/components/examples/CreateCampaignTemplateSearch' Source Owner: $ref: '#/components/examples/CreateCampaignTemplateSourceOwner' RoleComposition: $ref: '#/components/examples/CreateCampaignTemplateRoleComposition' responses: '200': description: Created successfully. content: application/json: schema: $ref: '#/components/schemas/CampaignTemplate' examples: Manager: $ref: '#/components/examples/CampaignTemplateManager' Search: $ref: '#/components/examples/CampaignTemplateSearch' Source Owner: $ref: '#/components/examples/CampaignTemplateSourceOwner' RoleComposition: $ref: '#/components/examples/CampaignTemplateRoleComposition' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' get: operationId: getCampaignTemplates tags: - Certification Campaigns summary: List campaign templates description: | Use this API to get a list of all campaign templates. Scope can be reduced through standard V3 query params. The API returns all campaign templates matching the query parameters. security: - userAuth: - idn:campaign-template:read - idn:campaign-template:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created, modified** example: name - in: query name: filters schema: type: string format: comma-separated description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **name**: *eq, ge, gt, in, le, lt, ne, sw* **id**: *eq, ge, gt, in, le, lt, ne, sw* example: name eq "manager template" responses: '200': description: List of campaign template objects. content: application/json: schema: type: array items: $ref: '#/components/schemas/CampaignTemplate' example: - id: e7dbec99d49349c8951bd84f58a05120 name: Manager Review created: '2022-08-02T19:16:42.632Z' modified: null description: A review of everyone's access by their manager. deadlineDuration: P14D ownerRef: email: support@testmail.identitysoon.com type: IDENTITY id: 7ec252acbd4245548bc25df22348cb75 name: SailPoint Support scheduled: false campaign: created: null modified: null filter: type: CAMPAIGN_FILTER id: e0adaae69852e8fe8b8a3d48e5ce757c name: Test Manager Filter sunsetCommentsRequired: true sourceOwnerCampaignInfo: null searchCampaignInfo: null roleCompositionCampaignInfo: null alerts: null totalCertifications: null completedCertifications: null sourcesWithOrphanEntitlements: null id: null name: Manager Review description: Review everyone's access. deadline: null type: MANAGER status: null emailNotificationEnabled: true autoRevokeAllowed: false recommendationsEnabled: false mandatoryCommentRequirement: NO_DECISIONS - id: b7e6459eed5247ac8b98a5fed81fe27f name: Reporting Access Review created: '2022-07-28T19:19:40.035Z' modified: null description: A review of everyone's access to the reporting system. deadlineDuration: P14D ownerRef: email: support@testmail.identitysoon.com type: IDENTITY id: 7ec252acbd4245548bc25df22348cb75 name: SailPoint Support scheduled: false campaign: created: null modified: null filter: type: CAMPAIGN_FILTER id: e0adaae69852e8fe8b8a3d48e5ce757c name: Test Search Filter sunsetCommentsRequired: true sourceOwnerCampaignInfo: null searchCampaignInfo: type: ACCESS description: Identities with reporting abilities reviewerId: null reviewer: null query: '@access(name: ("reporter"))' identityIds: null accessConstraints: [] roleCompositionCampaignInfo: null alerts: null totalCertifications: null completedCertifications: null sourcesWithOrphanEntitlements: null id: null name: Search Campaign description: Review everyone's access to the reporting system. deadline: null type: SEARCH status: null emailNotificationEnabled: true autoRevokeAllowed: false recommendationsEnabled: false mandatoryCommentRequirement: NO_DECISIONS - id: b9f41bc69e7a4291b9de0630396d030d name: Campaign With Admin Role created: '2022-08-02T13:40:36.857Z' modified: null description: Campaign With Admin Role deadlineDuration: null ownerRef: email: support@testmail.identitysoon.com type: IDENTITY id: 7ec252acbd4245548bc25df22348cb75 name: SailPoint Support scheduled: false campaign: created: null modified: null filter: null sunsetCommentsRequired: true sourceOwnerCampaignInfo: null searchCampaignInfo: null roleCompositionCampaignInfo: remediatorRef: type: IDENTITY id: 7ec252acbd4245548bc25df22348cb75 name: SailPoint Support reviewerId: null reviewer: null roleIds: - b15d609fc5c8434b865fe552315fda8f query: null description: null alerts: null totalCertifications: null completedCertifications: null sourcesWithOrphanEntitlements: null id: null name: Campaign With Admin Role description: Campaign With Admin Role deadline: null type: ROLE_COMPOSITION status: null emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false mandatoryCommentRequirement: NO_DECISIONS - id: b9f41bc69e7a4291b9de0630396d030d name: AD Source Review created: '2022-08-02T13:40:36.857Z' modified: null description: A review of our AD source. deadlineDuration: P1M ownerRef: email: support@testmail.identitysoon.com type: IDENTITY id: 7ec252acbd4245548bc25df22348cb75 name: SailPoint Support scheduled: false campaign: created: null modified: null filter: type: CAMPAIGN_FILTER id: e0adaae69852e8fe8b8a3d48e5ce757c name: Test Source Owner Filter sunsetCommentsRequired: true sourceOwnerCampaignInfo: sourceIds: - 2c918084707deba501709d45ce4e5569 searchCampaignInfo: null roleCompositionCampaignInfo: null alerts: null totalCertifications: null completedCertifications: null sourcesWithOrphanEntitlements: null id: null name: AD Source Review description: Review everyone's access. deadline: null type: SOURCE_OWNER status: null emailNotificationEnabled: true autoRevokeAllowed: false recommendationsEnabled: false correlatedStatus: CORRELATED mandatoryCommentRequirement: NO_DECISIONS '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /campaign-templates/{id}: patch: operationId: patchCampaignTemplate tags: - Certification Campaigns summary: Update a campaign template description: | Use this API to update individual fields on a certification campaign template, using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. security: - userAuth: - idn:campaign-template:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getCampaignTemplates description: ID of the campaign template being modified. example: 2c9180835d191a86015d28455b4a2329 requestBody: required: true description: | A list of campaign update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The following fields are patchable: * name * description * deadlineDuration * campaign (all fields that are allowed during create) content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /description value: Updated description! - op: replace path: /campaign/filter/id value: ff80818155fe8c080155fe8d925b0316 responses: '200': description: This response indicates that the PATCH operation succeeded, and the API returns the template's new representation. content: application/json: schema: $ref: '#/components/schemas/CampaignTemplate' examples: Manager: $ref: '#/components/examples/CampaignTemplateManager' Search: $ref: '#/components/examples/CampaignTemplateSearch' Source Owner: $ref: '#/components/examples/CampaignTemplateSourceOwner' RoleComposition: $ref: '#/components/examples/CampaignTemplateRoleComposition' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' get: operationId: getCampaignTemplate tags: - Certification Campaigns summary: Get a campaign template description: | Use this API to fetch a certification campaign template by ID. security: - userAuth: - idn:campaign-template:read - idn:campaign-template:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getCampaignTemplates description: Requested campaign template's ID. example: 2c9180835d191a86015d28455b4a2329 responses: '200': description: Data for the campaign matching the given ID. content: application/json: schema: $ref: '#/components/schemas/CampaignTemplate' examples: Manager: $ref: '#/components/examples/CampaignTemplateManager' Search: $ref: '#/components/examples/CampaignTemplateSearch' Source Owner: $ref: '#/components/examples/CampaignTemplateSourceOwner' RoleComposition: $ref: '#/components/examples/CampaignTemplateRoleComposition' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteCampaignTemplate tags: - Certification Campaigns summary: Delete a campaign template description: | Use this API to delete a certification campaign template by ID. security: - userAuth: - idn:campaign-template:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getCampaignTemplates description: ID of the campaign template being deleted. example: 2c9180835d191a86015d28455b4a2329 responses: '204': $ref: '#/components/responses/204' description: The campaign template was successfully deleted. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /campaign-templates/{id}/schedule: get: operationId: getCampaignTemplateSchedule tags: - Certification Campaigns summary: Get campaign template schedule description: | Use this API to get the schedule for a certification campaign template. The API returns a 404 if there is no schedule set. security: - userAuth: - idn:campaign-temlates:read x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getCampaignTemplates description: ID of the campaign template whose schedule is being fetched. example: 04bedce387bd47b2ae1f86eb0bb36dee responses: '200': description: Current schedule for the campaign template. See the [Set Campaign Template Schedule endpoint documentation](https://developer.sailpoint.com/docs/api/v3/set-campaign-template-schedule) for more examples. content: application/json: schema: $ref: '#/components/schemas/Schedule-2' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: setCampaignTemplateSchedule tags: - Certification Campaigns summary: Set campaign template schedule description: | Use this API to set the schedule for a certification campaign template. If a schedule already exists, the API overwrites it with the new one. security: - userAuth: - idn:campaign-template:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getCampaignTemplates description: ID of the campaign template being scheduled. example: 04bedce387bd47b2ae1f86eb0bb36dee requestBody: content: application/json: schema: $ref: '#/components/schemas/Schedule-2' examples: Monthly: description: Runs on the 15th and last day of the month, at 5PM. value: type: MONTHLY hours: type: LIST values: - '17' days: type: LIST values: - '15' Once a year: description: Runs every January 1st at midnight. value: type: ANNUALLY hours: type: LIST values: - '0' days: type: LIST values: - '--01-01' Quarterly: description: Runs once a quarter (every 3 months) on the first of the month at 1AM. value: type: ANNUALLY hours: type: LIST values: - '1' days: type: LIST values: - '1' months: type: LIST values: - '1' interval: 3 Yearly on Specific Days: description: Runs on March 12 and December 5 at 1AM, every year. value: type: ANNUALLY hours: type: LIST values: - '1' days: type: LIST values: - '--03-12' - '--12-05' On a Specific Date: description: Runs at 1AM on February 18th, 2020 value: type: CALENDAR hours: type: LIST values: - '1' days: type: LIST values: - '2020-02-18' responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteCampaignTemplateSchedule tags: - Certification Campaigns summary: Delete campaign template schedule description: | Use this API to delete the schedule for a certification campaign template. The API returns a 404 if there is no schedule set. security: - userAuth: - idn:campaign-template:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getCampaignTemplates description: ID of the campaign template whose schedule is being deleted. example: 04bedce387bd47b2ae1f86eb0bb36dee responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /campaign-templates/{id}/generate: post: operationId: startGenerateCampaignTemplate tags: - Certification Campaigns summary: Generate a campaign from template security: - userAuth: - idn:campaign-template:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN description: | Use this API to generate a new certification campaign from a campaign template. The campaign object contained in the template has special formatting applied to its name and description fields that determine the generated campaign's name/description. Placeholders in those fields are formatted with the current date and time upon generation. Placeholders consist of a percent sign followed by a letter indicating what should be inserted. For example, "%Y" inserts the current year, and a campaign template named "Campaign for %y" generates a campaign called "Campaign for 2020" (assuming the year at generation time is 2020). Valid placeholders are the date/time conversion suffix characters supported by [java.util.Formatter](https://docs.oracle.com/javase/8/docs/api/java/util/Formatter.html). parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getCampaignTemplates description: ID of the campaign template to use for generation. example: 2c9180835d191a86015d28455b4a2329 responses: '200': description: This response indicates that a campaign was successfully generated from this template, and the API returns a reference to the new campaign. content: application/json: schema: $ref: '#/components/schemas/CampaignReference' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /certifications: get: operationId: listIdentityCertifications tags: - Certifications summary: List identity campaign certifications description: Use this API to get a list of identity campaign certifications for the specified query parameters. Any authenticated token can call this API, but only certifications you are authorized to review will be returned. parameters: - in: query name: reviewer-identity schema: type: string example: me description: Reviewer's identity. *me* indicates the current user. required: false - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters required: false schema: type: string example: id eq "ef38f94347e94562b5bb8424a56397d8" description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **campaign.id**: *eq, in* **phase**: *eq* **completed**: *eq* - in: query name: sorters required: false schema: type: string format: comma-separated example: name,due description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, due, signed** responses: '200': description: List of identity campaign certifications. content: application/json: schema: type: array items: $ref: '#/components/schemas/IdentityCertificationDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:campaign:read /certifications/{id}: get: operationId: getIdentityCertification tags: - Certifications summary: Identity certification by id security: - userAuth: - idn:campaign:read x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN description: This API returns a single identity campaign certification by its ID. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listIdentityCertifications description: The certification id example: ef38f94347e94562b5bb8424a56397d8 responses: '200': description: An identity campaign certification object content: application/json: schema: $ref: '#/components/schemas/IdentityCertificationDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /certifications/{id}/access-review-items: get: operationId: listIdentityAccessReviewItems tags: - Certifications summary: List of access review items security: - userAuth: - idn:campaign:read x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN description: This API returns a list of access review items for an identity campaign certification. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listIdentityCertifications description: The identity campaign certification ID example: ef38f94347e94562b5bb8424a56397d8 - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query required: false name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **type**: *eq* **access.type**: *eq* **completed**: *eq, ne* **identitySummary.id**: *eq, in* **identitySummary.name**: *eq, sw* **access.id**: *eq, in* **access.name**: *eq, sw* **entitlement.sourceName**: *eq, sw* **accessProfile.sourceName**: *eq, sw* example: id eq "ef38f94347e94562b5bb8424a56397d8" - in: query name: sorters required: false schema: type: string format: comma-separated example: access.name,-accessProfile.sourceName description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **identitySummary.name, access.name, access.type, entitlement.sourceName, accessProfile.sourceName** - in: query name: entitlements required: false schema: type: string example: identityEntitlement description: |- Filter results to view access review items that pertain to any of the specified comma-separated entitlement IDs. An error will occur if this param is used with **access-profiles** or **roles** as only one of these query params can be used at a time. - in: query name: access-profiles required: false schema: type: string example: accessProfile1 description: |- Filter results to view access review items that pertain to any of the specified comma-separated access-profle IDs. An error will occur if this param is used with **entitlements** or **roles** as only one of these query params can be used at a time. - in: query name: roles required: false schema: type: string example: userRole description: |- Filter results to view access review items that pertain to any of the specified comma-separated role IDs. An error will occur if this param is used with **entitlements** or **access-profiles** as only one of these query params can be used at a time. responses: '200': description: A list of access review items content: application/json: schema: type: array items: $ref: '#/components/schemas/AccessReviewItem' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /certifications/{id}/decide: post: operationId: makeIdentityDecision tags: - Certifications summary: Decide on a certification item security: - userAuth: - idn:campaign:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN description: The API makes a decision to approve or revoke one or more identity campaign certification items. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listIdentityCertifications description: The ID of the identity campaign certification on which to make decisions example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true description: A non-empty array of decisions to be made. content: application/json: schema: type: array items: $ref: '#/components/schemas/ReviewDecision' minItems: 1 maxItems: 250 example: - id: ef38f94347e94562b5bb8424a56396b5 decision: APPROVE bulk: true comments: This user still needs access to this source. - id: ef38f94347e94562b5bb8424a56397d8 decision: APPROVE bulk: true comments: This user still needs access to this source too. responses: '200': description: An identity campaign certification object content: application/json: schema: $ref: '#/components/schemas/IdentityCertificationDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /certifications/{id}/reassign: post: operationId: reassignIdentityCertifications tags: - Certifications summary: Reassign identities or items description: This API reassigns up to 50 identities or items in an identity campaign certification to another reviewer. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listIdentityCertifications description: The identity campaign certification ID example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ReviewReassign' responses: '200': description: An identity campaign certification details after completing the reassignment. content: application/json: schema: $ref: '#/components/schemas/IdentityCertificationDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:campaign:manage /certifications/{id}/sign-off: post: operationId: signOffIdentityCertification tags: - Certifications summary: Finalize identity certification decisions security: - userAuth: - idn:campaign:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN description: This API finalizes all decisions made on an identity campaign certification and initiates any remediations required. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listIdentityCertifications description: The identity campaign certification ID example: ef38f94347e94562b5bb8424a56397d8 responses: '200': description: An identity campaign certification object content: application/json: schema: $ref: '#/components/schemas/IdentityCertificationDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /certifications/{id}/decision-summary: get: operationId: getIdentityDecisionSummary tags: - Certification Summaries summary: Summary of certification decisions security: - userAuth: - idn:campaign:read x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN description: This API returns a summary of the decisions made on an identity campaign certification. The decisions are summarized by type. Reviewers for this certification can also call this API. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listIdentityCertifications description: The certification ID example: ef38f94347e94562b5bb8424a56397d8 - in: query name: filters required: false schema: type: string example: identitySummary.id eq "ef38f94347e94562b5bb8424a56397d8" description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **identitySummary.id**: *eq, in* responses: '200': description: Summary of the decisions made content: application/json: schema: $ref: '#/components/schemas/IdentityCertDecisionSummary' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /certifications/{id}/identity-summaries: get: operationId: getIdentitySummaries tags: - Certification Summaries summary: Identity summaries for campaign certification security: - userAuth: - idn:campaign:read x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN description: This API returns a list of the identity summaries for a specific identity campaign certification. Reviewers for this certification can also call this API. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listIdentityCertifications description: The identity campaign certification ID example: ef38f94347e94562b5bb8424a56397d8 - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters required: false schema: type: string example: id eq "ef38f94347e94562b5bb8424a56397d8" description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **completed**: *eq, ne* **name**: *eq, sw* - in: query name: sorters required: false schema: type: string format: comma-separated example: name description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name** responses: '200': description: List of identity summaries content: application/json: schema: type: array items: $ref: '#/components/schemas/CertificationIdentitySummary' example: - id: 2c91808772a504f50172a9540e501ba7 name: Aaron Grey identityId: 2c9180857182306001719937379633e4 completed: false - id: 2c91808772a504f50172a9540e501ba8 name: Aglae Wilson identityId: 2c9180857182306001719937377a33de completed: true '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /certifications/{id}/access-summaries/{type}: get: operationId: getIdentityAccessSummaries tags: - Certification Summaries summary: Access summaries description: This API returns a list of access summaries for the specified identity campaign certification and type. Reviewers for this certification can also call this API. security: - userAuth: - idn:campaign:read x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listIdentityCertifications description: The identity campaign certification ID example: ef38f94347e94562b5bb8424a56397d8 - in: path name: type schema: type: string enum: - ROLE - ACCESS_PROFILE - ENTITLEMENT required: true description: The type of access review item to retrieve summaries for example: ACCESS_PROFILE - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters required: false schema: type: string example: access.id eq "ef38f94347e94562b5bb8424a56397d8" description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **completed**: *eq, ne* **access.id**: *eq, in* **access.name**: *eq, sw* **entitlement.sourceName**: *eq, sw* **accessProfile.sourceName**: *eq, sw* - in: query name: sorters required: false schema: type: string format: comma-separated example: access.name description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **access.name** responses: '200': description: List of access summaries content: application/json: schema: type: array items: $ref: '#/components/schemas/AccessSummary' example: - access: type: ENTITLEMENT id: 2c9180857182305e01719937429e2bad name: CN=Engineering entitlement: id: 2c9180857182305e01719937429e2bad name: CN=Engineering description: Access to the engineering database privileged: false owner: email: brandon.gray@acme-solar.com type: IDENTITY id: 2c9180867160846801719932c5153fb7 name: Brandon Gray attributeName: memberOf attributeValue: CN=Engineering sourceName: ODS-AD-Source hasPermissions: true revocable: true containsDataAccess: true dataAccess: policies: - value: GDPR-1 - value: GDPR-2 categories: - value: email-7 matchCount: 74 - value: email-9 matchCount: 30 impactScore: value: Medium '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /certifications/{id}/identity-summaries/{identitySummaryId}: get: operationId: getIdentitySummary tags: - Certification Summaries summary: Summary for identity security: - userAuth: - idn:campaign:read x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN description: This API returns the summary for an identity on a specified identity campaign certification. Reviewers for this certification can also call this API. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listIdentityCertifications description: The identity campaign certification ID example: ef38f94347e94562b5bb8424a56397d8 - in: path name: identitySummaryId schema: type: string required: true x-sailpoint-resource-operation-id: getIdentitySummaries description: The identity summary ID example: 2c91808772a504f50172a9540e501ba8 responses: '200': description: An identity summary content: application/json: schema: $ref: '#/components/schemas/CertificationIdentitySummary' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /certifications/{certificationId}/access-review-items/{itemId}/permissions: get: operationId: getIdentityCertificationItemPermissions tags: - Certifications summary: Permissions for entitlement certification item description: This API returns the permissions associated with an entitlement certification item based on the certification item's ID. Reviewers for this certification can also call this API. security: - userAuth: - idn:campaign:read x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN parameters: - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **target**: *eq, sw* **rights**: *ca* Supported composite operators: *and, or* All field values (second filter operands) are case-insensitive for this API. Only a single *and* or *or* composite filter operator may be used. It must also be used between a target filter and a rights filter, not between 2 filters for the same field. For example, the following is valid: `?filters=rights+ca+(%22CREATE%22)+and+target+eq+%22SYS.OBJAUTH2%22` The following is invalid: 1?filters=rights+ca+(%22CREATE%22)+and+rights+ca+(%SELECT%22)1 example: target eq "SYS.OBJAUTH2" - in: path name: certificationId schema: type: string required: true x-sailpoint-resource-operation-id: listIdentityCertifications description: The certification ID example: ef38f94347e94562b5bb8424a56397d8 - in: path name: itemId schema: type: string required: true x-sailpoint-resource-operation-id: listIdentityAccessReviewItems description: The certification item ID example: 2c91808671bcbab40171bd945d961227 - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' responses: '200': description: A list of permissions associated with the given itemId content: application/json: schema: type: array items: $ref: '#/components/schemas/PermissionDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /certifications/{id}/reviewers: get: operationId: listCertificationReviewers tags: - Certifications summary: List of reviewers for certification description: This API returns a list of reviewers for the certification. Reviewers for this certification can also call this API. security: - userAuth: - idn:campaign:read x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listIdentityCertifications description: The certification ID example: ef38f94347e94562b5bb8424a56397d8 - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, sw* **email**: *eq, sw* example: name eq "Bob" - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, email** example: name responses: '200': description: A list of reviewers content: application/json: schema: type: array items: $ref: '#/components/schemas/IdentityReferenceWithNameAndEmail' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /certifications/{id}/reassign-async: post: operationId: submitReassignCertsAsync tags: - Certifications summary: Reassign certifications asynchronously description: | This API initiates a task to reassign up to 500 identities or items in an identity campaign certification to another reviewer. The `certification-tasks` API can be used to get an updated status on the task and determine when the reassignment is complete. Reviewers for this certification can also call this API. security: - userAuth: - idn:campaign:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listIdentityCertifications description: The identity campaign certification ID example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ReviewReassign' responses: '200': description: A certification task object for the reassignment which can be queried for status. content: application/json: schema: $ref: '#/components/schemas/CertificationTask' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /certification-tasks/{id}: get: operationId: getCertificationTask tags: - Certifications summary: Certification task by id description: This API returns the certification task for the specified ID. Reviewers for the specified certification can also call this API. security: - userAuth: - idn:campaign:read x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getPendingCertificationTasks description: The task ID example: 63b32151-26c0-42f4-9299-8898dc1c9daa responses: '200': description: A certification task content: application/json: schema: $ref: '#/components/schemas/CertificationTask' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /certification-tasks: get: operationId: getPendingCertificationTasks tags: - Certifications summary: List of pending certification tasks description: This API returns a list of pending (`QUEUED` or `IN_PROGRESS`) certification tasks. Any authenticated token can call this API, but only certification tasks you are authorized to review will be returned. security: - userAuth: - idn:campaign:read parameters: - in: query name: reviewer-identity schema: type: string example: Ada.1de82e55078344 description: The ID of reviewer identity. *me* indicates the current user. required: false - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string example: type eq "ADMIN_REASSIGN" description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **targetId**: *eq, in* **type**: *eq, in* responses: '200': description: A list of pending certification tasks content: application/json: schema: type: array items: $ref: '#/components/schemas/CertificationTask' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /configuration-hub/object-mappings/{sourceOrg}: get: operationId: getObjectMappings security: - userAuth: - sp:config-object-mapping:read - sp:config-object-mapping:manage tags: - Configuration Hub summary: Gets list of object mappings description: |- This gets a list of existing object mappings between current org and source org. Source org should be "default" when getting object mappings that are not associated to any particular org. The request will need the following security scope: - sp:config-object-mapping:read parameters: - in: path name: sourceOrg schema: type: string required: true description: The name of the source org. example: source-org responses: '200': description: List of existing object mappings between current org and source org. content: application/json: schema: type: array items: $ref: '#/components/schemas/ObjectMappingResponse' example: - objectMappingId: 3d6e0144-963f-4bd6-8d8d-d77b4e507ce4 objectType: GOVERNANCE_GROUP jsonPath: $.description sourceValue: Sample Governance Group targetValue: Sample Governance Group - Updated enabled: true created: '2024-03-19T23:18:53.732Z' modified: '2024-03-19T23:18:53.732Z' - objectMappingId: e1d5cb80-65e2-4f92-ae2e-9588f61cc4cd objectType: IDENTITY jsonPath: $.name sourceValue: SailPoint Support targetValue: john.doe enabled: false created: '2024-03-19T23:18:06.238Z' modified: '2024-03-19T23:18:06.238Z' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createObjectMapping security: - userAuth: - sp:config-object-mapping:manage tags: - Configuration Hub summary: Creates an object mapping description: |- This creates an object mapping between current org and source org. Source org should be "default" when creating an object mapping that is not to be associated to any particular org. The request will need the following security scope: - sp:config-object-mapping:manage parameters: - in: path name: sourceOrg schema: type: string required: true description: The name of the source org. example: source-org requestBody: description: The object mapping request body. required: true content: application/json: schema: $ref: '#/components/schemas/ObjectMappingRequest' example: objectType: GOVERNANCE_GROUP jsonPath: $.description sourceValue: Sample Governance Group targetValue: Sample Governance Group - Updated enabled: true responses: '200': description: The created object mapping between current org and source org. content: application/json: schema: $ref: '#/components/schemas/ObjectMappingResponse' example: objectMappingId: 3d6e0144-963f-4bd6-8d8d-d77b4e507ce4 objectType: GOVERNANCE_GROUP jsonPath: $.description sourceValue: Sample Governance Group targetValue: Sample Governance Group - Updated enabled: true created: '2024-03-19T23:18:53.732Z' modified: '2024-03-19T23:18:53.732Z' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /configuration-hub/object-mappings/{sourceOrg}/{objectMappingId}: delete: operationId: deleteObjectMapping security: - userAuth: - sp:config-object-mapping:manage tags: - Configuration Hub summary: Deletes an object mapping description: |- This deletes an existing object mapping. Source org should be "default" when deleting an object mapping that is not associated to any particular org. The request will need the following security scope: - sp:config-object-mapping:manage parameters: - in: path name: sourceOrg schema: type: string required: true description: The name of the source org. example: source-org - in: path name: objectMappingId schema: type: string required: true description: The id of the object mapping to be deleted. example: 3d6e0144-963f-4bd6-8d8d-d77b4e507ce4 responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /configuration-hub/object-mappings/{sourceOrg}/bulk-create: post: operationId: createObjectMappings security: - userAuth: - sp:config-object-mapping:manage tags: - Configuration Hub summary: Bulk creates object mappings description: |- This creates a set of object mappings (Max 25) between current org and source org. Source org should be "default" when creating object mappings that are not to be associated to any particular org. The request will need the following security scope: - sp:config-object-mapping:manage parameters: - in: path name: sourceOrg schema: type: string required: true description: The name of the source org. example: source-org requestBody: description: The bulk create object mapping request body. required: true content: application/json: schema: $ref: '#/components/schemas/ObjectMappingBulkCreateRequest' example: newObjectsMappings: - objectType: SOURCE jsonPath: $.name sourceValue: Original SOURCE Name targetValue: New SOURCE Name enabled: true - objectType: IDENTITY jsonPath: $.name sourceValue: Original IDENTITY Name targetValue: 'New IDENTITY Name ' enabled: true responses: '200': description: The created object mapping between current org and source org. content: application/json: schema: $ref: '#/components/schemas/ObjectMappingBulkCreateResponse' example: addedObjects: - objectMappingId: 603b1a61-d03d-4ed1-864f-a508fbd1995d objectType: SOURCE jsonPath: $.name sourceValue: Original SOURCE Name targetValue: New SOURCE Name enabled: true created: '2024-03-25T15:50:41.314Z' modified: '2024-03-25T15:50:41.299Z' - objectMappingId: 00bece34-f50d-4227-8878-76f620b5a971 objectType: IDENTITY jsonPath: $.name sourceValue: Original IDENTITY Name targetValue: 'New IDENTITY Name ' enabled: true created: '2024-03-25T15:50:41.316Z' modified: '2024-03-25T15:50:41.316Z' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /configuration-hub/object-mappings/{sourceOrg}/bulk-patch: post: operationId: updateObjectMappings security: - userAuth: - sp:config-object-mapping:manage tags: - Configuration Hub summary: Bulk updates object mappings description: |- This updates a set of object mappings, only enabled and targetValue fields can be updated. Source org should be "default" when updating object mappings that are not associated to any particular org. The request will need the following security scope: - sp:config-object-mapping:manage parameters: - in: path name: sourceOrg schema: type: string required: true description: The name of the source org. example: source-org requestBody: description: The object mapping request body. required: true content: application/json: schema: $ref: '#/components/schemas/ObjectMappingBulkPatchRequest' example: patches: 603b1a61-d03d-4ed1-864f-a508fbd1995d: - op: replace path: /enabled value: true 00bece34-f50d-4227-8878-76f620b5a971: - op: replace path: /targetValue value: New Target Value responses: '200': description: The updated object mappings. content: application/json: schema: $ref: '#/components/schemas/ObjectMappingBulkPatchResponse' example: patchedObjects: - objectMappingId: 603b1a61-d03d-4ed1-864f-a508fbd1995d objectType: SOURCE jsonPath: $.name sourceValue: Original SOURCE Name targetValue: New SOURCE Name enabled: true created: '2024-03-25T15:50:41.314Z' modified: '2024-03-25T15:50:41.299Z' - objectMappingId: 00bece34-f50d-4227-8878-76f620b5a971 objectType: IDENTITY jsonPath: $.name sourceValue: Original IDENTITY Name targetValue: 'New IDENTITY Name ' enabled: true created: '2024-03-25T15:50:41.316Z' modified: '2024-03-25T15:50:41.316Z' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /configuration-hub/backups/uploads: get: operationId: listUploadedConfigurations security: - userAuth: - sp:config-backup:read - sp:config-backup:manage tags: - Configuration Hub summary: List uploaded configurations description: This API gets a list of existing uploaded configurations for the current tenant. parameters: - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **status**: *eq* example: status eq "COMPLETE" required: false responses: '200': description: List of existing uploaded configurations. content: application/json: schema: type: array items: $ref: '#/components/schemas/BackupResponse' example: - jobId: 281d421c-0643-4004-9fe5-29a95d2f73df status: COMPLETE type: BACKUP tenant: someTenant requesterName: support fileExists: true created: '2024-03-07T21:11:00.375Z' modified: '2024-03-07T21:11:25.046Z' completed: '2024-03-07T21:11:00.66Z' name: test1 userCanDelete: false isPartial: false backupType: UPLOADED hydrationStatus: HYDRATED totalObjectCount: 64 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createUploadedConfiguration security: - userAuth: - sp:config-backup:manage tags: - Configuration Hub summary: Upload a configuration description: |- This API uploads a JSON configuration file into a tenant. Configuration files can be managed and deployed via Configuration Hub by uploading a json file which contains configuration data. The JSON file should be the same as the one used by our import endpoints. The object types supported by upload configuration file functionality are the same as the ones supported by our regular backup functionality. Refer to [SaaS Configuration](https://developer.sailpoint.com/docs/extensibility/configuration-management/saas-configuration#supported-objects) for more information about supported objects. requestBody: description: | The body will consist of "data" which should contain the json file and name wish should be the name you want to assign to the uploaded file" __Example__ data: "uploaded.json", name: "A_NEW_UPLOADED_BACKUP" __Sample Upload File__ { "version": 1, "tenant": "a-sample-tenant", "objects": [ { "version": 1, "self": { "id": "0a59c7196d2917f8aa6d29686e6600fb", "type": "SOURCE", "name": "Extended Form" }, "object": { "id": "0a59c7196d2917f8aa6d29686e6600fb", "name": "Extended Form", "type": "DelimitedFile", "connectorClass": "sailpoint.connector.DelimitedFileConnector", "connectorScriptName": "delimited-file-angularsc", "description": "Migrated app - Extended Form (original ID: 0a59c7196d2917f8aa6d29686e6600fb)", "deleteThreshold": 10, "provisionAsCsv": false, "owner": { "type": "IDENTITY", "id": "0a59c7196d2917f8816d29685fed00c3", "name": "slpt.services" }, "connectorAttributes": { "beforemoveAccount": "Do Nothing", "beforemoverAccount": "Do Nothing", "busApp": "false", "file": "Empty", "filetransport": "local", "filterEmptyRecords": "true", "group.filetransport": "local", "group.filterEmptyRecords": "true", "group.partitionMode": "auto", "hasHeader": "true", "indexColumn": "ID", "isCaseInsensitiveMerge": "false", "isSortedByIndexColumn": "false", "loaProcess": "Do Nothing", "ltdProcess": "Do Nothing", "mergeRows": "false", "moverProcess": "Do Nothing", "moverRevocation": "Do Nothing", "nativeChangeDetectionAttributeScope": "entitlements", "nativeChangeDetectionEnabled": "false", "nativeChangeProcess": "Do Nothing", "parseType": "delimited", "partitionMode": "auto", "policyType": "Do Nothing", "rehireProcess": "Do Nothing", "reverseleaverProcess": "Do Nothing", "rtwloaProcess": "Do Nothing", "rtwltdProcess": "Do Nothing", "stopIfLineHasWrongColumnLength": "false", "templateApplication": "DelimitedFile Template", "terminationProcess": "Do Nothing" }, "schemas": [], "provisioningPolicies": [], "features": [ "DIRECT_PERMISSIONS", "NO_RANDOM_ACCESS", "DISCOVER_SCHEMA" ] } } ] } required: true content: multipart/form-data: schema: type: object properties: data: type: string format: binary description: JSON file containing the objects to be imported. name: type: string description: Name that will be assigned to the uploaded configuration file. required: - data - name responses: '202': description: Upload job accepted and queued for processing. content: application/json: schema: $ref: '#/components/schemas/BackupResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /configuration-hub/backups/uploads/{id}: get: operationId: getUploadedConfiguration security: - userAuth: - sp:config-backup:read - sp:config-backup:manage tags: - Configuration Hub summary: Get an uploaded configuration description: This API gets an existing uploaded configuration for the current tenant. parameters: - in: path name: id schema: type: string required: true description: The id of the uploaded configuration. example: 3d0fe04b-57df-4a46-a83b-8f04b0f9d10b responses: '200': description: Gets an uploaded configuration details. content: application/json: schema: $ref: '#/components/schemas/BackupResponse' example: jobId: 2ea830f3-2b14-4772-8a20-3d006742e419 status: COMPLETE type: BACKUP tenant: someTenant requesterName: support fileExists: true created: '2024-02-20T22:08:31.064Z' modified: '2024-02-20T22:13:15.662Z' completed: '2024-02-20T22:08:31.689Z' name: something new userCanDelete: false isPartial: false backupType: UPLOADED hydrationStatus: HYDRATED totalObjectCount: 2 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteUploadedConfiguration security: - userAuth: - sp:config-backup:manage tags: - Configuration Hub summary: Delete an uploaded configuration description: |- This API deletes an uploaded configuration based on Id. On success, this endpoint will return an empty response. The uploaded configuration id can be obtained from the response after a successful upload, or the list uploaded configurations endpoint. parameters: - in: path name: id schema: type: string required: true description: The id of the uploaded configuration. example: 3d0fe04b-57df-4a46-a83b-8f04b0f9d10b responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /connectors/{scriptName}: get: tags: - Connectors operationId: getConnector summary: Get connector by script name description: 'Fetches a connector that using its script name. ' parameters: - name: scriptName in: path description: The scriptName value of the connector. ScriptName is the unique id generated at connector creation. required: true x-sailpoint-resource-operation-id: getConnectorList style: simple explode: false schema: type: string example: aScriptName - in: query name: locale required: false schema: type: string enum: - de - 'no' - fi - sv - ru - pt - ko - zh-TW - en - it - fr - zh-CN - hu - es - cs - ja - pl - da - nl example: de description: The locale to apply to the config. If no viable locale is given, it will default to "en" responses: '200': description: A Connector Dto object content: application/json: schema: $ref: '#/components/schemas/ConnectorDetail' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:connector-config:read - idn:connector-config:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN delete: tags: - Connectors operationId: deleteCustomConnector summary: Delete connector by script name description: Delete a custom connector that using its script name. parameters: - name: scriptName in: path description: The scriptName value of the connector. ScriptName is the unique id generated at connector creation. required: true x-sailpoint-resource-operation-id: getConnectorList style: simple explode: false schema: type: string example: aScriptName responses: '204': $ref: '#/components/responses/204' description: The custom connector was successfully deleted. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:connector-config:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN patch: tags: - Connectors operationId: updateConnector summary: Update connector by script name description: | This API updates a custom connector by script name using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax. The following fields are patchable: * connectorMetadata * applicationXml * correlationConfigXml * sourceConfigXml parameters: - name: scriptName in: path description: The scriptName value of the connector. ScriptName is the unique id generated at connector creation. required: true x-sailpoint-resource-operation-id: getConnectorList style: simple explode: false schema: type: string example: aScriptName requestBody: required: true description: | A list of connector detail update operations content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' responses: '200': description: A updated Connector Dto object content: application/json: schema: $ref: '#/components/schemas/ConnectorDetail' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:connector-config:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN /connectors: get: tags: - Connectors operationId: getConnectorList summary: Get connector list description: Fetches list of connectors that have 'RELEASED' status using filtering and pagination. parameters: - in: query name: filters required: false schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **name**: *sw, co* **type**: *sw, co, eq* **directConnect**: *eq* **category**: *eq* **features**: *ca* **labels**: *ca* example: directConnect eq "true" - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: locale required: false schema: type: string enum: - de - 'no' - fi - sv - ru - pt - ko - zh-TW - en - it - fr - zh-CN - hu - es - cs - ja - pl - da - nl example: de description: The locale to apply to the config. If no viable locale is given, it will default to "en" responses: '200': description: A Connector Dto object content: application/json: schema: type: array items: $ref: '#/components/schemas/V3ConnectorDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:connector-config:read - idn:connector-config:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN post: tags: - Connectors operationId: createCustomConnector summary: Create custom connector description: 'Create custom connector. ' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/V3CreateConnectorDto' responses: '200': description: A Connector Dto object content: application/json: schema: $ref: '#/components/schemas/V3ConnectorDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:connector-config:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN /connectors/{scriptName}/source-config: get: tags: - Connectors operationId: getConnectorSourceConfig summary: Get connector source configuration description: 'Fetches a connector''s source config using its script name. ' parameters: - name: scriptName in: path description: The scriptName value of the connector. ScriptName is the unique id generated at connector creation. required: true x-sailpoint-resource-operation-id: getConnectorList style: simple explode: false schema: type: string example: aScriptName responses: '200': description: The connector's source template content: application/xml: schema: type: string '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:connector-config:read - idn:connector-config:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN put: tags: - Connectors operationId: putConnectorSourceConfig summary: Update connector source configuration description: 'Update a connector''s source config using its script name. ' parameters: - name: scriptName in: path description: The scriptName value of the connector. ScriptName is the unique id generated at connector creation. required: true x-sailpoint-resource-operation-id: getConnectorList style: simple explode: false schema: type: string example: aScriptName requestBody: required: true content: multipart/form-data: schema: type: object required: - file properties: file: type: string description: connector source config xml file format: binary responses: '200': description: The connector's update detail content: application/json: schema: $ref: '#/components/schemas/UpdateDetail' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:connector-config:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN /connectors/{scriptName}/translations/{locale}: get: tags: - Connectors operationId: getConnectorTranslations summary: Get connector translations description: 'Fetches a connector''s translations using its script name. ' parameters: - name: scriptName in: path description: The scriptName value of the connector. Scriptname is the unique id generated at connector creation. required: true x-sailpoint-resource-operation-id: getConnectorList style: simple explode: false schema: type: string example: aScriptName - name: locale in: path required: true schema: type: string enum: - de - 'no' - fi - sv - ru - pt - ko - zh-TW - en - it - fr - zh-CN - hu - es - cs - ja - pl - da - nl example: de description: The locale to apply to the config. If no viable locale is given, it will default to "en" responses: '200': description: The connector's translations content: text/plain: schema: type: string '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:connector-config:read - idn:connector-config:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN put: tags: - Connectors operationId: putConnectorTranslations summary: Update connector translations description: 'Update a connector''s translations using its script name. ' parameters: - name: scriptName in: path description: The scriptName value of the connector. Scriptname is the unique id generated at connector creation. required: true x-sailpoint-resource-operation-id: getConnectorList style: simple explode: false schema: type: string example: aScriptName - name: locale in: path required: true schema: type: string enum: - de - 'no' - fi - sv - ru - pt - ko - zh-TW - en - it - fr - zh-CN - hu - es - cs - ja - pl - da - nl example: de description: The locale to apply to the config. If no viable locale is given, it will default to "en" requestBody: required: true content: multipart/form-data: schema: type: object responses: '200': description: The connector's update detail content: application/json: schema: $ref: '#/components/schemas/UpdateDetail' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:connector-config:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN /connectors/{scriptName}/source-template: get: tags: - Connectors operationId: getConnectorSourceTemplate summary: Get connector source template description: 'Fetches a connector''s source template using its script name. ' parameters: - name: scriptName in: path description: The scriptName value of the connector. ScriptName is the unique id generated at connector creation. required: true x-sailpoint-resource-operation-id: getConnectorList style: simple explode: false schema: type: string example: aScriptName responses: '200': description: The connector's source template content: application/xml: schema: type: string '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:connector-config:read - idn:connector-config:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN put: tags: - Connectors operationId: putConnectorSourceTemplate summary: Update connector source template description: 'Update a connector''s source template using its script name. ' parameters: - name: scriptName in: path description: The scriptName value of the connector. ScriptName is the unique id generated at connector creation. required: true x-sailpoint-resource-operation-id: getConnectorList style: simple explode: false schema: type: string example: aScriptName requestBody: required: true content: multipart/form-data: schema: type: object required: - file properties: file: type: string description: connector source template xml file format: binary responses: '200': description: The connector's update detail content: application/json: schema: $ref: '#/components/schemas/UpdateDetail' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:connector-config:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN /identities/{identity-id}/set-lifecycle-state: post: operationId: setLifecycleState tags: - Lifecycle States summary: Set lifecycle state description: Use this API to set/update an identity's lifecycle state to the one provided and update the corresponding identity profile. security: - userAuth: - idn:identity-lifecycle-state:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: identity-id description: ID of the identity to update. required: true x-sailpoint-resource-operation-id: listIdentities example: 2c9180857893f1290178944561990364 schema: type: string requestBody: required: true content: application/json: schema: type: object properties: lifecycleStateId: type: string description: ID of the lifecycle state to set. example: 2c9180877a86e408017a8c19fefe046c responses: '200': description: The request was successfully accepted into the system. content: application/json: schema: type: object properties: accountActivityId: type: string example: 2c9180837ab5b716017ab7c6c9ef1e20 description: ID of the IdentityRequest object that is generated when the workflow launches. To follow the IdentityRequest, you can provide this ID with a [Get Account Activity request](https://developer.sailpoint.com/docs/api/v3/get-account-activity/). The response will contain relevant information about the IdentityRequest, such as its status. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /identity-profiles/{identity-profile-id}/lifecycle-states: get: operationId: getLifecycleStates tags: - Lifecycle States summary: Lists lifecyclestates description: 'Use this endpoint to list all lifecycle states by their associated identity profiles. ' security: - userAuth: - idn:identity-profile-lifecycle-state:read - applicationAuth: - idn:identity-profile-lifecycle-state:read x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: identity-profile-id description: Identity profile ID. required: true x-sailpoint-resource-operation-id: listIdentityProfiles schema: type: string example: 2b838de9-db9b-abcf-e646-d4f274ad4238 - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: sorters required: false schema: type: string format: comma-separated example: created,modified description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, priority, created, modified** responses: '200': description: List of LifecycleState objects. content: application/json: schema: type: array items: $ref: '#/components/schemas/LifecycleState' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createLifecycleState tags: - Lifecycle States summary: Create lifecycle state description: Use this endpoint to create a lifecycle state. security: - userAuth: - idn:identity-profile-lifecycle-state:manage - applicationAuth: - idn:identity-profile-lifecycle-state:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: identity-profile-id description: Identity profile ID. required: true x-sailpoint-resource-operation-id: listIdentityProfiles schema: type: string example: 2b838de9-db9b-abcf-e646-d4f274ad4238 requestBody: description: Lifecycle state to be created. required: true content: application/json: schema: $ref: '#/components/schemas/LifecycleState' responses: '201': description: Created LifecycleState object. content: application/json: schema: $ref: '#/components/schemas/LifecycleState' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /identity-profiles/{identity-profile-id}/lifecycle-states/{lifecycle-state-id}: get: operationId: getLifecycleState tags: - Lifecycle States summary: Get lifecycle state description: 'Use this endpoint to get a lifecycle state by its ID and its associated identity profile ID. ' security: - userAuth: - idn:identity-profile-lifecycle-state:read - applicationAuth: - idn:identity-profile-lifecycle-state:read x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: identity-profile-id description: Identity profile ID. required: true x-sailpoint-resource-operation-id: listIdentityProfiles schema: type: string example: 2b838de9-db9b-abcf-e646-d4f274ad4238 - in: path name: lifecycle-state-id description: Lifecycle state ID. required: true x-sailpoint-resource-operation-id: getLifecycleStates schema: type: string example: ef38f94347e94562b5bb8424a56397d8 responses: '200': description: The requested LifecycleState was successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/LifecycleState' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: updateLifecycleStates tags: - Lifecycle States summary: Update lifecycle state description: Use this endpoint to update individual lifecycle state fields, using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. security: - userAuth: - idn:identity-profile-lifecycle-state:manage - applicationAuth: - idn:identity-profile-lifecycle-state:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: identity-profile-id description: Identity profile ID. required: true x-sailpoint-resource-operation-id: listIdentityProfiles schema: type: string example: 2b838de9-db9b-abcf-e646-d4f274ad4238 - in: path name: lifecycle-state-id description: Lifecycle state ID. required: true x-sailpoint-resource-operation-id: getLifecycleStates schema: type: string example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true description: | A list of lifecycle state update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The following fields can be updated: * enabled * description * accountActions * accessProfileIds * emailNotificationOption content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /description value: Updated description! - op: replace path: /accessProfileIds value: - 2c918087742bab150174407a80f3125e - 2c918087742bab150174407a80f3124f - op: replace path: /accountActions value: - action: ENABLE sourceIds: - 2c9180846a2f82fb016a481c1b1560c5 - 2c9180846a2f82fb016a481c1b1560cc - action: DISABLE sourceIds: - 2c91808869a0c9980169a207258513fb - action: DELETE sourceIds: - 3c9180846a2f82fb016a481c1b1560c5 - 8n9180846a2f82fb016a481c1b1560cc excludeSourceIds: null allSources: false - op: replace path: /emailNotificationOption value: notifyManagers: true notifyAllAdmins: false notifySpecificUsers: false emailAddressList: [] responses: '200': description: The LifecycleState was successfully updated. content: application/json: schema: $ref: '#/components/schemas/LifecycleState' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteLifecycleState tags: - Lifecycle States summary: Delete lifecycle state description: 'Use this endpoint to delete the lifecycle state by its ID. ' security: - userAuth: - idn:identity-profile-lifecycle-state:manage - applicationAuth: - idn:identity-profile-lifecycle-state:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: identity-profile-id description: Identity profile ID. required: true x-sailpoint-resource-operation-id: listIdentityProfiles schema: type: string example: 2b838de9-db9b-abcf-e646-d4f274ad4238 - in: path name: lifecycle-state-id description: Lifecycle state ID. required: true x-sailpoint-resource-operation-id: getLifecycleStates schema: type: string example: ef38f94347e94562b5bb8424a56397d8 responses: '202': description: The request was successfully accepted into the system. content: application/json: schema: $ref: '#/components/schemas/LifecyclestateDeleted' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /identity-profiles: get: operationId: listIdentityProfiles tags: - Identity Profiles summary: List identity profiles description: Get a list of identity profiles, based on the specified query parameters. parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters required: false schema: type: string example: id eq "ef38f94347e94562b5bb8424a56397d8" description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, ne, ge, gt, in, le, sw* **name**: *eq, ne, ge, gt, in, le, sw* **priority**: *eq, ne* - in: query name: sorters required: false schema: type: string format: comma-separated example: id,name description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **id, name, priority, created, modified, owner.id, owner.name** responses: '200': description: List of identity profiles. content: application/json: schema: type: array items: $ref: '#/components/schemas/IdentityProfile' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:identity-profile:read - applicationAuth: - idn:identity-profile:read x-sailpoint-userLevels: - ORG_ADMIN post: operationId: createIdentityProfile summary: Create identity profile description: 'Creates an identity profile. ' tags: - Identity Profiles requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/IdentityProfile' responses: '201': description: Created identity profile. content: application/json: schema: $ref: '#/components/schemas/IdentityProfile' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:identity-profile:manage x-sailpoint-userLevels: - ORG_ADMIN /identity-profiles/bulk-delete: post: operationId: deleteIdentityProfiles tags: - Identity Profiles summary: Delete identity profiles description: |- This deletes multiple Identity Profiles via a list of supplied IDs. On success, this endpoint will return a reference to the bulk delete task result. The following rights are required to access this endpoint: idn:identity-profile:delete requestBody: description: Identity Profile bulk delete request body. required: true content: application/json: schema: $ref: '#/components/schemas/IdentityProfileBulkDelete' responses: '202': description: Accepted - Returns a TaskResult object referencing the bulk delete job created. content: application/json: schema: $ref: '#/components/schemas/TaskResultSimplified' description: An object with a TaskResult reference of the bulk delete job '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:identity-profile:manage x-sailpoint-userLevels: - ORG_ADMIN /identity-profiles/export: get: operationId: exportIdentityProfiles tags: - Identity Profiles summary: Export identity profiles description: This exports existing identity profiles in the format specified by the sp-config service. parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters required: false schema: type: string example: id eq "ef38f94347e94562b5bb8424a56397d8" description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, ne* **name**: *eq, ne* **priority**: *eq, ne* - in: query name: sorters required: false schema: type: string format: comma-separated example: id,name description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **id, name, priority** responses: '200': description: List of export objects with identity profiles. content: application/json: schema: type: array items: $ref: '#/components/schemas/IdentityProfileExportedObject' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:identity-profile:read - applicationAuth: - idn:identity-profile:read /identity-profiles/import: post: operationId: importIdentityProfiles summary: Import identity profiles description: This imports previously exported identity profiles. tags: - Identity Profiles requestBody: description: Previously exported Identity Profiles. required: true content: application/json: schema: type: array items: $ref: '#/components/schemas/IdentityProfileExportedObject' responses: '200': description: The result of importing Identity Profiles. content: application/json: schema: $ref: '#/components/schemas/ObjectImportResult' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:identity-profile:manage /identity-profiles/identity-preview: post: operationId: showIdentityPreview tags: - Identity Profiles summary: Generate identity profile preview description: |- Use this API to generate a non-persisted preview of the identity object after applying `IdentityAttributeConfig` sent in request body. This API only allows `accountAttribute`, `reference` and `rule` transform types in the `IdentityAttributeConfig` sent in the request body. requestBody: description: Identity Preview request body. required: true content: application/json: schema: $ref: '#/components/schemas/IdentityPreviewRequest' responses: '200': description: A preview of the identity attributes after applying identity attributes config sent in request body. content: application/json: schema: $ref: '#/components/schemas/IdentityPreviewResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:identity-profile:manage x-sailpoint-userLevels: - ORG_ADMIN /identity-profiles/{identity-profile-id}: get: operationId: getIdentityProfile tags: - Identity Profiles summary: Get identity profile description: Get a single identity profile by ID. parameters: - in: path name: identity-profile-id schema: type: string format: uuid required: true x-sailpoint-resource-operation-id: listIdentityProfiles description: Identity profile ID. example: 2b838de9-db9b-abcf-e646-d4f274ad4238 responses: '200': description: Identity profile object. content: application/json: schema: $ref: '#/components/schemas/IdentityProfile' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:identity-profile:read - applicationAuth: - idn:identity-profile:read x-sailpoint-userLevels: - ORG_ADMIN delete: operationId: deleteIdentityProfile tags: - Identity Profiles summary: Delete identity profile description: |- Delete an identity profile by ID. On success, this endpoint will return a reference to the bulk delete task result. parameters: - in: path name: identity-profile-id schema: type: string format: uuid required: true x-sailpoint-resource-operation-id: listIdentityProfiles description: Identity profile ID. example: ef38f94347e94562b5bb8424a56397d8 responses: '202': description: Accepted - Returns a TaskResult object referencing the bulk delete job created. content: application/json: schema: $ref: '#/components/schemas/TaskResultSimplified' description: An object with a TaskResult reference of the delete job. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:identity-profile:manage x-sailpoint-userLevels: - ORG_ADMIN patch: operationId: updateIdentityProfile tags: - Identity Profiles summary: Update identity profile description: |- Update a specified identity profile with this PATCH request. You cannot update these fields: * id * created * modified * identityCount * identityRefreshRequired * Authoritative Source and Identity Attribute Configuration cannot be modified at the same time. parameters: - in: path name: identity-profile-id schema: type: string format: uuid required: true x-sailpoint-resource-operation-id: listIdentityProfiles description: Identity profile ID. example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true description: List of identity profile update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' examples: add-attribute-transform: summary: Add an attribute transform value: - op: add path: /identityAttributeConfig/attributeTransforms/0 value: identityAttributeName: location transformDefinition: type: accountAttribute attributes: sourceName: Employees attributeName: location sourceId: 2c91808878b7d63b0178c66ffcdc4ce4 responses: '200': description: Updated identity profile. content: application/json: schema: $ref: '#/components/schemas/IdentityProfile' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:identity-profile:manage x-sailpoint-userLevels: - ORG_ADMIN /identity-profiles/{identity-profile-id}/default-identity-attribute-config: get: operationId: getDefaultIdentityAttributeConfig tags: - Identity Profiles summary: Get default identity attribute config description: This returns the default identity attribute config. parameters: - in: path name: identity-profile-id schema: type: string format: uuid required: true x-sailpoint-resource-operation-id: listIdentityProfiles description: The Identity Profile ID. example: 2b838de9-db9b-abcf-e646-d4f274ad4238 responses: '200': description: An Identity Attribute Config object. content: application/json: schema: $ref: '#/components/schemas/IdentityAttributeConfig' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:identity-profile:manage x-sailpoint-userLevels: - ORG_ADMIN /identity-profiles/{identity-profile-id}/process-identities: post: operationId: syncIdentityProfile tags: - Identity Profiles summary: Process identities under profile description: |- Process identities under the profile This operation should not be used to schedule your own identity processing or to perform system wide identity refreshes. The system will use a combination of [event-based processing](https://documentation.sailpoint.com/saas/help/setup/identity_processing.html?h=process#event-based-processing) and [scheduled processing](https://documentation.sailpoint.com/saas/help/setup/identity_processing.html?h=process#scheduled-processing) that runs every day at 8:00 AM and 8:00 PM in the tenant's timezone to keep your identities synchronized. This should only be run on identity profiles that have the `identityRefreshRequired` attribute set to `true`. If `identityRefreshRequired` is false, then there is no benefit to running this operation. Typically, this operation is performed when a change is made to the identity profile or its related lifecycle states that requires a refresh. This operation will perform the following activities on all identities under the identity profile. 1. Updates identity attribute according to the identity profile mappings. 2. Determines the identity's correct manager through manager correlation. 3. Updates the identity's access according to their assigned lifecycle state. 4. Updates the identity's access based on role assignment criteria. externalDocs: description: Learn more about manually processing identities here url: https://documentation.sailpoint.com/saas/help/setup/identity_processing.html parameters: - in: path name: identity-profile-id schema: type: string format: uuid required: true x-sailpoint-resource-operation-id: listIdentityProfiles description: The Identity Profile ID to be processed example: ef38f94347e94562b5bb8424a56397d8 responses: '202': description: Accepted status after refresh has launched $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:identity-profile:manage x-sailpoint-userLevels: - ORG_ADMIN /managed-clients: get: tags: - Managed Clients summary: Get managed clients description: List managed clients. operationId: getManagedClients parameters: - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq* **name**: *eq* **clientId**: *eq* **clusterId**: *eq* required: false example: name eq "client name" responses: '200': description: Response with a list of managed clients, based on the specified query parameters. content: application/json: schema: type: array items: $ref: '#/components/schemas/ManagedClient' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:remote-client:read - idn:remote-client:manage - applicationAuth: - idn:remote-client:read - idn:remote-client:manage x-sailpoint-userLevels: - ORG_ADMIN post: tags: - Managed Clients summary: Create managed client description: |- Create a new managed client. The API returns a result that includes the managed client ID. operationId: createManagedClient requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ManagedClientRequest' responses: '200': description: Created managed client. content: application/json: schema: $ref: '#/components/schemas/ManagedClient' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:remote-client:manage x-sailpoint-userLevels: - ORG_ADMIN /managed-clients/{id}: get: tags: - Managed Clients summary: Get managed client description: 'Get managed client by ID. ' operationId: getManagedClient parameters: - name: id in: path description: Managed client ID. required: true x-sailpoint-resource-operation-id: getManagedClients example: 4440278c-0ce2-41ee-a0a9-f5cfd5e8d3b7 schema: type: string responses: '200': description: Managed client response. content: application/json: schema: $ref: '#/components/schemas/ManagedClient' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:remote-client:read - idn:remote-client:manage - idn:managed-client-status:read - idn:managed-client-status:manage - applicationAuth: - idn:remote-client:read - idn:remote-client:manage - idn:managed-client-status:read - idn:managed-client-status:manage x-sailpoint-userLevels: - ORG_ADMIN patch: tags: - Managed Clients summary: Update managed client description: Update an existing managed client. operationId: updateManagedClient parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getManagedClients description: Managed client ID. example: 4440278c-0ce2-41ee-a0a9-f5cfd5e8d3b7 requestBody: required: true description: JSONPatch payload used to update the object. content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' responses: '200': description: Updated managed client. content: application/json: schema: $ref: '#/components/schemas/ManagedClient' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:remote-client:manage x-sailpoint-userLevels: - ORG_ADMIN delete: operationId: deleteManagedClient tags: - Managed Clients summary: Delete managed client description: Delete an existing managed client. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getManagedClients description: Managed client ID. example: 4440278c-0ce2-41ee-a0a9-f5cfd5e8d3b7 responses: '204': $ref: '#/components/responses/204' description: Managed client was successfully deleted. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:remote-client:manage x-sailpoint-userLevels: - ORG_ADMIN /managed-clients/{id}/status: get: tags: - Managed Clients summary: Get managed client status description: Get a managed client's status, using its ID. operationId: getManagedClientStatus parameters: - name: id in: path description: Managed client ID to get status for. required: true x-sailpoint-resource-operation-id: getManagedClients schema: type: string example: aClientId - name: type in: query description: Managed client type to get status for. required: true schema: $ref: '#/components/schemas/ManagedClientType' example: VA responses: '200': description: Response with the managed client status, with the given ID and type. content: application/json: schema: $ref: '#/components/schemas/ManagedClientStatus' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:managed-client-status:read - applicationAuth: - idn:managed-client-status:read /managed-clusters: get: tags: - Managed Clusters summary: Get managed clusters description: List current organization's managed clusters, based on request context. operationId: getManagedClusters parameters: - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **operational**: *eq* **name**: *eq* **type**: *eq* **status**: *eq* required: false example: operational eq "operation" responses: '200': description: Response with a list of managed clusters. content: application/json: schema: type: array items: $ref: '#/components/schemas/ManagedCluster' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:remote-client:read - idn:remote-client:manage x-sailpoint-userLevels: - ORG_ADMIN post: tags: - Managed Clusters summary: Create create managed cluster description: |- Create a new Managed Cluster. The API returns a result that includes the managed cluster ID. operationId: createManagedCluster requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ManagedClusterRequest' responses: '200': description: Created managed cluster. content: application/json: schema: $ref: '#/components/schemas/ManagedCluster' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:remote-client:manage x-sailpoint-userLevels: - ORG_ADMIN /managed-clusters/{id}: get: tags: - Managed Clusters summary: Get managed cluster description: Get a managed cluster by ID. operationId: getManagedCluster parameters: - name: id in: path description: Managed cluster ID. required: true x-sailpoint-resource-operation-id: getManagedClusters example: 2c9180897de347a2017de8859e8c5039 style: simple explode: false schema: type: string responses: '200': description: Response with managed cluster for the given ID. content: application/json: schema: $ref: '#/components/schemas/ManagedCluster' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:remote-client:read - idn:remote-client:manage x-sailpoint-userLevels: - ORG_ADMIN patch: tags: - Managed Clusters summary: Update managed cluster description: Update an existing managed cluster. operationId: updateManagedCluster parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getManagedClusters description: Managed cluster ID. example: 2c9180897de347a2017de8859e8c5039 requestBody: required: true description: JSONPatch payload used to update the object. content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' responses: '200': description: Updated managed cluster. content: application/json: schema: $ref: '#/components/schemas/ManagedCluster' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:remote-client:manage x-sailpoint-userLevels: - ORG_ADMIN delete: operationId: deleteManagedCluster tags: - Managed Clusters summary: Delete managed cluster description: Delete an existing managed cluster. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getManagedClusters description: Managed cluster ID. example: 2c9180897de347a2017de8859e8c5039 - in: query name: removeClients schema: type: boolean default: false required: false description: Flag to determine the need to delete a cluster with clients. example: false responses: '204': $ref: '#/components/responses/204' description: Managed cluster was successfully deleted. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:remote-client:manage x-sailpoint-userLevels: - ORG_ADMIN /managed-clusters/{id}/log-config: get: tags: - Managed Clusters summary: Get managed cluster log configuration description: Get a managed cluster's log configuration. operationId: getClientLogConfiguration parameters: - name: id in: path description: ID of managed cluster to get log configuration for. required: true x-sailpoint-resource-operation-id: getManagedClusters schema: type: string format: uuid example: 2b838de9-db9b-abcf-e646-d4f274ad4238 responses: '200': description: Log configuration of managed cluster for given cluster ID. content: application/json: schema: $ref: '#/components/schemas/ClientLogConfiguration' '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:remote-client:read - idn:remote-client:manage x-sailpoint-userLevels: - ORG_ADMIN put: tags: - Managed Clusters summary: Update managed cluster log configuration description: Update a managed cluster's log configuration. You may only specify one of `durationMinutes` or `expiration`, up to 1440 minutes (24 hours) in the future. If neither is specified, the default value for `durationMinutes` is 240. operationId: putClientLogConfiguration parameters: - name: id in: path description: ID of the managed cluster to update the log configuration for. required: true x-sailpoint-resource-operation-id: getManagedClusters schema: type: string format: uuid example: 2b838de9-db9b-abcf-e646-d4f274ad4238 requestBody: description: Client log configuration for the given managed cluster. content: application/json: schema: oneOf: - $ref: '#/components/schemas/ClientLogConfigurationDurationMinutes' - $ref: '#/components/schemas/ClientLogConfigurationExpiration' examples: Duration Minutes: $ref: '#/components/examples/client-log-configuration-duration-minutes' Expiration: $ref: '#/components/examples/client-log-configuration-expiration' required: true responses: '200': description: Response with updated client log configuration for the given managed cluster. content: application/json: schema: $ref: '#/components/schemas/ClientLogConfiguration' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:remote-client:manage x-sailpoint-userLevels: - ORG_ADMIN /mfa/okta-verify/config: get: operationId: getMFAOktaConfig tags: - MFA Configuration summary: Configuration of okta mfa method description: This API returns the configuration of an Okta MFA method. security: - userAuth: - idn:mfa-configuration:read - idn:mfa-configuration:manage x-sailpoint-userLevels: - ORG_ADMIN responses: '200': description: The configuration of an Okta MFA method. content: application/json: schema: $ref: '#/components/schemas/MfaOktaConfig' example: mfaMethod: okta-verify enabled: true host: www.example.com accessKey: d******Y identityAttribute: email '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: setMFAOktaConfig tags: - MFA Configuration summary: Set okta mfa configuration description: This API sets the configuration of an Okta MFA method. security: - userAuth: - idn:mfa-configuration:manage x-sailpoint-userLevels: - ORG_ADMIN requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/MfaOktaConfig' example: mfaMethod: okta-verify enabled: true host: www.example.com accessKey: dk778Y3QlA5UqocYpdU3rEkzrK2D497y identityAttribute: email responses: '200': description: MFA configuration of an Okta MFA method. content: application/json: schema: $ref: '#/components/schemas/MfaOktaConfig' example: mfaMethod: okta-verify enabled: true host: www.example.com accessKey: d******Y identityAttribute: email '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /mfa/duo-web/config: get: operationId: getMFADuoConfig tags: - MFA Configuration summary: Configuration of duo mfa method description: This API returns the configuration of an Duo MFA method. security: - userAuth: - idn:mfa-configuration:read - idn:mfa-configuration:manage x-sailpoint-userLevels: - ORG_ADMIN responses: '200': description: The configuration of an Duo MFA method. content: application/json: schema: $ref: '#/components/schemas/MfaDuoConfig' example: mfaMethod: duo-web enabled: true host: www.example.com accessKey: d******Y identityAttribute: email configProperties: skey: 6******B ikey: Q123WE45R6TY7890ZXCV '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: setMFADuoConfig tags: - MFA Configuration summary: Set duo mfa configuration description: This API sets the configuration of an Duo MFA method. security: - userAuth: - idn:mfa-configuration:manage x-sailpoint-userLevels: - ORG_ADMIN requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/MfaDuoConfig' example: mfaMethod: duo-web enabled: true host: www.example.com accessKey: qw123Y3QlA5UqocYpdU3rEkzrK2D497y identityAttribute: email configProperties: skey: 12q3WERlcUHWJmiMqyCXI3uOF7EaDJTbdeOp6E2B ikey: Q123WE45R6TY7890ZXCV responses: '200': description: MFA configuration of an Duo MFA method. content: application/json: schema: $ref: '#/components/schemas/MfaDuoConfig' example: mfaMethod: duo-web enabled: true host: www.example.com accessKey: q******y identityAttribute: email configProperties: skey: 1******B ikey: Q123WE45R6TY7890ZXCV '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /mfa/kba/config: get: operationId: getMFAKbaConfig tags: - MFA Configuration summary: Configuration of kba mfa method description: This API returns the KBA configuration for MFA. parameters: - in: query name: allLanguages required: false schema: type: boolean description: |- Indicator whether the question text should be returned in all configured languages * If true, the question text is returned in all languages that it is configured in. * If false, the question text is returned in the user locale if available, else for the default locale. * If not passed, it behaves the same way as passing this parameter as false example: allLanguages=true security: - userAuth: - idn:mfa-kba:read x-sailpoint-userLevels: - ORG_ADMIN - USER responses: '200': description: The configuration for KBA MFA method. content: application/json: schema: type: array items: $ref: '#/components/schemas/KbaQuestion' example: - id: 143cfd3b-c23f-426b-ae5f-d3db06fa5919 text: MFA new question -1 ? hasAnswer: false numAnswers: 0 - id: '173421' text: What is your alphanumeric PIN? hasAnswer: false numAnswers: 3 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /mfa/kba/config/answers: post: operationId: setMFAKBAConfig tags: - MFA Configuration summary: Set mfa kba configuration description: 'This API sets answers to challenge questions. Any configured questions omitted from the request are removed from user KBA configuration. ' requestBody: required: true content: application/json: schema: type: array items: $ref: '#/components/schemas/KbaAnswerRequestItem' example: - id: '173423' answer: 822cd15d6c15aa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a0859a2fea34 - id: c54fee53-2d63-4fc5-9259-3e93b9994135 answer: 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 security: - userAuth: - idn:mfa-kba:authenticate x-sailpoint-userLevels: - USER responses: '200': description: The new KBA configuration for the user. content: application/json: schema: type: array items: $ref: '#/components/schemas/KbaAnswerResponseItem' example: - id: 143cfd3b-c23f-426b-ae5f-d3db06fa5919 question: '[{"text":"Nouvelle question MFA -1 ?","locale":"fr"},{"text":"MFA new question -1 ?","locale":""}]' hasAnswer: false - id: '173421' question: '[{"text":"What is your alphanumeric PIN?","locale":""}]' hasAnswer: true - id: c54fee53-2d63-4fc5-9259-3e93b9994135 question: '[{"text":"Nouvelle question MFA - 2 ?","locale":"fr"},{"text":"MFA new question - 2 ?","locale":""}]' hasAnswer: true '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /mfa/{method}/test: get: operationId: testMFAConfig tags: - MFA Configuration summary: Mfa method's test configuration description: This API validates that the configuration is valid and will properly authenticate with the MFA provider identified by the method path parameter. security: - userAuth: - idn:mfa-configuration:read - idn:mfa-configuration:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: method schema: type: string example: okta-verify nullable: false enum: - okta-verify - duo-web required: true description: The name of the MFA method. The currently supported method names are 'okta-verify' and 'duo-web'. responses: '200': description: The result of configuration test for the MFA provider. content: application/json: schema: $ref: '#/components/schemas/MfaConfigTestResponse' example: state: SUCCESS error: null '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /mfa/{method}/delete: delete: operationId: deleteMFAConfig tags: - MFA Configuration summary: Delete mfa method configuration description: This API removes the configuration for the specified MFA method. security: - userAuth: - idn:mfa-configuration:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: method schema: type: string example: okta-verify nullable: false enum: - okta-verify - duo-web required: true description: The name of the MFA method. The currently supported method names are 'okta-verify' and 'duo-web'. responses: '200': description: MFA configuration of an MFA method. content: application/json: schema: $ref: '#/components/schemas/MfaOktaConfig' example: mfaMethod: okta-verify enabled: true host: www.example.com accessKey: d******Y identityAttribute: email '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /mfa/okta-verify/verify: post: operationId: sendOktaVerifyRequest tags: - MFA Controller summary: Verifying authentication via okta method description: This API Authenticates the user via Okta-Verify MFA method. Request requires a header called 'slpt-forwarding', and it must contain a remote IP Address of caller. security: - userAuth: - idn:mfa:verify requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/OktaVerificationRequest' example: userId: example@mail.com responses: '200': description: The status of verification request. content: application/json: schema: $ref: '#/components/schemas/VerificationResponse' example: requestId: 089899f13a8f4da7824996191587bab9 status: SUCCESS error: '' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /mfa/duo-web/verify: post: operationId: sendDuoVerifyRequest tags: - MFA Controller summary: Verifying authentication via duo method description: This API Authenticates the user via Duo-Web MFA method. security: - userAuth: - idn:mfa:verify requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/DuoVerificationRequest' example: userId: 2c9180947f0ef465017f215cbcfd004b signedResponse: AUTH|d2lsbC5hbGJpbnxESTZNMFpHSThKQVRWTVpZN0M5VXwxNzAxMjUzMDg5|f1f5f8ced5b340f3d303b05d0efa0e43b6a8f970:APP|d2lsbC5hbGJpbnxESTZNMFpHSThKQVRWTVpZN0M5VXwxNzAxMjU2NjE5|cb44cf44353f5127edcae31b1da0355f87357db2 responses: '200': description: The status of verification request. content: application/json: schema: $ref: '#/components/schemas/VerificationResponse' example: requestId: 089899f13a8f4da7824996191587bab9 status: SUCCESS error: '' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /mfa/{method}/poll: post: operationId: pingVerificationStatus tags: - MFA Controller summary: Polling mfa method by verificationpollrequest description: This API poll the VerificationPollRequest for the specified MFA method. security: - userAuth: - idn:mfa:poll x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: method schema: type: string example: okta-verify nullable: false enum: - okta-verify - duo-web - kba - token - rsa required: true description: The name of the MFA method. The currently supported method names are 'okta-verify', 'duo-web', 'kba','token', 'rsa' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/VerificationPollRequest' example: requestId: 089899f13a8f4da7824996191587bab9 responses: '200': description: MFA VerificationPollRequest status an MFA method. content: application/json: schema: $ref: '#/components/schemas/VerificationResponse' example: requestId: 089899f13a8f4da7824996191587bab9 status: PENDING error: '' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /mfa/kba/authenticate: post: operationId: sendKbaAnswers tags: - MFA Controller summary: Authenticate kba provided mfa method description: This API Authenticate user in KBA MFA method. security: - userAuth: - idn:mfa-kba:authenticate requestBody: required: true content: application/json: schema: type: array items: $ref: '#/components/schemas/KbaAnswerRequestItem' example: - id: '173423' answer: 822cd15d6c15aa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a0859a2fea34 - id: c54fee53-2d63-4fc5-9259-3e93b9994135 answer: 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 responses: '200': description: KBA authenticated status. content: application/json: schema: $ref: '#/components/schemas/KbaAuthResponse' example: kbaAuthResponseItem: - questionId: 089899f13a8f4da7824996191587bab9 IsVerified: false - questionId: 089899f13a8f4da7824996191587bda8 IsVerified: true status: PENDING '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /mfa/token/authenticate: post: operationId: sendTokenAuthRequest tags: - MFA Controller summary: Authenticate token provided mfa method description: This API Authenticate user in Token MFA method. security: - userAuth: - idn:mfa:verify requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/TokenAuthRequest' example: token: '12345' userAlias: will.albin deliveryType: EMAIL_WORK responses: '200': description: Token authenticated status. content: application/json: schema: $ref: '#/components/schemas/TokenAuthResponse' example: status: PENDING '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /mfa/token/send: post: operationId: createSendToken tags: - MFA Controller summary: Create and send user token description: This API send token request. security: - userAuth: - idn:mfa:send requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/SendTokenRequest' example: userAlias: will.albin deliveryType: EMAIL_WORK responses: '200': description: Token send status. content: application/json: schema: $ref: '#/components/schemas/SendTokenResponse' example: requestId: 089899f13a8f4da7824996191587bab9 status: SUCCESS errorMessage: '' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /non-employee-records: post: operationId: createNonEmployeeRecord tags: - Non-Employee Lifecycle Management summary: Create non-employee record description: |- This request will create a non-employee record. Requires role context of `idn:nesr:create` requestBody: description: Non-Employee record creation request body. required: true content: application/json: schema: $ref: '#/components/schemas/NonEmployeeRequestBody' responses: '200': description: Created non-employee record. content: application/json: schema: $ref: '#/components/schemas/NonEmployeeRecord' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:nelm:manage - applicationAuth: - idn:nelm:manage get: operationId: listNonEmployeeRecords security: - userAuth: - idn:nelm:read - applicationAuth: - idn:nelm:read tags: - Non-Employee Lifecycle Management summary: List non-employee records description: |- This gets a list of non-employee records. There are two contextual uses for this endpoint: 1. The user has the role context of `idn:nesr:read`, in which case they can get a list of all of the non-employees. 2. The user is an account manager, in which case they can get a list of the non-employees that they manage. parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: sorters required: false schema: type: string format: comma-separated example: accountName,sourceId description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **id, accountName, sourceId, manager, firstName, lastName, email, phone, startDate, endDate, created, modified** - in: query name: filters required: false schema: type: string example: sourceId eq "2c91808568c529c60168cca6f90c1313" description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **sourceId**: *eq* responses: '200': description: Non-Employee record objects content: application/json: schema: type: array items: $ref: '#/components/schemas/NonEmployeeRecord' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /non-employee-records/{id}: get: operationId: getNonEmployeeRecord tags: - Non-Employee Lifecycle Management summary: Get a non-employee record description: |- This gets a non-employee record. Requires role context of `idn:nesr:read` parameters: - in: path name: id description: Non-Employee record id (UUID) required: true x-sailpoint-resource-operation-id: listNonEmployeeRecords example: ef38f94347e94562b5bb8424a56397d8 schema: type: string responses: '200': description: Non-Employee record object content: application/json: schema: $ref: '#/components/schemas/NonEmployeeRecord' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:nelm:read - applicationAuth: - idn:nelm:read put: operationId: updateNonEmployeeRecord security: - userAuth: - idn:nelm:manage tags: - Non-Employee Lifecycle Management summary: Update non-employee record description: |- This request will update a non-employee record. There are two contextual uses for this endpoint: 1. The user has the role context of `idn:nesr:update`, in which case they update all available fields. 2. The user is owner of the source, in this case they can only update the end date. parameters: - in: path name: id description: Non-employee record id (UUID) example: ef38f94347e94562b5bb8424a56397d8 required: true x-sailpoint-resource-operation-id: listNonEmployeeRecords schema: type: string requestBody: description: Non-employee record creation request body. Attributes are restricted by user type. Owner of source can update end date. Organization admins can update all available fields. required: true content: application/json: schema: $ref: '#/components/schemas/NonEmployeeRequestBody' responses: '200': description: An updated non-employee record. content: application/json: schema: $ref: '#/components/schemas/NonEmployeeRecord' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: patchNonEmployeeRecord security: - userAuth: - idn:nelm:manage tags: - Non-Employee Lifecycle Management summary: Patch non-employee record description: |- This request will patch a non-employee record. There are two contextual uses for this endpoint: 1. The user has the role context of `idn:nesr:update`, in which case they update all available fields. 2. The user is owner of the source, in this case they can only update the end date. parameters: - in: path name: id description: Non-employee record id (UUID) example: ef38f94347e94562b5bb8424a56397d8 required: true x-sailpoint-resource-operation-id: listNonEmployeeRecords schema: type: string requestBody: description: A list of non-employee update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Attributes are restricted by user type. Owner of source can update end date. Organization admins can update all available fields. required: true content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /endDate value: '2019-08-23T18:40:35.772Z' responses: '200': description: A patched non-employee record. content: application/json: schema: $ref: '#/components/schemas/NonEmployeeRecord' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteNonEmployeeRecord tags: - Non-Employee Lifecycle Management summary: Delete non-employee record description: |- This request will delete a non-employee record. Requires role context of `idn:nesr:delete` parameters: - in: path name: id description: Non-Employee record id (UUID) example: ef38f94347e94562b5bb8424a56397d8 required: true x-sailpoint-resource-operation-id: listNonEmployeeRecords schema: type: string responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:nelm:manage - applicationAuth: - idn:nelm:manage /non-employee-records/bulk-delete: post: operationId: deleteNonEmployeeRecordsInBulk tags: - Non-Employee Lifecycle Management summary: Delete multiple non-employee records description: This request will delete multiple non-employee records based on the non-employee ids provided. Requires role context of `idn:nesr:delete` requestBody: description: Non-Employee bulk delete request body. required: true content: application/json: schema: type: object properties: ids: description: List of non-employee ids. type: array items: type: string format: uuid example: - 2b838de9-db9b-abcf-e646-d4f274ad4238 - 2d838de9-db9b-abcf-e646-d4f274ad4238 required: - ids responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:nelm:manage - applicationAuth: - idn:nelm:manage /non-employee-requests: post: operationId: createNonEmployeeRequest security: - userAuth: - idn:nelm:manage - applicationAuth: - idn:nelm:manage tags: - Non-Employee Lifecycle Management summary: Create non-employee request description: This request will create a non-employee request and notify the approver. Requires role context of `idn:nesr:create` or the user must own the source. requestBody: description: Non-Employee creation request body required: true content: application/json: schema: $ref: '#/components/schemas/NonEmployeeRequestBody' responses: '200': description: Non-Employee request creation object content: application/json: schema: $ref: '#/components/schemas/NonEmployeeRequest' '400': description: Client Error - Returned if the request body is invalid. content: application/json: schema: $ref: '#/components/schemas/ErrorResponseDto' examples: 400.1 Bad Request Content: description: Response for bad request content value: detailCode: 400.1 Bad Request Content trackingId: e7eab60924f64aa284175b9fa3309599 messages: - locale: en localeOrigin: REQUEST text: firstName is required; accountName is required; 400.1.409 Reference conflict: description: Response for reference conflict value: detailCode: 400.1.409 Reference conflict trackingId: e7eab60924f64aa284175b9fa3309599 messages: - locale: en localeOrigin: REQUEST text: Unable to create Non-Employee because the accountName "existed" is already being used. '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' get: operationId: listNonEmployeeRequests security: - userAuth: - idn:nelm:read - applicationAuth: - idn:nelm:read tags: - Non-Employee Lifecycle Management summary: List non-employee requests description: |- This gets a list of non-employee requests. There are two contextual uses for the `requested-for` path parameter: 1. The user has the role context of `idn:nesr:read`, in which case he or she may request a list non-employee requests assigned to a particular account manager by passing in that manager's id. 2. The current user is an account manager, in which case "me" should be provided as the `requested-for` value. This will provide the user with a list of the non-employee requests in the source(s) he or she manages. parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: requested-for required: true schema: type: string example: e136567de87e4d029e60b3c3c55db56d description: The identity for whom the request was made. *me* indicates the current user. - in: query name: sorters required: false schema: type: string format: comma-separated example: created,approvalStatus description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **created, approvalStatus, firstName, lastName, email, phone, accountName, startDate, endDate** - in: query name: filters required: false schema: type: string example: sourceId eq "2c91808568c529c60168cca6f90c1313" description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **sourceId**: *eq* responses: '200': description: List of non-employee request objects. content: application/json: schema: type: array items: $ref: '#/components/schemas/NonEmployeeRequest' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /non-employee-requests/{id}: get: operationId: getNonEmployeeRequest security: - userAuth: - idn:nelm:read - applicationAuth: - idn:nelm:read tags: - Non-Employee Lifecycle Management summary: Get a non-employee request description: |- This gets a non-employee request. There are two contextual uses for this endpoint: 1. The user has the role context of `idn:nesr:read`, in this case the user can get the non-employee request for any user. 2. The user must be the owner of the non-employee request. parameters: - in: path name: id description: Non-Employee request id (UUID) example: ac110005-7156-1150-8171-5b292e3e0084 required: true x-sailpoint-resource-operation-id: listNonEmployeeRequests schema: type: string responses: '200': description: Non-Employee request object. content: application/json: schema: $ref: '#/components/schemas/NonEmployeeRequest' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteNonEmployeeRequest tags: - Non-Employee Lifecycle Management summary: Delete non-employee request description: |- This request will delete a non-employee request. Requires role context of `idn:nesr:delete` parameters: - in: path name: id description: Non-Employee request id in the UUID format required: true x-sailpoint-resource-operation-id: listNonEmployeeRequests schema: type: string format: uuid example: ac110005-7156-1150-8171-5b292e3e0084 responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:nelm:manage - applicationAuth: - idn:nelm:manage /non-employee-requests/summary/{requested-for}: get: operationId: getNonEmployeeRequestSummary security: - userAuth: - idn:nelm:read - applicationAuth: - idn:nelm:read tags: - Non-Employee Lifecycle Management summary: Get summary of non-employee requests description: |- This request will retrieve a summary of non-employee requests. There are two contextual uses for the `requested-for` path parameter: 1. The user has the role context of `idn:nesr:read`, in which case he or she may request a summary of all non-employee approval requests assigned to a particular account manager by passing in that manager's id. 2. The current user is an account manager, in which case "me" should be provided as the `requested-for` value. This will provide the user with a summary of the non-employee requests in the source(s) he or she manages. parameters: - in: path name: requested-for description: The identity (UUID) of the non-employee account manager for whom the summary is being retrieved. Use "me" instead to indicate the current user. required: true x-sailpoint-resource-operation-id: listNonEmployeeRecords schema: type: string format: uuid (if user is Org Admin) example: 2c91808280430dfb0180431a59440460 responses: '200': description: Non-Employee request summary object. content: application/json: schema: $ref: '#/components/schemas/NonEmployeeRequestSummary' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /non-employee-sources: post: operationId: createNonEmployeeSource security: - userAuth: - idn:nelm:manage - applicationAuth: - idn:nelm:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - Non-Employee Lifecycle Management summary: Create non-employee source description: 'Create a non-employee source. ' requestBody: description: Non-Employee source creation request body. required: true content: application/json: schema: $ref: '#/components/schemas/NonEmployeeSourceRequestBody' responses: '200': description: Created non-employee source. content: application/json: schema: $ref: '#/components/schemas/NonEmployeeSourceWithCloudExternalId' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' get: operationId: listNonEmployeeSources security: - userAuth: - idn:nelm:read - applicationAuth: - idn:nelm:read x-sailpoint-userLevels: - ORG_ADMIN tags: - Non-Employee Lifecycle Management summary: List non-employee sources description: |- Get a list of non-employee sources. There are two contextual uses for the `requested-for` path parameter: 1. If the user has the role context of `idn:nesr:read`, he or she may request a list sources assigned to a particular account manager by passing in that manager's `id`. 2. If the current user is an account manager, the user should provide 'me' as the `requested-for` value. Doing so provide the user with a list of the sources he or she owns. parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: requested-for required: false schema: type: string example: me description: Identity the request was made for. Use 'me' to indicate the current user. - in: query name: non-employee-count required: false example: true schema: type: boolean default: false description: Flag that determines whether the API will return a non-employee count associated with the source. - in: query name: sorters required: false schema: type: string format: comma-separated example: name,created description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created, sourceId** responses: '200': description: List of non-employee sources objects. content: application/json: schema: type: array items: $ref: '#/components/schemas/NonEmployeeSourceWithNECount' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /non-employee-sources/{sourceId}: get: operationId: getNonEmployeeSource security: - userAuth: - idn:nelm:read - applicationAuth: - idn:nelm:read tags: - Non-Employee Lifecycle Management summary: Get a non-employee source description: |- This gets a non-employee source. There are two contextual uses for the requested-for path parameter: 1. The user has the role context of `idn:nesr:read`, in which case he or she may request any source. 2. The current user is an account manager, in which case the user can only request sources that they own. parameters: - in: path name: sourceId description: Source Id example: 2c91808b7c28b350017c2a2ec5790aa1 required: true x-sailpoint-resource-operation-id: listNonEmployeeSources schema: type: string responses: '200': description: Non-Employee source object. content: application/json: schema: $ref: '#/components/schemas/NonEmployeeSource' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: patchNonEmployeeSource tags: - Non-Employee Lifecycle Management summary: Patch a non-employee source description: 'patch a non-employee source. (partial update)
Patchable field: **name, description, approvers, accountManagers** Requires role context of `idn:nesr:update`.' parameters: - in: path name: sourceId description: Source Id required: true x-sailpoint-resource-operation-id: listNonEmployeeSources schema: type: string example: e136567de87e4d029e60b3c3c55db56d requestBody: description: A list of non-employee source update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. required: true content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /name value: new name: null - op: replace path: /approvers value: - 2c91809f703bb37a017040a2fe8748c7 - 48b1f463c9e8427db5a5071bd81914b8 responses: '200': description: A patched non-employee source object. content: application/json: schema: $ref: '#/components/schemas/NonEmployeeSource' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:nelm:manage - applicationAuth: - idn:nelm:manage delete: operationId: deleteNonEmployeeSource tags: - Non-Employee Lifecycle Management summary: Delete non-employee source description: This request will delete a non-employee source. Requires role context of `idn:nesr:delete`. parameters: - in: path name: sourceId description: Source Id required: true x-sailpoint-resource-operation-id: listNonEmployeeSources schema: type: string example: e136567de87e4d029e60b3c3c55db56d responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:nelm:manage - applicationAuth: - idn:nelm:manage /non-employee-sources/{id}/non-employees/download: get: operationId: exportNonEmployeeRecords tags: - Non-Employee Lifecycle Management summary: Exports non-employee records to csv description: This requests a CSV download for all non-employees from a provided source. Requires role context of `idn:nesr:read` parameters: - in: path name: id description: Source Id (UUID) required: true x-sailpoint-resource-operation-id: listNonEmployeeSources schema: type: string example: e136567de87e4d029e60b3c3c55db56d responses: '200': description: Exported CSV content: text/csv: example: | accountName,firstName,lastName,phone,email,manager,startDate,endDate Jon.Smith, Jon, Smith, 555-555-5555, jon@jon.doe.nope.com, Jim Smith, 2020-04-05T08:00:00-10:00,2020-08-07T19:00:00-10:00 William.Chaffin, William, Chaffin, 555-555-5555, william@chaffins.nope.com, Bertram Chaffin, 2020-04-05T08:00:00-10:00,2020-08-07T19:00:00-10:00 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:nelm:read - applicationAuth: - idn:nelm:read /non-employee-sources/{id}/non-employee-bulk-upload: post: operationId: importNonEmployeeRecordsInBulk security: - userAuth: - idn:nelm:manage - applicationAuth: - idn:nelm:manage tags: - Non-Employee Lifecycle Management summary: Imports, or updates, non-employee records description: This post will import, or update, Non-Employee records found in the CSV. Requires role context of `idn:nesr:create` parameters: - in: path name: id description: Source Id (UUID) required: true x-sailpoint-resource-operation-id: listNonEmployeeSources schema: type: string example: e136567de87e4d029e60b3c3c55db56d requestBody: content: multipart/form-data: schema: type: object properties: data: type: string format: binary required: - data responses: '202': description: The CSV was accepted to be bulk inserted now or at a later time. content: application/json: schema: $ref: '#/components/schemas/NonEmployeeBulkUploadJob' '400': description: | Client Error - Returned if the request body is invalid. The response body will contain the list of specific errors with one on each line. content: application/json: schema: $ref: '#/components/schemas/ErrorResponseDto' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /non-employee-sources/{id}/non-employee-bulk-upload/status: get: operationId: getNonEmployeeBulkUploadStatus tags: - Non-Employee Lifecycle Management summary: Obtain the status of bulk upload on the source description: | The nonEmployeeBulkUploadStatus API returns the status of the newest bulk upload job for the specified source. Requires role context of `idn:nesr:read` parameters: - in: path name: id description: Source ID (UUID) required: true x-sailpoint-resource-operation-id: listNonEmployeeSources schema: type: string example: e136567de87e4d029e60b3c3c55db56d responses: '200': description: Status of the newest bulk-upload job, if any. content: application/json: schema: $ref: '#/components/schemas/NonEmployeeBulkUploadStatus' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:nelm:read - applicationAuth: - idn:nelm:read /non-employee-sources/{id}/schema-attributes-template/download: get: operationId: exportNonEmployeeSourceSchemaTemplate tags: - Non-Employee Lifecycle Management summary: Exports source schema template description: This requests a download for the Source Schema Template for a provided source. Requires role context of `idn:nesr:read` parameters: - in: path name: id description: Source Id (UUID) required: true x-sailpoint-resource-operation-id: listNonEmployeeSources example: ef38f94347e94562b5bb8424a56397d8 schema: type: string responses: '200': description: Exported Source Schema Template content: text/csv: example: | accountName,firstName,lastName,phone,email,manager,startDate,endDate '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:nelm:read - applicationAuth: - idn:nelm:read /non-employee-approvals: get: operationId: listNonEmployeeApprovals security: - userAuth: - idn:nelm:read - applicationAuth: - idn:nelm:read tags: - Non-Employee Lifecycle Management summary: Get list of non-employee approval requests description: |- This gets a list of non-employee approval requests. There are two contextual uses for this endpoint: 1. The user has the role context of `idn:nesr:read`, in which case they can list the approvals for any approver. 2. The user owns the requested approval. parameters: - in: query name: requested-for schema: type: string description: The identity for whom the request was made. *me* indicates the current user. required: false example: 2c91808280430dfb0180431a59440460 - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **approvalStatus**: *eq* example: approvalStatus eq "Pending" required: false - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **created, modified** required: false example: created responses: '200': description: List of approval items. content: application/json: schema: type: array items: $ref: '#/components/schemas/NonEmployeeApprovalItem' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /non-employee-approvals/{id}: get: operationId: getNonEmployeeApproval security: - userAuth: - idn:nelm:read tags: - Non-Employee Lifecycle Management summary: Get a non-employee approval item detail description: |- Gets a non-employee approval item detail. There are two contextual uses for this endpoint: 1. The user has the role context of `idn:nesr:read`, in which case they can get any approval. 2. The user owns the requested approval. parameters: - in: path name: id description: Non-Employee approval item id (UUID) required: true x-sailpoint-resource-operation-id: listNonEmployeeApprovals schema: type: string example: e136567de87e4d029e60b3c3c55db56d - in: query name: include-detail description: The object nonEmployeeRequest will not be included detail when set to false. *Default value is true* required: false schema: type: boolean example: true responses: '200': description: Non-Employee approval item object. content: application/json: schema: $ref: '#/components/schemas/NonEmployeeApprovalItemDetail' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /non-employee-approvals/{id}/approve: post: operationId: approveNonEmployeeRequest security: - userAuth: - idn:nelm:manage tags: - Non-Employee Lifecycle Management summary: Approve a non-employee request description: Approves a non-employee approval request and notifies the next approver. The current user must be the requested approver. parameters: - in: path name: id description: Non-Employee approval item id (UUID) required: true x-sailpoint-resource-operation-id: listNonEmployeeApprovals schema: type: string example: e136567de87e4d029e60b3c3c55db56d requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/NonEmployeeApprovalDecision' responses: '200': description: Non-Employee approval item object. content: application/json: schema: $ref: '#/components/schemas/NonEmployeeApprovalItem' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /non-employee-approvals/{id}/reject: post: operationId: rejectNonEmployeeRequest security: - userAuth: - idn:nelm:manage tags: - Non-Employee Lifecycle Management summary: Reject a non-employee request description: This endpoint will reject an approval item request and notify user. The current user must be the requested approver. parameters: - in: path name: id description: Non-Employee approval item id (UUID) required: true x-sailpoint-resource-operation-id: listNonEmployeeApprovals schema: type: string example: e136567de87e4d029e60b3c3c55db56d requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/NonEmployeeRejectApprovalDecision' responses: '200': description: Non-Employee approval item object. content: application/json: schema: $ref: '#/components/schemas/NonEmployeeApprovalItem' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /non-employee-approvals/summary/{requested-for}: get: operationId: getNonEmployeeApprovalSummary security: - userAuth: - idn:nelm:read - applicationAuth: - idn:nelm:read tags: - Non-Employee Lifecycle Management summary: Get summary of non-employee approval requests description: |- This request will retrieve a summary of non-employee approval requests. There are two contextual uses for the `requested-for` path parameter: 1. The user has the role context of `idn:nesr:read`, in which case he or she may request a summary of all non-employee approval requests assigned to a particular approver by passing in that approver's id. 2. The current user is an approver, in which case "me" should be provided as the `requested-for` value. This will provide the approver with a summary of the approval items assigned to him or her. parameters: - in: path name: requested-for schema: type: string description: The identity (UUID) of the approver for whom for whom the summary is being retrieved. Use "me" instead to indicate the current user. required: true x-sailpoint-resource-operation-id: listIdentities example: 2c91808280430dfb0180431a59440460 responses: '200': description: summary of non-employee approval requests content: application/json: schema: $ref: '#/components/schemas/NonEmployeeApprovalSummary' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /non-employee-sources/{sourceId}/schema-attributes: get: operationId: getNonEmployeeSourceSchemaAttributes security: - userAuth: - idn:nelm:read - applicationAuth: - idn:nelm:read tags: - Non-Employee Lifecycle Management summary: List schema attributes non-employee source description: |- This API gets the list of schema attributes for the specified Non-Employee SourceId. There are 8 mandatory attributes added to each new Non-Employee Source automatically. Additionaly, user can add up to 10 custom attributes. This interface returns all the mandatory attributes followed by any custom attributes. At most, a total of 18 attributes will be returned. Requires role context of `idn:nesr:read` or the user must be an account manager of the source. parameters: - in: path name: sourceId schema: type: string required: true x-sailpoint-resource-operation-id: listNonEmployeeSources example: ef38f94347e94562b5bb8424a56397d8 description: The Source id responses: '200': description: A list of Schema Attributes content: application/json: schema: type: array items: $ref: '#/components/schemas/NonEmployeeSchemaAttribute' maxItems: 18 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createNonEmployeeSourceSchemaAttributes tags: - Non-Employee Lifecycle Management summary: Create a new schema attribute for non-employee source description: |- This API creates a new schema attribute for Non-Employee Source. The schema technical name must be unique in the source. Attempts to create a schema attribute with an existing name will result in a "400.1.409 Reference conflict" response. At most, 10 custom attributes can be created per schema. Attempts to create more than 10 will result in a "400.1.4 Limit violation" response. Requires role context of `idn:nesr:create` parameters: - in: path name: sourceId schema: type: string required: true x-sailpoint-resource-operation-id: listNonEmployeeSources description: The Source id example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/NonEmployeeSchemaAttributeBody' responses: '200': description: Schema Attribute created. content: application/json: schema: $ref: '#/components/schemas/NonEmployeeSchemaAttribute' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:nelm:manage - applicationAuth: - idn:nelm:manage delete: operationId: deleteNonEmployeeSourceSchemaAttributes tags: - Non-Employee Lifecycle Management summary: Delete all custom schema attributes for non-employee source description: This end-point deletes all custom schema attributes for a non-employee source. Requires role context of `idn:nesr:delete` parameters: - in: path name: sourceId schema: type: string required: true x-sailpoint-resource-operation-id: listNonEmployeeSources description: The Source id example: ef38f94347e94562b5bb8424a56397d8 responses: '204': $ref: '#/components/responses/204' description: All custon Schema Attributes were successfully deleted. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:nelm:manage - applicationAuth: - idn:nelm:manage /non-employee-sources/{sourceId}/schema-attributes/{attributeId}: get: operationId: getNonEmployeeSchemaAttribute security: - userAuth: - idn:nelm:read - applicationAuth: - idn:nelm:read tags: - Non-Employee Lifecycle Management summary: Get schema attribute non-employee source description: This API gets a schema attribute by Id for the specified Non-Employee SourceId. Requires role context of `idn:nesr:read` or the user must be an account manager of the source. parameters: - in: path name: attributeId schema: type: string required: true x-sailpoint-resource-operation-id: getNonEmployeeSourceSchemaAttributes example: ef38f94347e94562b5bb8424a56397d8 description: The Schema Attribute Id (UUID) - in: path name: sourceId schema: type: string required: true x-sailpoint-resource-operation-id: listNonEmployeeSources example: ef38f94347e94562b5bb8424a56397d8 description: The Source id responses: '200': description: The Schema Attribute content: application/json: schema: $ref: '#/components/schemas/NonEmployeeSchemaAttribute' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: patchNonEmployeeSchemaAttribute tags: - Non-Employee Lifecycle Management summary: Patch a schema attribute for non-employee source description: | This end-point patches a specific schema attribute for a non-employee SourceId. Requires role context of `idn:nesr:update` parameters: - in: path name: attributeId schema: type: string required: true x-sailpoint-resource-operation-id: getNonEmployeeSourceSchemaAttributes description: The Schema Attribute Id (UUID) example: ef38f94347e94562b5bb8424a56397d8 - in: path name: sourceId schema: type: string required: true x-sailpoint-resource-operation-id: listNonEmployeeSources description: The Source id example: ef38f94347e94562b5bb8424a56397d8 requestBody: description: A list of schema attribute update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The following properties are allowed for update ':' 'label', 'helpText', 'placeholder', 'required'. content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /label value: new attribute label: null required: true responses: '200': description: The Schema Attribute was successfully patched. content: application/json: schema: $ref: '#/components/schemas/NonEmployeeSchemaAttribute' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:nelm:manage - applicationAuth: - idn:nelm:manage delete: operationId: deleteNonEmployeeSchemaAttribute tags: - Non-Employee Lifecycle Management summary: Delete a schema attribute for non-employee source description: | This end-point deletes a specific schema attribute for a non-employee source. Requires role context of `idn:nesr:delete` parameters: - in: path name: attributeId schema: type: string required: true x-sailpoint-resource-operation-id: getNonEmployeeSourceSchemaAttributes description: The Schema Attribute Id (UUID) example: ef38f94347e94562b5bb8424a56397d8 - in: path name: sourceId schema: type: string required: true x-sailpoint-resource-operation-id: listNonEmployeeSources description: The Source id example: ef38f94347e94562b5bb8424a56397d8 responses: '204': $ref: '#/components/responses/204' description: The Schema Attribute was successfully deleted. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:nelm:manage - applicationAuth: - idn:nelm:manage /oauth-clients: get: operationId: listOauthClients security: - userAuth: - sp:oauth-client:read - sp:oauth-client:manage tags: - OAuth Clients summary: List oauth clients description: This gets a list of OAuth clients. parameters: - in: query name: filters required: false schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **lastUsed**: *le, isnull* example: lastUsed le 2023-02-05T10:59:27.214Z responses: '200': description: List of OAuth clients. content: application/json: schema: type: array items: $ref: '#/components/schemas/GetOAuthClientResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createOauthClient security: - userAuth: - sp:oauth-client:manage tags: - OAuth Clients summary: Create oauth client description: This creates an OAuth client. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CreateOAuthClientRequest' responses: '200': description: Request succeeded. content: application/json: schema: $ref: '#/components/schemas/CreateOAuthClientResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /oauth-clients/{id}: get: operationId: getOauthClient security: - userAuth: - sp:oauth-client:manage - sp:oauth-client:read - applicationAuth: - sp:oauth-client:manage - sp:oauth-client:read tags: - OAuth Clients summary: Get oauth client description: This gets details of an OAuth client. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listOauthClients description: The OAuth client id example: ef38f94347e94562b5bb8424a56397d8 responses: '200': description: Request succeeded. content: application/json: schema: $ref: '#/components/schemas/GetOAuthClientResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteOauthClient security: - userAuth: - sp:oauth-client:manage tags: - OAuth Clients summary: Delete oauth client description: This deletes an OAuth client. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listOauthClients description: The OAuth client id example: ef38f94347e94562b5bb8424a56397d8 responses: '204': description: No content. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: patchOauthClient security: - userAuth: - sp:oauth-client:manage tags: - OAuth Clients summary: Patch oauth client description: This performs a targeted update to the field(s) of an OAuth client. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listOauthClients description: The OAuth client id example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true description: | A list of OAuth client update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The following fields are patchable: * tenant * businessName * homepageUrl * name * description * accessTokenValiditySeconds * refreshTokenValiditySeconds * redirectUris * grantTypes * accessType * enabled * strongAuthSupported * claimsSupported content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /strongAuthSupported value: true - op: replace path: /businessName value: acme-solar responses: '200': description: Indicates the PATCH operation succeeded, and returns the OAuth client's new representation. content: application/json: schema: $ref: '#/components/schemas/GetOAuthClientResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /password-sync-groups: get: operationId: getPasswordSyncGroups tags: - Password Sync Groups summary: Get password sync group list description: This API returns a list of password sync groups. security: - userAuth: - idn:password-sync-group:read - idn:password-sync-group:manage - applicationAuth: - idn:password-sync-group:read - idn:password-sync-group:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' responses: '200': description: A list of password sync groups. content: application/json: schema: type: array items: $ref: '#/components/schemas/PasswordSyncGroup' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createPasswordSyncGroup tags: - Password Sync Groups summary: Create password sync group description: This API creates a password sync group based on the specifications provided. security: - userAuth: - idn:password-sync-group:manage x-sailpoint-userLevels: - ORG_ADMIN requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PasswordSyncGroup' example: name: Password Sync Group 2 passwordPolicyId: 2c91808d744ba0ce01746f93b6204501 sourceIds: - 2c918084660f45d6016617daa9210584 - 2c918084660f45d6016617daa9210500 responses: '200': description: Reference to the password sync group. content: application/json: schema: $ref: '#/components/schemas/PasswordSyncGroup' example: id: 6881f631-3bd5-4213-9c75-8e05cc3e35dd name: Password Sync Group 2 passwordPolicyId: 2c91808d744ba0ce01746f93b6204501 sourceIds: - 2c918084660f45d6016617daa9210584 - 2c918084660f45d6016617daa9210500 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /password-sync-groups/{id}: get: operationId: getPasswordSyncGroup tags: - Password Sync Groups summary: Get password sync group by id description: This API returns the sync group for the specified ID. security: - userAuth: - idn:password-sync-group:read - idn:password-sync-group:manage - applicationAuth: - idn:password-sync-group:read - idn:password-sync-group:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getPasswordSyncGroups description: The ID of password sync group to retrieve. example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd responses: '200': description: Reference to the password sync group. content: application/json: schema: $ref: '#/components/schemas/PasswordSyncGroup' example: id: 6881f631-3bd5-4213-9c75-8e05cc3e35dd name: Password Sync Group 1 passwordPolicyId: 2c91808d744ba0ce01746f93b6204501 sourceIds: - 2c918084660f45d6016617daa9210584 - 2c918084660f45d6016617daa9210500 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: updatePasswordSyncGroup tags: - Password Sync Groups summary: Update password sync group by id description: This API updates the specified password sync group. security: - userAuth: - idn:password-sync-group:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getPasswordSyncGroups description: The ID of password sync group to update. example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PasswordSyncGroup' example: id: 6881f631-3bd5-4213-9c75-8e05cc3e35dd name: Password Sync Group 2 passwordPolicyId: 2c91808d744ba0ce01746f93b6204501 sourceIds: - 2c918084660f45d6016617daa9210584 - 2c918084660f45d6016617daa9210500 responses: '200': description: Reference to the password sync group. content: application/json: schema: $ref: '#/components/schemas/PasswordSyncGroup' example: id: 6881f631-3bd5-4213-9c75-8e05cc3e35dd name: Password Sync Group 2 passwordPolicyId: 2c91808d744ba0ce01746f93b6204501 sourceIds: - 2c918084660f45d6016617daa9210584 - 2c918084660f45d6016617daa9210500 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deletePasswordSyncGroup tags: - Password Sync Groups summary: Delete password sync group by id description: This API deletes the specified password sync group. security: - userAuth: - idn:password-sync-group:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getPasswordSyncGroups description: The ID of password sync group to delete. example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /password-policies/{id}: get: operationId: getPasswordPolicyById tags: - Password Policies summary: Get password policy by id description: This API returns the password policy for the specified ID. security: - userAuth: - idn:password-policy:read - applicationAuth: - idn:password-policy:read x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listPasswordPolicies description: The ID of password policy to retrieve. example: ff808081838d9e9d01838da6a03e0005 responses: '200': description: Reference to the password policy. content: application/json: schema: $ref: '#/components/schemas/PasswordPolicyV3Dto' example: description: Default Password Policy id: 2c91808e7d976f3b017d9f5ceae440c8 name: Example PP dateCreated: 1639056206564 lastUpdated: 1662385430753 firstExpirationReminder: 90 accountIdMinWordLength: 3 accountNameMinWordLength: 3 maxLength: 0 maxRepeatedChars: 4 minAlpha: 1 minCharacterTypes: -1 minLength: 8 minLower: 0 minNumeric: 1 minSpecial: 0 minUpper: 0 passwordExpiration: 90 defaultPolicy: true enablePasswdExpiration: false requireStrongAuthn: false requireStrongAuthOffNetwork: false requireStrongAuthUntrustedGeographies: false useAccountAttributes: false useDictionary: false useIdentityAttributes: false validateAgainstAccountId: true validateAgainstAccountName: true sourceIds: - 2c91808382ffee0b01830de154f14034 - 2c91808582ffee0c01830de36511405f '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: setPasswordPolicy tags: - Password Policies summary: Update password policy by id description: This API updates the specified password policy. security: - userAuth: - idn:password-policy:write x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listPasswordPolicies description: The ID of password policy to update. example: ff808081838d9e9d01838da6a03e0007 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PasswordPolicyV3Dto' example: description: Password Policy after update. id: 2c91808e7d976f3b017d9f5ceae440c8 name: Improved Password Policy dateCreated: 1639056206564 lastUpdated: 1662385430753 firstExpirationReminder: 90 accountIdMinWordLength: 3 accountNameMinWordLength: 3 maxLength: 0 maxRepeatedChars: 4 minAlpha: 1 minCharacterTypes: -1 minLength: 8 minLower: 0 minNumeric: 1 minSpecial: 0 minUpper: 0 passwordExpiration: 90 defaultPolicy: false enablePasswdExpiration: false requireStrongAuthn: false requireStrongAuthOffNetwork: false requireStrongAuthUntrustedGeographies: false useAccountAttributes: false useDictionary: false useIdentityAttributes: false validateAgainstAccountId: true validateAgainstAccountName: true sourceIds: - 2c91808382ffee0b01830de154f14034 - 2c91808582ffee0c01830de36511405f responses: '200': description: Reference to the password policy. content: application/json: schema: $ref: '#/components/schemas/PasswordPolicyV3Dto' example: description: Password Policy after update. id: 2c91808e7d976f3b017d9f5ceae440c8 name: Improved Password Policy dateCreated: 1639056206564 lastUpdated: 1662385430753 firstExpirationReminder: 90 accountIdMinWordLength: 3 accountNameMinWordLength: 3 maxLength: 0 maxRepeatedChars: 4 minAlpha: 1 minCharacterTypes: -1 minLength: 8 minLower: 0 minNumeric: 1 minSpecial: 0 minUpper: 0 passwordExpiration: 90 defaultPolicy: false enablePasswdExpiration: false requireStrongAuthn: false requireStrongAuthOffNetwork: false requireStrongAuthUntrustedGeographies: false useAccountAttributes: false useDictionary: false useIdentityAttributes: false validateAgainstAccountId: true validateAgainstAccountName: true sourceIds: - 2c91808382ffee0b01830de154f14034 - 2c91808582ffee0c01830de36511405f '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deletePasswordPolicy tags: - Password Policies summary: Delete password policy by id description: This API deletes the specified password policy. security: - userAuth: - idn:password-policy:write x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listPasswordPolicies description: The ID of password policy to delete. example: ff808081838d9e9d01838da6a03e0002 responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /password-policies: post: operationId: createPasswordPolicy tags: - Password Policies summary: Create password policy description: This API creates the specified password policy. security: - userAuth: - idn:password-policy:write x-sailpoint-userLevels: - ORG_ADMIN requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PasswordPolicyV3Dto' example: description: New Password Policy with high requirements to password complexity. id: null name: High security Password Policy dateCreated: 1639056206564 lastUpdated: 1662385430753 firstExpirationReminder: 90 accountIdMinWordLength: 3 accountNameMinWordLength: 3 maxLength: 0 maxRepeatedChars: 4 minAlpha: 1 minCharacterTypes: -1 minLength: 8 minLower: 0 minNumeric: 1 minSpecial: 0 minUpper: 0 passwordExpiration: 90 defaultPolicy: false enablePasswdExpiration: false requireStrongAuthn: false requireStrongAuthOffNetwork: false requireStrongAuthUntrustedGeographies: false useAccountAttributes: false useDictionary: false useIdentityAttributes: false validateAgainstAccountId: true validateAgainstAccountName: true sourceIds: - 2c91808382ffee0b01830de154f14034 - 2c91808582ffee0c01830de36511405f responses: '200': description: Reference to the password policy. content: application/json: schema: $ref: '#/components/schemas/PasswordPolicyV3Dto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' get: operationId: listPasswordPolicies tags: - Password Policies summary: List password policies description: |- This gets list of all Password Policies. Requires role of ORG_ADMIN security: - userAuth: - idn:password-policy:read - applicationAuth: - idn:password-policy:read parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' responses: '200': description: List of all Password Policies. content: application/json: schema: type: array items: $ref: '#/components/schemas/PasswordPolicyV3Dto' example: - description: Example Password Policy id: 2c91808e7d976f3b017d9f5ceae440c8 name: Example PP dateCreated: 1639056206564 lastUpdated: 1662385430753 firstExpirationReminder: 90 accountIdMinWordLength: 3 accountNameMinWordLength: 3 maxLength: 0 maxRepeatedChars: 4 minAlpha: 1 minCharacterTypes: -1 minLength: 8 minLower: 0 minNumeric: 1 minSpecial: 0 minUpper: 0 passwordExpiration: 90 defaultPolicy: false enablePasswdExpiration: false requireStrongAuthn: false requireStrongAuthOffNetwork: false requireStrongAuthUntrustedGeographies: false useAccountAttributes: false useDictionary: false useIdentityAttributes: false validateAgainstAccountId: true validateAgainstAccountName: true sourceIds: - 2c91808382ffee0b01830de154f14034 - 2c91808582ffee0c01830de36511405f - description: null id: 2c91808780b8b8430180ff7a093f3bf2 name: Password Policy 1 test dateCreated: 1653553629503 lastUpdated: null firstExpirationReminder: null accountIdMinWordLength: -1 accountNameMinWordLength: -1 maxLength: 0 maxRepeatedChars: -1 minAlpha: 1 minCharacterTypes: -1 minLength: 8 minLower: 0 minNumeric: 1 minSpecial: 0 minUpper: 0 passwordExpiration: 90 defaultPolicy: false enablePasswdExpiration: false requireStrongAuthn: false requireStrongAuthOffNetwork: false requireStrongAuthUntrustedGeographies: false useAccountAttributes: false useDictionary: false useIdentityAttributes: true validateAgainstAccountId: false validateAgainstAccountName: false sourceIds: [] '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /personal-access-tokens: get: operationId: listPersonalAccessTokens security: - userAuth: - sp:my-personal-access-tokens:read - sp:my-personal-access-tokens:manage - sp:all-personal-access-tokens:read - sp:all-personal-access-tokens:manage tags: - Personal Access Tokens summary: List personal access tokens description: This gets a collection of personal access tokens associated with the optional `owner-id`. query parameter. If the `owner-id` query parameter is omitted, all personal access tokens for a tenant will be retrieved, but the caller must have the 'idn:all-personal-access-tokens:read' right. parameters: - in: query name: owner-id description: |- The identity ID of the owner whose personal access tokens should be listed. If "me", the caller should have the following right: 'idn:my-personal-access-tokens:read' If an actual owner ID or if the `owner-id` parameter is omitted in the request, the caller should have the following right: 'idn:all-personal-access-tokens:read'. If the caller has the following right, then managed personal access tokens associated with `owner-id` will be retrieved: 'idn:managed-personal-access-tokens:read' required: false schema: type: string default: null example: 2c9180867b50d088017b554662fb281e - in: query name: filters required: false schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **lastUsed**: *le, isnull* example: lastUsed le 2023-02-05T10:59:27.214Z responses: '200': description: List of personal access tokens. content: application/json: schema: type: array items: $ref: '#/components/schemas/GetPersonalAccessTokenResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createPersonalAccessToken security: - userAuth: - sp:my-personal-access-tokens:manage - sp:all-personal-access-tokens:manage tags: - Personal Access Tokens summary: Create personal access token description: This creates a personal access token. requestBody: description: Name and scope of personal access token. required: true content: application/json: schema: $ref: '#/components/schemas/CreatePersonalAccessTokenRequest' responses: '200': description: Created. Note - this is the only time Personal Access Tokens' secret attribute will be displayed. content: application/json: schema: $ref: '#/components/schemas/CreatePersonalAccessTokenResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /personal-access-tokens/{id}: patch: operationId: patchPersonalAccessToken security: - userAuth: - sp:my-personal-access-tokens:manage tags: - Personal Access Tokens summary: Patch personal access token description: |- This performs a targeted update to the field(s) of a Personal Access Token. Changing scopes for a Personal Access Token does not impact existing bearer tokens. You will need to create a new bearer token to have the new scopes. Please note that it can take up to 20 minutes for scope changes to be seen on new bearer tokens. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listPersonalAccessTokens description: The Personal Access Token id example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true description: | A list of OAuth client update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The following fields are patchable: * name * scope content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /name value: New name - op: replace path: /scope value: - sp:scopes:all responses: '200': description: Indicates the PATCH operation succeeded, and returns the PAT's new representation. content: application/json: schema: $ref: '#/components/schemas/GetPersonalAccessTokenResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deletePersonalAccessToken security: - userAuth: - sp:my-personal-access-tokens:manage - sp:all-personal-access-tokens:manage tags: - Personal Access Tokens summary: Delete personal access token description: This deletes a personal access token. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listPersonalAccessTokens description: The personal access token id example: ef38f94347e94562b5bb8424a56397d8 responses: '204': description: No content. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /public-identities: get: operationId: getPublicIdentities tags: - Public Identities summary: Get list of public identities description: Get a list of public identities. Set `add-core-filters` to `true` to exclude incomplete identities and uncorrelated accounts. security: - userAuth: - sp:scopes:default x-sailpoint-userLevels: - USER parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string required: false description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **alias**: *eq, sw* **email**: *eq, sw* **firstname**: *eq, sw* **lastname**: *eq, sw* example: firstname eq "John" - in: query name: add-core-filters description: |- If *true*, only get identities which satisfy ALL the following criteria in addition to any criteria specified by *filters*: - Should be either correlated or protected. - Should not be "spadmin" or "cloudadmin". - uid should not be null. - lastname should not be null. - email should not be null. required: false example: false schema: type: boolean default: false - in: query name: sorters schema: type: string format: comma-separated required: false description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name** example: name responses: '200': description: A list of public identity objects. content: application/json: schema: type: array items: $ref: '#/components/schemas/PublicIdentity' example: - id: 2c9180857182305e0171993735622948 name: Alison Ferguso alias: alison.ferguso email: alison.ferguso@acme-solar.com status: Active manager: type: IDENTITY id: 2c9180a46faadee4016fb4e018c20639 name: Thomas Edison attributes: - key: phone name: Phone value: '5125551234' - key: country name: Country value: US - id: 2c9180a46faadee4016fb4e018c20639 name: Thomas Edison alias: thomas.edison email: thomas.edison@acme-solar.com status: Active manager: type: IDENTITY id: 2c918086676d3e0601677611dbde220f name: Mister Manager attributes: - key: phone name: Phone value: '5125554321' - key: country name: Country value: US '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /public-identities-config: get: operationId: getPublicIdentityConfig tags: - Public Identities Config summary: Get the public identities configuration description: Returns the publicly visible attributes of an identity available to request approvers for Access Requests and Certification Campaigns. security: - userAuth: - idn:public-identity-config:read - idn:public-identity-config:manage x-sailpoint-userLevels: - ORG_ADMIN responses: '200': description: Request succeeded. content: application/json: schema: $ref: '#/components/schemas/PublicIdentityConfig' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: updatePublicIdentityConfig tags: - Public Identities Config summary: Update the public identities configuration description: Updates the publicly visible attributes of an identity available to request approvers for Access Requests and Certification Campaigns. security: - userAuth: - idn:public-identity-config:manage x-sailpoint-userLevels: - ORG_ADMIN requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PublicIdentityConfig' responses: '200': description: Request succeeded. content: application/json: schema: $ref: '#/components/schemas/PublicIdentityConfig' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /requestable-objects: get: operationId: listRequestableObjects tags: - Requestable Objects summary: Requestable objects list security: - userAuth: - idn:requestable-objects:read x-sailpoint-userLevels: - ORG_ADMIN description: |- Get a list of acccess items that can be requested through the [Access Request endpoints](https://developer.sailpoint.com/docs/api/v3/access-requests). Access items are marked with `AVAILABLE`, `PENDING` or `ASSIGNED` with respect to the identity provided using `identity-id` query parameter. This endpoint only lists roles and access profiles. For gathering requestable entitlements, the [Entitlements List API](https://developer.sailpoint.com/docs/api/v2025/list-entitlements) can be used with the segmented-for-identity parameter. Any authenticated token can call this endpoint to see their requestable access items. parameters: - in: query name: identity-id required: false schema: type: string example: e7eab60924f64aa284175b9fa3309599 description: |- If present, the value returns only requestable objects for the specified identity. * Admin users can call this with any identity ID value. * Non-admin users can only specify *me* or pass their own identity ID value. * If absent, returns a list of all requestable objects for the tenant. Only admin users can make such a call. In this case, the available, pending, assigned accesses will not be annotated in the result. - in: query name: types description: Filters the results to the specified type/types, where each type is one of `ROLE` or `ACCESS_PROFILE`. If absent, all types are returned. SailPoint may add support for additional types in the future without notice. required: false schema: type: array items: type: string enum: - ACCESS_PROFILE - ROLE description: Currently supported requestable object types. example: ACCESS_PROFILE,ROLE explode: false - in: query name: term required: false schema: type: string example: Finance Role description: Allows searching requestable access items with a partial match on the name or description. If `term` is provided, then the API will ignore the `filter` query parameter. - in: query name: statuses description: Filters the result to the specified status/statuses, where each status is one of `AVAILABLE`, `ASSIGNED`, or `PENDING`. Specifying this parameter without also specifying an `identity-id` parameter results in an error. SailPoint may add additional statuses in the future without notice. required: false schema: type: array items: $ref: '#/components/schemas/RequestableObjectRequestStatus' explode: false example: - ASSIGNED - PENDING - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string example: name sw "bob" description: | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, in, sw* required: false - in: query name: sorters schema: type: string format: comma-separated required: false example: name description: | Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name** responses: '200': description: List of requestable objects content: application/json: schema: type: array items: $ref: '#/components/schemas/RequestableObject' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /roles: get: operationId: listRoles tags: - Roles summary: List roles description: This API returns a list of Roles. parameters: - in: query name: for-subadmin schema: type: string description: If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity's ID. A 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin. example: 5168015d32f890ca15812c9180835d2e required: false - $ref: '#/components/parameters/limit50' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, sw* **created**: *gt, ge, le* **modified**: *lt, ge, le* **owner.id**: *eq, in* **requestable**: *eq* **dimensional**: *eq* example: requestable eq false required: false - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created, modified** example: name,-modified required: false - in: query name: for-segment-ids schema: type: string format: comma-separated description: |- If present and not empty, additionally filters Roles to those which are assigned to the Segment(s) with the specified IDs. If segmentation is currently unavailable, specifying this parameter results in an error. example: 0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d required: false - in: query name: include-unsegmented schema: type: boolean default: true description: Whether or not the response list should contain unsegmented Roles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error. example: false required: false responses: '200': description: List of Roles content: application/json: schema: type: array items: $ref: '#/components/schemas/Role' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:role-unchecked:read - idn:role-unchecked:manage - idn:role-checked:manage - idn:role-checked:read - applicationAuth: - idn:role-unchecked:read - idn:role-unchecked:manage - idn:role-checked:manage - idn:role-checked:read x-sailpoint-userLevels: - ORG_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN post: operationId: createRole tags: - Roles summary: Create a role description: |- This API creates a role. In addition, a ROLE_SUBADMIN may not create a role including an access profile if that access profile is associated with a source the ROLE_SUBADMIN is not associated with themselves. The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing roles. However, any new roles as well as any updates to existing descriptions will be limited to 2000 characters. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/Role' responses: '201': description: Role created content: application/json: schema: $ref: '#/components/schemas/Role' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:role-unchecked:manage - idn:role-checked:manage x-sailpoint-userLevels: - ORG_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN /roles/{id}: get: operationId: getRole tags: - Roles summary: Get role description: |- Get a role by ID. A user with ROLE_SUBADMIN authority may only call this API if all access profiles included in the role are associated to sources with management workgroups of the ROLE_SUBADMIN is a member of. parameters: - in: path name: id required: true x-sailpoint-resource-operation-id: listRoles schema: type: string description: Role ID. example: 2c91808a7813090a017814121e121518 responses: '200': description: List of all roles content: application/json: schema: $ref: '#/components/schemas/Role' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:role-unchecked:read - idn:role-unchecked:manage - idn:role-checked:manage - idn:role-checked:read - applicationAuth: - idn:role-unchecked:read - idn:role-unchecked:manage - idn:role-checked:manage - idn:role-checked:read x-sailpoint-userLevels: - ORG_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN patch: operationId: patchRole tags: - Roles summary: Patch role description: |- Update an existing role, using the [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax. The following fields are patchable: * name * description * enabled * owner * accessProfiles * entitlements * membership * requestable * accessRequestConfig * revokeRequestConfig * segments * accessModelMetadata A user with ROLE_SUBADMIN authority may only call this API if all access profiles included in the role are associated to sources with management workgroups of the ROLE_SUBADMIN is a member of. The maximum supported length for the description field is 2000 characters. ISC preserves longer descriptions for existing roles. However, any new roles as well as any updates to existing descriptions are limited to 2000 characters. When you use this API to modify a role's membership identities, you can only modify up to a limit of 500 membership identities at a time. parameters: - name: id in: path description: Role ID to patch required: true x-sailpoint-resource-operation-id: listRoles schema: type: string example: 2c91808a7813090a017814121e121518 requestBody: content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' examples: Make a Role Requestable and Enable it in One Call: description: This example shows how multiple fields may be updated with a single patch call. value: - op: replace path: /requestable value: true - op: replace path: /enabled value: true Assign a Role to a Segment: description: This example illustrates the use of patch to assign a role to a segment by adding the segment's ID to the role's segments array. value: - op: add path: /segments/- value: f7b1b8a3-5fed-4fd4-ad29-82014e137e19 Set the Membership Selection Criteria to a List of Identities: description: This example shows how to define a role's membershp by providing a list of identities, referenced by their IDs. value: - op: replace path: /membership value: type: IDENTITY_LIST identities: - id: 2c91808973fe906c0174262092014ed9 - id: 2c918086262092014ed94fb8a47612f3 Set the Membership Selection Criteria to a Standard Expression: description: This example shows how to define a role's membership, using `STANDARD` criteria. In this case, ISC will grant the role to all identities that have the *Engineering* attribute from the indicated source. value: - op: replace path: /membership value: type: STANDARD criteria: operation: OR children: - operation: EQUALS key: type: ENTITLEMENT property: attribute.memberOf sourceId: 2c9180887701fb2014213e122092014e stringValue: Engineering Add a New Clause as the Child of an Existing Standard Expression: description: This example shows how to add a child clause to an existing `STANDARD` criteria expression. value: - op: add path: /membership/criteria/children/- value: operation: ENDS_WITH key: type: IDENTITY property: attribute.email stringValue: '@identitynow.com' Assign a Access Model Metadata to a Role: description: This example shows how to assign existing metadata to a role. value: - op: add path: /accessModelMetadata/attributes/0 value: key: iscFederalClassifications values: - value: secret Add an Access Profile to a Role: description: This example shows how to add an access profile to a role. value: - op: add path: /accessProfiles/- value: id: 1de104e1f9024b1289b3a31e22d28cd1 type: ACCESS_PROFILE Add an Entitlement to a Role: description: This example shows how to add an entitlement to a role. value: - op: add path: /entitlements/- value: id: 0fb2f8051e48421b8f1f8a64aee3b205 type: ENTITLEMENT required: true responses: '200': description: Response with the updated role. content: application/json: schema: $ref: '#/components/schemas/Role' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:role-unchecked:manage - idn:role-checked:manage x-sailpoint-userLevels: - ORG_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN delete: operationId: deleteRole tags: - Roles summary: Delete role description: |- Delete a role by ID. A user with ROLE_SUBADMIN authority may only call this API if all access profiles included in the role are associated to sources with management workgroups the ROLE_SUBADMIN is a member of. parameters: - in: path name: id required: true x-sailpoint-resource-operation-id: listRoles schema: type: string description: Role ID. example: 2c91808a7813090a017814121e121518 responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:role-unchecked:manage - idn:role-checked:manage x-sailpoint-userLevels: - ORG_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN /roles/bulk-delete: post: operationId: deleteBulkRoles summary: Delete role(s) tags: - Roles description: |- This endpoint initiates a bulk deletion of one or more roles. When the request is successful, the endpoint returns the bulk delete's task result ID. To follow the task, you can use [Get Task Status by ID](https://developer.sailpoint.com/docs/api/beta/get-task-status), which will return the task result's status and information. This endpoint can only bulk delete up to a limit of 50 roles per request. A user with ROLE_SUBADMIN authority can only call this endpoint if all roles included in the request are associated with sources with management workgroups the ROLE_SUBADMIN is a member of. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/RoleBulkDeleteRequest' example: roleIds: - 2c91808876438bb2017668b91919ecca - 2c91808876438ba801766e129f151816 responses: '202': description: Returns an object with the id of the task performing the delete operation. content: application/json: schema: $ref: '#/components/schemas/TaskResultDto' example: type: TASK_RESULT id: 464ae7bf791e49fdb74606a2e4a89635 name: null '400': description: Client Error - Returned if the request body is invalid. content: application/json: schema: $ref: '#/components/schemas/ErrorResponseDto' examples: 400.1 Bad Request Content: description: Response for bad request content value: detailCode: 400.1 Bad Request Content trackingId: 1ea1adcb84da4dcb890145e05745774e messages: - locale: en-US localeOrigin: DEFAULT text: The request was syntactically correct but its content is semantically invalid. 400.1 Role ids limit violation: description: Role ids limit violation response value: detailCode: 400.1 Bad Request Content trackingId: 77aa89ac6f0e422dbc588866abc22be9 messages: - locale: en-US localeOrigin: DEFAULT text: roleIds count exceeded max limit of 50 for bulk-delete. 400.1.404 Referenced object not found: description: Referenced object not found response value: detailCode: 400.1.404 Referenced object not found trackingId: 77aa89ac6f0e422dbc588866abc22be9 messages: - locale: en-US localeOrigin: DEFAULT text: Referenced roleIds ["2c91808876438bb2017668b91919ecca"] was not found. '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:role-unchecked:manage - idn:role-checked:manage x-sailpoint-userLevels: - ORG_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN /roles/{id}/assigned-identities: get: operationId: getRoleAssignedIdentities tags: - Roles summary: List identities assigned a role parameters: - in: path name: id schema: type: string description: ID of the Role for which the assigned Identities are to be listed example: 2c91808a7813090a017814121e121518 required: true x-sailpoint-resource-operation-id: listRoles - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **aliasName**: *eq, sw* **email**: *eq, sw* **name**: *eq, sw, co* example: name sw Joe - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **id, name, aliasName, email** example: aliasName,name responses: '200': description: List of Identities assigned the Role content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleIdentity' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:role-unchecked:read - idn:role-unchecked:manage - idn:role-checked:manage - idn:role-checked:read - applicationAuth: - idn:role-unchecked:read - idn:role-unchecked:manage - idn:role-checked:manage - idn:role-checked:read /saved-searches: post: security: - userAuth: - sp:saved-search:manage tags: - Saved Search description: | Creates a new saved search. summary: Create a saved search operationId: createSavedSearch requestBody: description: The saved search to persist. content: application/json: schema: allOf: - $ref: '#/components/schemas/SavedSearchName' - $ref: '#/components/schemas/SavedSearchDetail' required: true responses: '201': description: The persisted saved search. content: application/json: schema: $ref: '#/components/schemas/SavedSearch' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' get: security: - userAuth: - sp:saved-search:read tags: - Saved Search description: | Returns a list of saved searches. summary: A list of saved searches operationId: listSavedSearches parameters: - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' - name: filters in: query schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **owner.id**: *eq* example: owner.id eq "7a724640-0c17-4ce9-a8c3-4a89738459c8" responses: '200': description: The list of requested saved searches. content: application/json: schema: type: array items: $ref: '#/components/schemas/SavedSearch' headers: X-Total-Count: description: The total result count (returned only if the *count* parameter is specified as *true*). schema: type: integer example: 5 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /saved-searches/{id}: put: tags: - Saved Search description: | Updates an existing saved search. >**NOTE: You cannot update the `owner` of the saved search.** summary: | Updates an existing saved search operationId: putSavedSearch parameters: - in: path name: id description: ID of the requested document. schema: type: string required: true example: 2c91808568c529c60168cca6f90c1313 x-sailpoint-resource-operation-id: listSavedSearches requestBody: description: The saved search to persist. content: application/json: schema: $ref: '#/components/schemas/SavedSearch' required: true responses: '200': description: The persisted saved search. content: application/json: schema: $ref: '#/components/schemas/SavedSearch' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:saved-search:manage get: tags: - Saved Search description: | Returns the specified saved search. summary: Return saved search by id operationId: getSavedSearch parameters: - in: path name: id description: ID of the requested document. schema: type: string required: true example: 2c91808568c529c60168cca6f90c1313 x-sailpoint-resource-operation-id: listSavedSearches responses: '200': description: The requested saved search. content: application/json: schema: $ref: '#/components/schemas/SavedSearch' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:saved-search:read delete: tags: - Saved Search description: | Deletes the specified saved search. summary: Delete document by id operationId: deleteSavedSearch parameters: - in: path name: id description: ID of the requested document. schema: type: string required: true example: 2c91808568c529c60168cca6f90c1313 x-sailpoint-resource-operation-id: listSavedSearches responses: '204': description: No Content - Indicates the request was successful but there is no content to be returned in the response. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:saved-search:manage /saved-searches/{id}/execute: post: tags: - Saved Search description: | Executes the specified saved search. summary: Execute a saved search by id operationId: executeSavedSearch parameters: - $ref: '#/components/parameters/id' requestBody: description: | When saved search execution is triggered by a scheduled search, *scheduleId* will specify the ID of the triggering scheduled search. If *scheduleId* is not specified (when execution is triggered by a UI test), the *owner* and *recipients* arguments must be provided. content: application/json: schema: $ref: '#/components/schemas/SearchArguments' examples: scheduled: $ref: '#/components/examples/execute-scheduled' test: $ref: '#/components/examples/execute-test' required: true responses: '202': description: Accepted - Returned if the request was successfully accepted into the system. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:saved-search:manage /scheduled-searches: post: tags: - Scheduled Search description: | Creates a new scheduled search. summary: Create a new scheduled search operationId: createScheduledSearch requestBody: description: The scheduled search to persist. content: application/json: schema: allOf: - $ref: '#/components/schemas/ScheduledSearchName' - $ref: '#/components/schemas/SearchSchedule' examples: Daily Search: description: A search that executes each day at a 9 AM value: savedSearchId: 9c620e13-cd33-4804-a13d-403bd7bcdbad schedule: type: DAILY hours: type: LIST values: - '9' recipients: - type: IDENTITY id: 2c9180867624cbd7017642d8c8c81f67 Weekly Search: description: A search that executes each week on select days and times value: savedSearchId: 9c620e13-cd33-4804-a13d-403bd7bcdbad schedule: type: WEEKLY days: type: LIST values: - MON - TUE - WED - THU - FRI - SAT - SUN hours: type: LIST values: - '9' recipients: - type: IDENTITY id: 2c9180867624cbd7017642d8c8c81f67 Monthly Search: description: A search that executes each month on select days and times value: savedSearchId: 9c620e13-cd33-4804-a13d-403bd7bcdbad schedule: type: MONTHLY days: type: LIST values: - '1' - '7' - '14' - L hours: type: LIST values: - '9' recipients: - type: IDENTITY id: 2c9180867624cbd7017642d8c8c81f67 Annual Search: description: A search that executes each year on the defined months, days, and times. value: savedSearchId: 9c620e13-cd33-4804-a13d-403bd7bcdbad schedule: type: ANNUALLY months: type: LIST values: - '1' interval: 3 days: type: LIST values: - '1' - '7' - '14' - L hours: type: LIST values: - '9' recipients: - type: IDENTITY id: 2c9180867624cbd7017642d8c8c81f67 Calendar Search: description: A search that executes on specific calendar days value: savedSearchId: 9c620e13-cd33-4804-a13d-403bd7bcdbad schedule: type: CALENDAR days: type: LIST values: - '2023-01-22' - '2023-02-22' hours: type: LIST values: - '9' recipients: - type: IDENTITY id: 2c9180867624cbd7017642d8c8c81f67 required: true responses: '201': description: The persisted scheduled search. content: application/json: schema: $ref: '#/components/schemas/ScheduledSearch' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:scheduled-search:manage get: tags: - Scheduled Search description: | Returns a list of scheduled searches. summary: List scheduled searches operationId: listScheduledSearch parameters: - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' - name: filters in: query schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **owner.id**: *eq* **savedSearchId**: *eq* example: savedSearchId eq "6cc0945d-9eeb-4948-9033-72d066e1153e" responses: '200': description: The list of requested scheduled searches. content: application/json: schema: type: array items: $ref: '#/components/schemas/ScheduledSearch' headers: X-Total-Count: description: The total result count (returned only if the *count* parameter is specified as *true*). schema: type: integer example: 5 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:scheduled-search:manage /scheduled-searches/{id}: put: tags: - Scheduled Search description: | Updates an existing scheduled search. summary: Update an existing scheduled search operationId: updateScheduledSearch parameters: - in: path name: id description: ID of the requested document. schema: type: string required: true example: 2c91808568c529c60168cca6f90c1313 x-sailpoint-resource-operation-id: listScheduledSearch requestBody: description: The scheduled search to persist. content: application/json: schema: $ref: '#/components/schemas/ScheduledSearch' required: true responses: '200': description: The persisted scheduled search. content: application/json: schema: $ref: '#/components/schemas/ScheduledSearch' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:scheduled-search:manage get: tags: - Scheduled Search description: Returns the specified scheduled search. summary: Get a scheduled search operationId: getScheduledSearch parameters: - in: path name: id description: ID of the requested document. schema: type: string required: true example: 2c91808568c529c60168cca6f90c1313 x-sailpoint-resource-operation-id: listScheduledSearch responses: '200': description: The requested scheduled search. content: application/json: schema: $ref: '#/components/schemas/ScheduledSearch' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: [] delete: tags: - Scheduled Search description: | Deletes the specified scheduled search. operationId: deleteScheduledSearch summary: Delete a scheduled search parameters: - in: path name: id description: ID of the requested document. schema: type: string required: true example: 2c91808568c529c60168cca6f90c1313 x-sailpoint-resource-operation-id: listScheduledSearch responses: '204': description: No Content - Indicates the request was successful but there is no content to be returned in the response. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:scheduled-search:manage /scheduled-searches/{id}/unsubscribe: post: tags: - Scheduled Search description: | Unsubscribes a recipient from the specified scheduled search. operationId: unsubscribeScheduledSearch summary: Unsubscribe a recipient from scheduled search parameters: - $ref: '#/components/parameters/id' requestBody: description: | The recipient to be removed from the scheduled search. content: application/json: schema: $ref: '#/components/schemas/TypedReference' required: true responses: '204': description: No Content - Indicates the request was successful but there is no content to be returned in the response. '400': $ref: '#/components/responses/400' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' /search: post: tags: - Search description: Perform a search with the provided query and return a matching result collection. To page past 10,000 records, you can use `searchAfter` paging. Refer to [Paginating Search Queries](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-search-queries) for more information about how to implement `searchAfter` paging. The search query itself has a size limitation of approximately 800 objects when filtering by large lists of IDs or values (e.g., using `terms` filters with extensive lists). externalDocs: description: Learn more about search. url: https://documentation.sailpoint.com/saas/help/search/index.html operationId: searchPost security: - userAuth: - sp:search:read - applicationAuth: - sp:search:read x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN - REPORT_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN - ROLE_ADMIN - ROLE_SUBADMIN - HELPDESK summary: Perform search parameters: - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/searchlimit' - $ref: '#/components/parameters/count' requestBody: content: application/json: schema: $ref: '#/components/schemas/Search' examples: accessProfiles: $ref: '#/components/examples/query-accessprofiles' accountActivities: $ref: '#/components/examples/query-accountactivities' entitlements: $ref: '#/components/examples/query-entitlements' events: $ref: '#/components/examples/query-events' identities: $ref: '#/components/examples/query-identities' roles: $ref: '#/components/examples/query-roles' query-fields: $ref: '#/components/examples/query-fields' query-timeZone: $ref: '#/components/examples/query-timeZone' query-innerHit: $ref: '#/components/examples/query-innerHit' typeAheadQuery: $ref: '#/components/examples/typeAheadQuery' typeAheadQuery-nestedType: $ref: '#/components/examples/typeAheadQuery-nestedType' filter-exists: $ref: '#/components/examples/filter-exists' filter-range: $ref: '#/components/examples/filter-range' filter-terms: $ref: '#/components/examples/filter-terms' required: true responses: '200': description: List of matching documents. content: application/json: schema: type: array items: $ref: '#/components/schemas/SearchDocuments' examples: accessProfiles: $ref: '#/components/examples/accessProfiles' accountActivities: $ref: '#/components/examples/accountActivities' entitlements: $ref: '#/components/examples/entitlements' events: $ref: '#/components/examples/events' identities: $ref: '#/components/examples/identities' roles: $ref: '#/components/examples/roles' query-fields: $ref: '#/components/examples/queryFields' query-timeZone: $ref: '#/components/examples/queryTimeZone' query-innerHit: $ref: '#/components/examples/queryInnerHit' typeAheadQuery: $ref: '#/components/examples/typeAheadQuery-2' typeAheadQuery-nestedType: $ref: '#/components/examples/typeAheadQueryNestedType' filter-exists: $ref: '#/components/examples/filterExists' filter-range: $ref: '#/components/examples/filterRange' filter-terms: $ref: '#/components/examples/filterTerms' headers: X-Total-Count: schema: type: integer description: The total result count (returned only if the *count* parameter is specified as *true*). example: 30 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /search/count: post: tags: - Search description: Performs a search with a provided query and returns the count of results in the X-Total-Count header. operationId: searchCount security: - userAuth: - sp:search:read - applicationAuth: - sp:search:read summary: Count documents satisfying a query requestBody: content: application/json: schema: $ref: '#/components/schemas/Search' examples: query-timeZone: $ref: '#/components/examples/query-timeZone' required: true responses: '204': description: No content - indicates the request was successful but there is no content to be returned in the response. headers: X-Total-Count: description: The total result count. schema: type: integer example: 5 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /search/aggregate: post: tags: - Search description: 'Performs a search query aggregation and returns the aggregation result. By default, you can page a maximum of 10,000 search result records. To page past 10,000 records, you can use searchAfter paging. Refer to [Paginating Search Queries](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-search-queries) for more information about how to implement searchAfter paging. ' operationId: searchAggregate security: - userAuth: - sp:search:read - applicationAuth: - sp:search:read summary: Perform a search query aggregation parameters: - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' requestBody: content: application/json: schema: $ref: '#/components/schemas/Search' examples: metricAggregation: $ref: '#/components/examples/metricAggregation' metricAggregation-dsl: $ref: '#/components/examples/metricAggregation-dsl' bucketAggregation: $ref: '#/components/examples/bucketAggregation' bucketAggregation-dsl: $ref: '#/components/examples/bucketAggregation-dsl' nestedAggregation-bucketAggregation: $ref: '#/components/examples/nestedAggregation-bucketAggregation' nestedAggregation-bucketAggregation-dsl: $ref: '#/components/examples/nestedAggregation-bucketAggregation-dsl' nestedAggregation-filterAggregation-bucketAggregation: $ref: '#/components/examples/nestedAggregation-filterAggregation-bucketAggregation' nestedAggregation-filterAggregation-bucketAggregation-dsl: $ref: '#/components/examples/nestedAggregation-filterAggregation-bucketAggregation-dsl' bucketAggregation-subAggregation: $ref: '#/components/examples/bucketAggregation-subAggregation' bucketAggregation-subAggregation-dsl: $ref: '#/components/examples/bucketAggregation-subAggregation-dsl' required: true responses: '200': description: Aggregation results. content: application/json: schema: $ref: '#/components/schemas/AggregationResult' text/csv: schema: $ref: '#/components/schemas/AggregationResult-csv' headers: X-Total-Count: description: The total result count (returned only if the *count* parameter is specified as *true*). schema: type: integer example: 5 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /search/{index}/{id}: get: tags: - Search description: Fetches a single document from the specified index, using the specified document ID. operationId: searchGet security: - userAuth: - sp:search:read - applicationAuth: - sp:search:read x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN - REPORT_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN - ROLE_ADMIN - ROLE_SUBADMIN - HELPDESK summary: Get a document by id parameters: - $ref: '#/components/parameters/index' - $ref: '#/components/parameters/id' responses: '200': description: The requested document. content: application/json: schema: $ref: '#/components/schemas/SearchDocument' examples: accessProfile: $ref: '#/components/examples/accessProfile' accountActivity: $ref: '#/components/examples/accountActivity' entitlement: $ref: '#/components/examples/entitlement' event: $ref: '#/components/examples/event' identity: $ref: '#/components/examples/identity' role: $ref: '#/components/examples/role' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /segments: post: operationId: createSegment security: - userAuth: - idn:segment:manage - applicationAuth: - idn:segment:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - Segments summary: Create segment description: |- This API creates a segment. >**Note:** Segment definitions may take time to propagate to all identities. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/Segment' responses: '201': description: Segment created content: application/json: schema: $ref: '#/components/schemas/Segment' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' get: operationId: listSegments security: - userAuth: - idn:segment:read - idn:segment:manage - applicationAuth: - idn:segment:read - idn:segment:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - Segments summary: List segments description: 'This API returns a list of all segments. ' parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' responses: '200': description: List of all segments content: application/json: schema: type: array items: $ref: '#/components/schemas/Segment' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /segments/{id}: get: operationId: getSegment security: - userAuth: - idn:segment:read - idn:segment:manage - applicationAuth: - idn:segment:read - idn:segment:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - Segments summary: Get segment by id description: This API returns the segment specified by the given ID. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSegments description: The segment ID to retrieve. example: ef38f94347e94562b5bb8424a56397d8 responses: '200': description: Segment content: application/json: schema: $ref: '#/components/schemas/Segment' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteSegment security: - userAuth: - idn:segment:manage - applicationAuth: - idn:segment:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - Segments summary: Delete segment by id description: |- This API deletes the segment specified by the given ID. >**Note:** that segment deletion may take some time to become effective. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSegments description: The segment ID to delete. example: ef38f94347e94562b5bb8424a56397d8 responses: '204': description: No content. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: patchSegment security: - userAuth: - idn:segment:manage - applicationAuth: - idn:segment:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - Segments summary: Update segment description: |- Use this API to update segment fields by using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. >**Note:** Changes to a segment may take some time to propagate to all identities. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSegments description: The segment ID to modify. example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true description: | A list of segment update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The following fields are patchable: * name * description * owner * visibilityCriteria * active content: application/json-patch+json: schema: type: array items: type: object examples: Set Visibility Criteria: description: Set the visibility criteria value: - op: replace path: /visibilityCriteria value: expression: operator: AND children: - operator: EQUALS attribute: location value: type: STRING value: Philadelphia - operator: EQUALS attribute: department value: type: STRING value: HR responses: '200': description: Indicates the PATCH operation succeeded, and returns the segment's new representation. content: application/json: schema: $ref: '#/components/schemas/Segment' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /service-desk-integrations: get: tags: - Service Desk Integration summary: List existing service desk integrations description: Get a list of Service Desk integration objects. operationId: getServiceDeskIntegrations parameters: - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - name: sorters in: query required: false style: form explode: true schema: type: string description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name** example: name - name: filters in: query required: false style: form explode: true schema: type: string format: comma-separated description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq* **type**: *eq, in* **cluster**: *eq, in* example: name eq "John Doe" - $ref: '#/components/parameters/count' responses: '200': description: List of ServiceDeskIntegrationDto content: application/json: schema: type: array items: $ref: '#/components/schemas/ServiceDeskIntegrationDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:service-desk-integration:read - idn:service-desk-integration:manage x-sailpoint-userLevels: - ORG_ADMIN post: tags: - Service Desk Integration summary: Create new service desk integration description: Create a new Service Desk integration. operationId: createServiceDeskIntegration requestBody: description: The specifics of a new integration to create content: application/json: schema: $ref: '#/components/schemas/ServiceDeskIntegrationDto' required: true responses: '200': description: Details of the created integration content: application/json: schema: $ref: '#/components/schemas/ServiceDeskIntegrationDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:service-desk-integration:manage x-sailpoint-userLevels: - ORG_ADMIN /service-desk-integrations/{id}: get: tags: - Service Desk Integration summary: Get a service desk integration description: Get an existing Service Desk integration by ID. operationId: getServiceDeskIntegration parameters: - name: id in: path description: ID of the Service Desk integration to get required: true x-sailpoint-resource-operation-id: getServiceDeskIntegrations style: simple explode: false schema: type: string example: anId responses: '200': description: ServiceDeskIntegrationDto with the given ID content: application/json: schema: $ref: '#/components/schemas/ServiceDeskIntegrationDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:service-desk-integration:read - idn:service-desk-integration:manage x-sailpoint-userLevels: - ORG_ADMIN put: tags: - Service Desk Integration summary: Update a service desk integration description: Update an existing Service Desk integration by ID. operationId: putServiceDeskIntegration parameters: - name: id in: path description: ID of the Service Desk integration to update required: true x-sailpoint-resource-operation-id: getServiceDeskIntegrations style: simple explode: false schema: type: string example: anId requestBody: description: The specifics of the integration to update content: application/json: schema: $ref: '#/components/schemas/ServiceDeskIntegrationDto' required: true responses: '200': description: ServiceDeskIntegrationDto as updated content: application/json: schema: $ref: '#/components/schemas/ServiceDeskIntegrationDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:service-desk-integration:manage x-sailpoint-userLevels: - ORG_ADMIN delete: tags: - Service Desk Integration summary: Delete a service desk integration description: Delete an existing Service Desk integration by ID. operationId: deleteServiceDeskIntegration parameters: - name: id in: path description: ID of Service Desk integration to delete required: true x-sailpoint-resource-operation-id: getServiceDeskIntegrations style: simple explode: false schema: type: string example: anId responses: '204': description: Service Desk integration with the given ID successfully deleted '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:service-desk-integration:manage x-sailpoint-userLevels: - ORG_ADMIN patch: operationId: patchServiceDeskIntegration tags: - Service Desk Integration summary: Patch a service desk integration description: Update an existing Service Desk integration by ID with a PATCH request. parameters: - name: id in: path description: ID of the Service Desk integration to update required: true x-sailpoint-resource-operation-id: getServiceDeskIntegrations style: simple explode: false schema: type: string example: anId requestBody: required: true description: | A list of SDIM update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Only `replace` operations are accepted by this endpoint. A 403 Forbidden Error indicates that a PATCH operation was attempted that is not allowed. content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /ownerRef value: id: 2c9180867d05b227017d09921a205b4d type: IDENTITY name: Angelo Medici responses: '200': description: ServiceDeskIntegrationDto as updated content: application/json: schema: $ref: '#/components/schemas/ServiceDeskIntegrationDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:service-desk-integration:manage x-sailpoint-userLevels: - ORG_ADMIN /service-desk-integrations/types: get: tags: - Service Desk Integration summary: List service desk integration types description: This API endpoint returns the current list of supported Service Desk integration types. operationId: getServiceDeskIntegrationTypes responses: '200': description: Responds with an array of the currently supported Service Desk integration types. content: application/json: schema: type: array items: $ref: '#/components/schemas/ServiceDeskIntegrationTemplateType' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:service-desk-integration:read - idn:service-desk-integration:manage x-sailpoint-userLevels: - ORG_ADMIN /service-desk-integrations/templates/{scriptName}: get: tags: - Service Desk Integration summary: Service desk integration template by scriptname description: This API endpoint returns an existing Service Desk integration template by scriptName. operationId: getServiceDeskIntegrationTemplate parameters: - name: scriptName in: path description: The scriptName value of the Service Desk integration template to get required: true x-sailpoint-resource-operation-id: getServiceDeskIntegrations style: simple explode: false schema: type: string example: aScriptName responses: '200': description: Responds with the ServiceDeskIntegrationTemplateDto with the specified scriptName. content: application/json: schema: $ref: '#/components/schemas/ServiceDeskIntegrationTemplateDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:service-desk-integration:read - idn:service-desk-integration:manage x-sailpoint-userLevels: - ORG_ADMIN /service-desk-integrations/status-check-configuration: get: tags: - Service Desk Integration summary: Get the time check configuration description: Get the time check configuration of queued SDIM tickets. operationId: getStatusCheckDetails responses: '200': description: QueuedCheckConfigDetails containing the configured values content: application/json: schema: $ref: '#/components/schemas/QueuedCheckConfigDetails' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:service-desk-integration:read - idn:service-desk-integration:manage x-sailpoint-userLevels: - ORG_ADMIN put: tags: - Service Desk Integration summary: Update the time check configuration description: Update the time check configuration of queued SDIM tickets. operationId: updateStatusCheckDetails requestBody: description: The modified time check configuration content: application/json: schema: $ref: '#/components/schemas/QueuedCheckConfigDetails' required: true responses: '200': description: QueuedCheckConfigDetails as updated content: application/json: schema: $ref: '#/components/schemas/QueuedCheckConfigDetails' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:service-desk-integration:manage x-sailpoint-userLevels: - ORG_ADMIN /query-password-info: post: operationId: queryPasswordInfo tags: - Password Management summary: Query password info security: - userAuth: - idn:password-info:read - applicationAuth: - idn:password-info:read description: | This API is used to query password related information. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PasswordInfoQueryDTO' responses: '200': description: Reference to the password info. content: application/json: schema: $ref: '#/components/schemas/PasswordInfo' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /set-password: post: operationId: setPassword tags: - Password Management summary: Set identity's password security: - userAuth: - idn:password-change:manage - applicationAuth: - idn:password-change:manage description: | This API is used to set a password for an identity. An identity can change their own password (as well as any of their accounts' passwords) if they use a token generated by their ISC user, such as a [personal access token](https://developer.sailpoint.com/idn/api/authentication#personal-access-tokens) or ["authorization_code" derived OAuth token](https://developer.sailpoint.com/idn/api/authentication#authorization-code-grant-flow). >**Note: If you want to set an identity's source account password, you must enable `PASSWORD` as one of the source's features. You can use the [PATCH Source endpoint](https://developer.sailpoint.com/docs/api/v3/update-source) to add the `PASSWORD` feature.** To generate the encryptedPassword (RSA encrypted using publicKey) for the request body, run the following command: ```bash echo -n "myPassword" | openssl pkeyutl -encrypt -inkey public_key.pem -pubin | base64 ``` In this example, myPassword is the plain text password being set and encrypted, and public_key.pem is the path to the public key file. You can retrieve the required publicKey, along with other information like identityId, sourceId, publicKeyId, accounts, and policies, using the Query Password Info endpoint. To successfully run this command, you must have OpenSSL installed on your machine. If OpenSSL is unavailable, consider using the Virtual Appliance (VA), which has OpenSSL pre-installed and configured. If you are using a Windows machine, refer to this [guide](https://tecadmin.net/install-openssl-on-windows/) for instructions on installing OpenSSL. You can then use [Get Password Change Request Status](https://developer.sailpoint.com/idn/api/v3/get-password-change-status) to check the password change request status. To do so, you must provide the `requestId` from your earlier request to set the password. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PasswordChangeRequest' responses: '202': description: Reference to the password change. content: application/json: schema: $ref: '#/components/schemas/PasswordChangeResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /password-change-status/{id}: get: operationId: getPasswordChangeStatus tags: - Password Management summary: Get password change request status security: - userAuth: - idn:password-change:read - applicationAuth: - idn:password-change:read x-sailpoint-userLevels: - ORG_ADMIN description: This API returns the status of a password change request. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: setPassword example: 089899f13a8f4da7824996191587bab9 description: Password change request ID responses: '200': description: Status of the password change request content: application/json: schema: $ref: '#/components/schemas/PasswordStatus' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /password-dictionary: get: operationId: getPasswordDictionary tags: - Password Dictionary summary: Get password dictionary description: |- This gets password dictionary for the organization. The password dictionary file can contain lines that are: 1. comment lines - the first character is '#', can be 128 Unicode codepoints in length, and are ignored during processing 2. empty lines 3. locale line - the first line that starts with "locale=" is considered to be locale line, the rest are treated as normal content lines 4. line containing the password dictionary word - it must start with non-whitespace character and only non-whitespace characters are allowed; maximum length of the line is 128 Unicode codepoints Password dictionary file may not contain more than 2,500 lines (not counting whitespace lines, comment lines and locale line). Password dict file must contain UTF-8 characters only. # Sample password text file ``` # Password dictionary small test file locale=en_US # Password dictionary prohibited words qwerty abcd aaaaa password qazxsws ``` security: - userAuth: - idn:password-dictionary:read - idn:password-dictionary:manage x-sailpoint-userLevels: - ORG_ADMIN responses: '200': description: A password dictionary response content: text/plain: schema: type: string '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: putPasswordDictionary tags: - Password Dictionary summary: Update password dictionary description: |- This updates password dictionary for the organization. The password dictionary file can contain lines that are: 1. comment lines - the first character is '#', can be 128 Unicode codepoints in length, and are ignored during processing 2. empty lines 3. locale line - the first line that starts with "locale=" is considered to be locale line, the rest are treated as normal content lines 4. line containing the password dictionary word - it must start with non-whitespace character and only non-whitespace characters are allowed; maximum length of the line is 128 Unicode codepoints Password dictionary file may not contain more than 2,500 lines (not counting whitespace lines, comment lines and locale line). Password dict file must contain UTF-8 characters only. # Sample password text file ``` # Password dictionary small test file locale=en_US # Password dictionary prohibited words qwerty abcd aaaaa password qazxsws ``` security: - userAuth: - idn:password-dictionary:manage x-sailpoint-userLevels: - ORG_ADMIN requestBody: required: true description: The password dictionary file to be uploaded. content: multipart/form-data: schema: type: object properties: file: type: string format: binary responses: '200': description: Successfully updated. '201': description: Created. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /password-org-config: get: operationId: getPasswordOrgConfig tags: - Password Configuration summary: Get password org config description: This API returns the password org config . Requires ORG_ADMIN, API role or authorization scope of 'idn:password-org-config:read' security: - userAuth: - idn:password-org-config:read - applicationAuth: - idn:password-org-config:read responses: '200': description: Reference to the password org config. content: application/json: schema: $ref: '#/components/schemas/PasswordOrgConfig' example: customInstructionsEnabled: true digitTokenDurationMinutes: 9 digitTokenEnabled: false digitTokenLength: 6 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: putPasswordOrgConfig tags: - Password Configuration summary: Update password org config description: |- This API updates the password org config for specified fields. Other fields will keep original value. You must set the `customInstructionsEnabled` field to "true" to be able to use custom password instructions. Requires ORG_ADMIN, API role or authorization scope of 'idn:password-org-config:write' security: - userAuth: - idn:password-org-config:manage - applicationAuth: - idn:password-org-config:manage requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PasswordOrgConfig' example: digitTokenEnabled: true digitTokenDurationMinutes: 12 responses: '200': description: Reference to the password org config. content: application/json: schema: $ref: '#/components/schemas/PasswordOrgConfig' example: customInstructionsEnabled: true digitTokenDurationMinutes: 12 digitTokenEnabled: true digitTokenLength: 6 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createPasswordOrgConfig tags: - Password Configuration summary: Create password org config description: |- This API creates the password org config. Unspecified fields will use default value. To be able to use the custom password instructions, you must set the `customInstructionsEnabled` field to "true". Requires ORG_ADMIN, API role or authorization scope of 'idn:password-org-config:write' security: - userAuth: - idn:password-org-config:manage - applicationAuth: - idn:password-org-config:manage requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PasswordOrgConfig' example: customInstructionsEnabled: true digitTokenEnabled: true digitTokenDurationMinutes: 12 digitTokenLength: 9 responses: '200': description: Reference to the password org config. content: application/json: schema: $ref: '#/components/schemas/PasswordOrgConfig' example: customInstructionsEnabled: true digitTokenDurationMinutes: 9 digitTokenEnabled: true digitTokenLength: 12 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /reports/{taskResultId}/result: get: tags: - Reports Data Extraction description: Get the report results for a report that was run or is running. Returns empty report result in case there are no active task definitions with used in payload task definition name. operationId: getReportResult summary: Get report result security: - userAuth: - sp:report:read - sp:report:manage - applicationAuth: - sp:report:read - sp:report:manage parameters: - in: path name: taskResultId schema: type: string required: true x-sailpoint-resource-operation-id: startReport description: Unique identifier of the task result which handled report example: ef38f94347e94562b5bb8424a56397d8 - in: query name: completed schema: type: boolean default: false required: false description: state of task result to apply ordering when results are fetching from the DB example: true responses: '200': description: Details about report that was run or is running. content: application/json: schema: $ref: '#/components/schemas/ReportResults' examples: identityDetailsReport: $ref: '#/components/examples/identities-details-report-results' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /reports/run: post: tags: - Reports Data Extraction description: Use this API to run a report according to report input details. If non-concurrent task is already running then it returns, otherwise new task creates and returns. operationId: startReport summary: Run report security: - userAuth: - sp:report:manage - applicationAuth: - sp:report:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN - REPORT_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN requestBody: content: application/json: schema: $ref: '#/components/schemas/ReportDetails' examples: Account Export Report: $ref: '#/components/examples/account-export-report-details' Identities Details Report: $ref: '#/components/examples/identities-details-report-details' Identities Report: $ref: '#/components/examples/identities-report-details' Identity Profile Identity Error Report: $ref: '#/components/examples/identity-profile-identity-error-report-details' Orphan Identities Report: $ref: '#/components/examples/orphan-identities-report-details' Search Export Report: $ref: '#/components/examples/search-export-report-details' Uncorrelated Accounts Report: $ref: '#/components/examples/uncorrelated-accounts-report-details' required: true responses: '200': description: Details about running report task. content: application/json: schema: $ref: '#/components/schemas/TaskResultDetails' examples: identityDetailsReport: $ref: '#/components/examples/identities-details-report-task-result' searchExportReport: $ref: '#/components/examples/search-export-report-task-result' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /reports/{id}/cancel: post: tags: - Reports Data Extraction description: Cancels a running report. operationId: cancelReport summary: Cancel report security: - userAuth: - sp:report:manage parameters: - name: id in: path description: ID of the running Report to cancel required: true x-sailpoint-resource-operation-id: startReport style: simple explode: false schema: type: string example: a1ed223247144cc29d23c632624b4767 responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /reports/{taskResultId}: get: tags: - Reports Data Extraction description: Gets a report in file format. operationId: getReport summary: Get report file security: - userAuth: - sp:report:read - sp:report:manage - applicationAuth: - sp:report:read - sp:report:manage parameters: - in: path name: taskResultId schema: type: string required: true x-sailpoint-resource-operation-id: startReport description: Unique identifier of the task result which handled report example: ef38f94347e94562b5bb8424a56397d8 - in: query name: fileFormat schema: type: string enum: - csv - pdf required: true description: Output format of the requested report file example: csv - in: query name: name required: false schema: type: string example: Identities Details Report description: preferred Report file name, by default will be used report name from task result. - in: query name: auditable required: false schema: type: boolean default: false example: true description: Enables auditing for current report download. Will create an audit event and sent it to the REPORT cloud-audit kafka topic. Event will be created if there is any result present by requested taskResultId. responses: '200': description: Report file in selected format. CSV by default. content: application/csv: schema: type: string format: binary application/pdf: schema: type: string format: binary headers: Content-disposition: description: The requested report's filename schema: type: string example: attachment;filename=\"fileName" '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': description: Not Found - returned if the request URL refers to a resource or object that does not exist content: application/json: schema: $ref: '#/components/schemas/ErrorResponseDto' examples: '404': summary: An example of a 404 response object value: detailCode: 404 Not found trackingId: b21b1f7ce4da4d639f2c62a57171b427 messages: - locale: en-US localeOrigin: DEFAULT text:

File Not Found - 404 Error

The requested file was not found. '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sod-policies: post: security: - userAuth: - idn:sod-policy:manage operationId: createSodPolicy tags: - SOD Policies summary: Create sod policy description: |- This creates both General and Conflicting Access Based policy, with a limit of 50 entitlements for each (left & right) criteria for Conflicting Access Based SOD policy. Requires role of ORG_ADMIN. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/SodPolicyRequest' examples: Conflicting Access Based Policy: value: name: Conflicting-Policy-Name description: This policy ensures compliance of xyz ownerRef: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 name: Owner Name externalPolicyReference: XYZ policy compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee correctionAdvice: Based on the role of the employee, managers should remove access that is not required for their job function. state: ENFORCED tags: - string creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde violationOwnerAssignmentConfig: assignmentRule: MANAGER ownerRef: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 name: Violation Owner Name scheduled: true type: CONFLICTING_ACCESS_BASED conflictingAccessCriteria: leftCriteria: name: money-in criteriaList: - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a66 - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a67 rightCriteria: name: money-out criteriaList: - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a68 - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a69 General Policy: value: description: Description ownerRef: type: IDENTITY id: 2c918087682f9a86016839c05e8f1aff name: Owner Name externalPolicyReference: New policy policyQuery: policy query implementation compensatingControls: Compensating controls correctionAdvice: Correction advice tags: [] state: ENFORCED scheduled: false creatorId: 2c918087682f9a86016839c05e8f1aff modifierId: null violationOwnerAssignmentConfig: null name: General-Policy-Name responses: '201': description: SOD policy created content: application/json: schema: $ref: '#/components/schemas/SodPolicyRead' examples: Conflicting Access Based Policy: value: id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde name: Conflicting-Policy-Name created: '2020-01-01T00:00:00.000000Z' modified: '2020-01-01T00:00:00.000000Z' description: This policy ensures compliance of xyz ownerRef: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 name: Owner Name externalPolicyReference: XYZ policy policyQuery: '@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)' compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee correctionAdvice: Based on the role of the employee, managers should remove access that is not required for their job function. state: ENFORCED tags: - string creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde violationOwnerAssignmentConfig: assignmentRule: MANAGER ownerRef: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 name: Violation Owner Name scheduled: true type: CONFLICTING_ACCESS_BASED conflictingAccessCriteria: leftCriteria: name: money-in criteriaList: - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a66 - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a67 rightCriteria: name: money-out criteriaList: - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a68 - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a69 General Policy: value: description: Description ownerRef: type: IDENTITY id: 2c918087682f9a86016839c05e8f1aff name: Owner Name externalPolicyReference: New policy policyQuery: policy query implementation compensatingControls: Compensating controls correctionAdvice: Correction advice tags: [] state: ENFORCED scheduled: false creatorId: 2c918087682f9a86016839c05e8f1aff modifierId: null violationOwnerAssignmentConfig: null type: GENERAL conflictingAccessCriteria: null id: 52c11db4-733e-4c31-949a-766c95ec95f1 name: General-Policy-Name created: '2020-05-12T19:47:38Z' modified: '2020-05-12T19:47:38Z' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' get: security: - userAuth: - idn:sod-policy:read - idn:sod-policy:manage operationId: listSodPolicies tags: - SOD Policies summary: List sod policies description: |- This gets list of all SOD policies. Requires role of ORG_ADMIN parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, in* **state**: *eq, in* example: id eq "bc693f07e7b645539626c25954c58554" required: false - in: query name: sorters required: false schema: type: string format: comma-separated example: id,name description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **id, name, created, modified, description** responses: '200': description: List of all SOD policies. content: application/json: schema: type: array items: $ref: '#/components/schemas/SodPolicyRead' example: - id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde name: Conflicting-Policy-Name created: '2020-01-01T00:00:00.000000Z' modified: '2020-01-01T00:00:00.000000Z' description: This policy ensures compliance of xyz ownerRef: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 name: Owner Name externalPolicyReference: XYZ policy policyQuery: '@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)' compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee correctionAdvice: Based on the role of the employee, managers should remove access that is not required for their job function. state: ENFORCED tags: - string creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde violationOwnerAssignmentConfig: assignmentRule: MANAGER ownerRef: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 name: Violation Owner Name scheduled: true type: CONFLICTING_ACCESS_BASED conflictingAccessCriteria: leftCriteria: name: money-in criteriaList: - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a66 - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a67 rightCriteria: name: money-out criteriaList: - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a68 - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a69 - description: Description ownerRef: type: IDENTITY id: 2c918087682f9a86016839c05e8f1aff name: Owner Name externalPolicyReference: New policy policyQuery: policy query implementation compensatingControls: Compensating controls correctionAdvice: Correction advice tags: [] state: ENFORCED scheduled: false creatorId: 2c918087682f9a86016839c05e8f1aff modifierId: null violationOwnerAssignmentConfig: null type: GENERAL conflictingAccessCriteria: null id: 52c11db4-733e-4c31-949a-766c95ec95f1 name: General-Policy-Name created: '2020-05-12T19:47:38Z' modified: '2020-05-12T19:47:38Z' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sod-policies/{id}: get: security: - userAuth: - idn:sod-policy:read - idn:sod-policy:manage operationId: getSodPolicy tags: - SOD Policies summary: Get sod policy by id description: |- This gets specified SOD policy. Requires role of ORG_ADMIN. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSodPolicies description: The ID of the SOD Policy to retrieve. example: ef38f943-47e9-4562-b5bb-8424a56397d8 responses: '200': description: SOD policy ID. content: application/json: schema: $ref: '#/components/schemas/SodPolicyRead' examples: Conflicting Access Based Policy: value: id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde name: Conflicting-Policy-Name created: '2020-01-01T00:00:00.000000Z' modified: '2020-01-01T00:00:00.000000Z' description: This policy ensures compliance of xyz ownerRef: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 name: Owner Name externalPolicyReference: XYZ policy policyQuery: '@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)' compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee correctionAdvice: Based on the role of the employee, managers should remove access that is not required for their job function. state: ENFORCED tags: - string creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde violationOwnerAssignmentConfig: assignmentRule: MANAGER ownerRef: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 name: Violation Owner Name scheduled: true type: CONFLICTING_ACCESS_BASED conflictingAccessCriteria: leftCriteria: name: money-in criteriaList: - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a66 - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a67 rightCriteria: name: money-out criteriaList: - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a68 - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a69 General Policy: value: description: Description ownerRef: type: IDENTITY id: 2c918087682f9a86016839c05e8f1aff name: Owner Name externalPolicyReference: New policy policyQuery: policy query implementation compensatingControls: Compensating controls correctionAdvice: Correction advice tags: [] state: ENFORCED scheduled: false creatorId: 2c918087682f9a86016839c05e8f1aff modifierId: null violationOwnerAssignmentConfig: null type: GENERAL conflictingAccessCriteria: null id: 52c11db4-733e-4c31-949a-766c95ec95f1 name: General-Policy-Name created: '2020-05-12T19:47:38Z' modified: '2020-05-12T19:47:38Z' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: security: - userAuth: - idn:sod-policy:manage operationId: putSodPolicy tags: - SOD Policies summary: Update sod policy by id description: |- This updates a specified SOD policy. Requires role of ORG_ADMIN. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSodPolicies description: The ID of the SOD policy to update. example: ef38f943-47e9-4562-b5bb-8424a56397d8 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/SodPolicyRead' examples: Conflicting Access Based Policy: value: name: Conflicting-Policy-Name description: Modified Description externalPolicyReference: XYZ policy compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee correctionAdvice: Based on the role of the employee, managers should remove access that is not required for their job function. state: ENFORCED tags: - string violationOwnerAssignmentConfig: assignmentRule: MANAGER ownerRef: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 name: Violation Owner Name scheduled: true type: CONFLICTING_ACCESS_BASED conflictingAccessCriteria: leftCriteria: name: money-in criteriaList: - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a66 - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a67 rightCriteria: name: money-out criteriaList: - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a68 - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a69 General Policy: value: description: Modified Description ownerRef: type: IDENTITY id: 2c918087682f9a86016839c05e8f1aff name: Owner Name externalPolicyReference: New policy policyQuery: policy query implementation compensatingControls: Compensating controls correctionAdvice: Correction advice tags: [] state: ENFORCED scheduled: false creatorId: 2c918087682f9a86016839c05e8f1aff modifierId: null violationOwnerAssignmentConfig: null type: GENERAL conflictingAccessCriteria: null id: 52c11db4-733e-4c31-949a-766c95ec95f1 name: General-Policy-Name created: '2020-05-12T19:47:38Z' modified: '2020-05-12T19:47:38Z' responses: '200': description: SOD Policy by ID content: application/json: schema: $ref: '#/components/schemas/SodPolicyRead' examples: Conflicting Access Based Policy: value: id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde name: Conflicting-Policy-Name created: '2020-01-01T00:00:00.000000Z' modified: '2020-01-01T00:00:00.000000Z' description: Modified description ownerRef: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 name: Owner Name externalPolicyReference: XYZ policy policyQuery: '@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)' compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee correctionAdvice: Based on the role of the employee, managers should remove access that is not required for their job function. state: ENFORCED tags: - string creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde violationOwnerAssignmentConfig: assignmentRule: MANAGER ownerRef: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 name: Violation Owner Name scheduled: true type: CONFLICTING_ACCESS_BASED conflictingAccessCriteria: leftCriteria: name: money-in criteriaList: - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a66 - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a67 rightCriteria: name: money-out criteriaList: - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a68 - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a69 General Policy: value: description: Modified Description ownerRef: type: IDENTITY id: 2c918087682f9a86016839c05e8f1aff name: Owner Name externalPolicyReference: New policy policyQuery: policy query implementation compensatingControls: Compensating controls correctionAdvice: Correction advice tags: [] state: ENFORCED scheduled: false creatorId: 2c918087682f9a86016839c05e8f1aff modifierId: null violationOwnerAssignmentConfig: null type: GENERAL conflictingAccessCriteria: null id: 52c11db4-733e-4c31-949a-766c95ec95f1 name: General-Policy-Name created: '2020-05-12T19:47:38Z' modified: '2020-05-12T19:47:38Z' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: security: - userAuth: - idn:sod-policy:manage operationId: deleteSodPolicy tags: - SOD Policies summary: Delete sod policy by id description: |- This deletes a specified SOD policy. Requires role of ORG_ADMIN. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSodPolicies description: The ID of the SOD Policy to delete. example: ef38f943-47e9-4562-b5bb-8424a56397d8 - in: query name: logical schema: type: boolean default: true description: Indicates whether this is a soft delete (logical true) or a hard delete. Soft delete marks the policy as deleted and just save it with this status. It could be fully deleted or recovered further. Hard delete vise versa permanently delete SOD request during this call. example: true required: false responses: '204': description: No content. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: security: - userAuth: - idn:sod-policy:manage operationId: patchSodPolicy tags: - SOD Policies summary: Patch sod policy by id description: |- Allows updating SOD Policy fields other than ["id","created","creatorId","policyQuery","type"] using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Requires role of ORG_ADMIN. This endpoint can only patch CONFLICTING_ACCESS_BASED type policies. Do not use this endpoint to patch general policies - doing so will build an API exception. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSodPolicies description: The ID of the SOD policy being modified. example: 2c918083-5d19-1a86-015d-28455b4a2329 requestBody: required: true description: | A list of SOD Policy update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The following fields are patchable: * name * description * ownerRef * externalPolicyReference * compensatingControls * correctionAdvice * state * tags * violationOwnerAssignmentConfig * scheduled * conflictingAccessCriteria content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' examples: Conflicting Access Based Policy: value: - op: replace path: /description value: Modified description - op: replace path: /conflictingAccessCriteria/leftCriteria/name value: money-in-modified - op: replace path: /conflictingAccessCriteria/rightCriteria value: name: money-out-modified criteriaList: - type: ENTITLEMENT id: 2c918087682f9a86016839c0509c1ab2 General Policy: value: - op: replace path: /description value: Modified description responses: '200': description: Indicates the PATCH operation succeeded, and returns the SOD policy's new representation. content: application/json: schema: $ref: '#/components/schemas/SodPolicyRead' examples: Conflicting Access Based Policy: value: id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde name: Conflicting-Policy-Name created: '2020-01-01T00:00:00.000000Z' modified: '2020-01-01T00:00:00.000000Z' description: Modified description ownerRef: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 name: Owner Name externalPolicyReference: XYZ policy policyQuery: '@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c918087682f9a86016839c0509c1ab2)' compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee correctionAdvice: Based on the role of the employee, managers should remove access that is not required for their job function. state: ENFORCED tags: - string creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde violationOwnerAssignmentConfig: assignmentRule: MANAGER ownerRef: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 name: Violation Owner Name scheduled: true type: CONFLICTING_ACCESS_BASED conflictingAccessCriteria: leftCriteria: name: money-in-modified criteriaList: - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a66 - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a67 rightCriteria: name: money-out-modified criteriaList: - type: ENTITLEMENT id: 2c918087682f9a86016839c0509c1ab2 General Policy: value: description: Modified description ownerRef: type: IDENTITY id: 2c918087682f9a86016839c05e8f1aff name: Owner Name externalPolicyReference: New policy policyQuery: policy query implementation compensatingControls: Compensating controls correctionAdvice: Correction advice tags: [] state: ENFORCED scheduled: false creatorId: 2c918087682f9a86016839c05e8f1aff modifierId: null violationOwnerAssignmentConfig: null type: GENERAL conflictingAccessCriteria: null id: 52c11db4-733e-4c31-949a-766c95ec95f1 name: General-Policy-Name created: '2020-05-12T19:47:38Z' modified: '2020-05-12T19:47:38Z' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sod-policies/{id}/evaluate: post: security: - userAuth: - idn:sod-violation:manage - applicationAuth: - idn:sod-violation:manage operationId: startEvaluateSodPolicy tags: - SOD Policies summary: Evaluate one policy by id description: Runs the scheduled report for the policy retrieved by passed policy ID. The report schedule is fetched from the policy retrieved by ID. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSodPolicies description: The SOD policy ID to run. example: ef38f943-47e9-4562-b5bb-8424a56397d8 responses: '200': description: Reference to the violation report run task. content: application/json: schema: $ref: '#/components/schemas/ReportResultReference' example: status: PENDING type: REPORT_RESULT id: 37b3b32a-f394-46f8-acad-b5223969fa68 name: Multi Query Report '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sod-policies/{id}/schedule: get: security: - userAuth: - idn:sod-policy:read - idn:sod-policy:manage operationId: getSodPolicySchedule tags: - SOD Policies summary: Get sod policy schedule description: This endpoint gets a specified SOD policy's schedule. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSodPolicies description: The ID of the SOD policy schedule to retrieve. example: ef38f943-47e9-4562-b5bb-8424a56397d8 responses: '200': description: SOD policy schedule. content: application/json: schema: $ref: '#/components/schemas/SodPolicySchedule' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: security: - userAuth: - idn:sod-policy:manage operationId: putPolicySchedule tags: - SOD Policies summary: Update sod policy schedule description: This updates schedule for a specified SOD policy. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSodPolicies description: The ID of the SOD policy to update its schedule. example: ef38f943-47e9-4562-b5bb-8424a56397d8 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/SodPolicySchedule' responses: '200': description: Created or updated SOD policy schedule. content: application/json: schema: $ref: '#/components/schemas/SodPolicySchedule' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: security: - userAuth: - idn:sod-policy:manage operationId: deleteSodPolicySchedule tags: - SOD Policies summary: Delete sod policy schedule description: This deletes schedule for a specified SOD policy by ID. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSodPolicies description: The ID of the SOD policy the schedule must be deleted for. example: ef38f943-47e9-4562-b5bb-8424a56397d8 responses: '204': description: No content response. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sod-policies/{id}/violation-report/run: post: security: - userAuth: - idn:sod-violation:manage - applicationAuth: - idn:sod-violation:manage operationId: startSodPolicy tags: - SOD Policies summary: Runs sod policy violation report description: This invokes processing of violation report for given SOD policy. If the policy reports more than 5000 violations, the report returns with violation limit exceeded message. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSodPolicies description: The SOD policy ID to run. example: ef38f943-47e9-4562-b5bb-8424a56397d8 responses: '200': description: Reference to the violation report run task. content: application/json: schema: $ref: '#/components/schemas/ReportResultReference' example: status: PENDING type: REPORT_RESULT id: 2e8d8180-24bc-4d21-91c6-7affdb473b0d name: policy-xyz '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sod-policies/{id}/violation-report: get: security: - userAuth: - idn:sod-violation:read - idn:sod-violation:manage - applicationAuth: - idn:sod-violation:read - idn:sod-violation:manage operationId: getSodViolationReportStatus tags: - SOD Policies summary: Get sod violation report status description: This gets the status for a violation report run task that has already been invoked. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: startSodPolicy description: The ID of the violation report to retrieve status for. example: ef38f943-47e9-4562-b5bb-8424a56397d8 responses: '200': description: Status of the violation report run task. content: application/json: schema: $ref: '#/components/schemas/ReportResultReference' example: status: SUCCESS type: REPORT_RESULT id: 2e8d8180-24bc-4d21-91c6-7affdb473b0d name: policy-xyz '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sod-policies/sod-violation-report-status/{reportResultId}: get: security: - userAuth: - idn:sod-violation:read - idn:sod-violation:manage - applicationAuth: - idn:sod-violation:read - idn:sod-violation:manage operationId: getSodViolationReportRunStatus tags: - SOD Policies summary: Get violation report run status description: This gets the status for a violation report run task that has already been invoked. parameters: - in: path name: reportResultId schema: type: string required: true x-sailpoint-resource-operation-id: getSodAllReportRunStatus description: The ID of the report reference to retrieve. example: 2e8d8180-24bc-4d21-91c6-7affdb473b0d responses: '200': description: Status of the violation report run task. content: application/json: schema: $ref: '#/components/schemas/ReportResultReference' example: status: SUCCESS type: REPORT_RESULT id: 2e8d8180-24bc-4d21-91c6-7affdb473b0d name: policy-xyz '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sod-violations/predict: post: security: - userAuth: - idn:sod-violation:read - idn:sod-violation:manage - applicationAuth: - idn:sod-violation:read - idn:sod-violation:manage x-sailpoint-userLevels: - ORG_ADMIN operationId: startPredictSodViolations tags: - SOD Violations summary: Predict sod violations for identity. description: This API is used to check if granting some additional accesses would cause the subject to be in violation of any SOD policies. Returns the violations that would be caused. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/IdentityWithNewAccess' example: identityId: 2c91808568c529c60168cca6f90c1313 accessRefs: - type: ENTITLEMENT id: 2c918087682f9a86016839c050861ab1 - type: ENTITLEMENT id: 2c918087682f9a86016839c0509c1ab2 responses: '200': description: Violation Contexts content: application/json: schema: $ref: '#/components/schemas/ViolationPrediction' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sod-violations/check: post: security: - userAuth: - idn:sod-violation:read - idn:sod-violation:manage - applicationAuth: - idn:sod-violation:read - idn:sod-violation:manage x-sailpoint-userLevels: - ORG_ADMIN operationId: startViolationCheck tags: - SOD Violations summary: Check sod violations description: This API initiates a SOD policy verification asynchronously. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/IdentityWithNewAccess' example: identityId: 2c91808568c529c60168cca6f90c1313 accessRefs: - type: ENTITLEMENT id: 2c918087682f9a86016839c050861ab1 - type: ENTITLEMENT id: 2c918087682f9a86016839c0509c1ab2 clientMetadata: additionalProp1: string additionalProp2: string additionalProp3: string responses: '202': description: Request ID with a timestamp. content: application/json: schema: $ref: '#/components/schemas/SodViolationCheck' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sod-violation-report/run: post: security: - userAuth: - idn:sod-violation:manage - applicationAuth: - idn:sod-violation:manage operationId: startSodAllPoliciesForOrg tags: - SOD Policies summary: Runs all policies for org description: Runs multi-policy report for the org. If a policy reports more than 5000 violations, the report mentions that the violation limit was exceeded for that policy. If the request is empty, the report runs for all policies. Otherwise, the report runs for only the filtered policy list provided. requestBody: required: false content: application/json: schema: $ref: '#/components/schemas/MultiPolicyRequest' example: filteredPolicyList: - b868cd40-ffa4-4337-9c07-1a51846cfa94 - 63a07a7b-39a4-48aa-956d-50c827deba2a responses: '200': description: Reference to the violation report run task. content: application/json: schema: $ref: '#/components/schemas/ReportResultReference' example: status: PENDING type: REPORT_RESULT id: 37b3b32a-f394-46f8-acad-b5223969fa68 name: Multi Query Report '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sod-violation-report: get: security: - userAuth: - idn:sod-violation:read - idn:sod-violation:manage - applicationAuth: - idn:sod-violation:read - idn:sod-violation:manage operationId: getSodAllReportRunStatus tags: - SOD Policies summary: Get multi-report run task status description: This endpoint gets the status for a violation report for all policy run. responses: '200': description: Status of the violation report run task for all policy run. content: application/json: schema: $ref: '#/components/schemas/ReportResultReference' example: status: SUCCESS type: REPORT_RESULT id: 37b3b32a-f394-46f8-acad-b5223969fa68 name: Multi Query Report '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sod-violation-report/{reportResultId}/download: get: security: - userAuth: - idn:sod-violation:read - idn:sod-violation:manage - applicationAuth: - idn:sod-violation:read - idn:sod-violation:manage operationId: getDefaultViolationReport tags: - SOD Policies summary: Download violation report description: This allows to download a violation report for a given report reference. parameters: - in: path name: reportResultId schema: type: string required: true x-sailpoint-resource-operation-id: startSodPolicy description: The ID of the report reference to download. example: ef38f94347e94562b5bb8424a56397d8 responses: '200': description: Returns the PolicyReport.zip that contains the violation report file. content: application/zip: schema: type: string format: binary '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sod-violation-report/{reportResultId}/download/{fileName}: get: security: - userAuth: - idn:sod-violation:read - idn:sod-violation:manage - applicationAuth: - idn:sod-violation:read - idn:sod-violation:manage operationId: getCustomViolationReport tags: - SOD Policies summary: Download custom violation report description: This allows to download a specified named violation report for a given report reference. parameters: - in: path name: reportResultId schema: type: string required: true x-sailpoint-resource-operation-id: startSodPolicy description: The ID of the report reference to download. example: ef38f94347e94562b5bb8424a56397d8 - in: path name: fileName schema: type: string required: true description: Custom Name for the file. example: custom-name responses: '200': description: Returns the zip file with given custom name that contains the violation report file. content: application/zip: schema: type: string format: binary '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sources: get: operationId: listSources security: - userAuth: - idn:sources:read - idn:sources:manage - applicationAuth: - idn:sources:read - idn:sources:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN - ROLE_SUBADMIN tags: - Sources summary: Lists all sources in identitynow. description: This end-point lists all the sources in IdentityNow. parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string example: name eq "Employees" description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in, ge, gt, le, lt, ne, isnull, sw* **name**: *co, eq, in, sw, ge, gt, ne, isnull* **type**: *eq, in, ge, gt, ne, isnull, sw* **owner.id**: *eq, in, ge, gt, le, lt, ne, isnull, sw* **features**: *ca, co* **created**: *eq, ge, gt, in, le, lt, ne, isnull, sw* **modified**: *eq, ge, gt, in, le, lt, ne, isnull, sw* **managementWorkgroup.id**: *eq, ge, gt, in, le, lt, ne, isnull, sw* **description**: *eq, sw* **authoritative**: *eq, ne, isnull* **healthy**: *isnull* **status**: *eq, in, ge, gt, le, lt, ne, isnull, sw* **connectionType**: *eq, ge, gt, in, le, lt, ne, isnull, sw* **connectorName**: *eq, ge, gt, in, ne, isnull, sw* **category**: *co, eq, ge, gt, in, le, lt, ne, sw* - in: query name: sorters schema: type: string format: comma-separated example: name description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **type, created, modified, name, owner.name, healthy, status, id, description, owner.id, accountCorrelationConfig.id, accountCorrelationConfig.name, managerCorrelationRule.type, managerCorrelationRule.id, managerCorrelationRule.name, authoritative, managementWorkgroup.id, connectorName, connectionType** - in: query name: for-subadmin schema: type: string example: name description: |- Filter the returned list of sources for the identity specified by the parameter, which is the id of an identity with the role SOURCE_SUBADMIN. By convention, the value **me** indicates the identity id of the current user. Subadmins may only view Sources which they are able to administer; all other Sources will be filtered out when this parameter is set. If the current user is a SOURCE_SUBADMIN but fails to pass a valid value for this parameter, a 403 Forbidden is returned. - in: query name: includeIDNSource required: false schema: type: boolean default: false example: true description: Include the IdentityNow source in the response. responses: '200': description: List of Source objects content: application/json: schema: type: array items: $ref: '#/components/schemas/Source' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createSource security: - userAuth: - idn:sources:manage - applicationAuth: - idn:sources:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN tags: - Sources summary: Creates a source in identitynow. description: This creates a specific source with a full source JSON representation. Any passwords are submitted as plain-text and encrypted upon receipt in IdentityNow. parameters: - in: query name: provisionAsCsv description: 'If this parameter is `true`, it configures the source as a Delimited File (CSV) source. Setting this to `true` will automatically set the `type` of the source to `DelimitedFile`. You must use this query parameter to create a Delimited File source as you would in the UI. If you don''t set this query parameter and you attempt to set the `type` attribute directly, the request won''t correctly generate the source. ' schema: type: boolean required: false example: false requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/Source' responses: '201': description: Created Source object. Any passwords will only show the the encrypted cipher-text, as they are not decrypt-able in IdentityNow cloud-based services, per IdentityNow security design. content: application/json: schema: $ref: '#/components/schemas/Source' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sources/{id}: get: operationId: getSource security: - userAuth: - idn:sources:read - idn:sources:manage - applicationAuth: - idn:sources:read - idn:sources:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN tags: - Sources summary: Get source by id description: Use this API to get a source by a specified ID in Identity Security Cloud (ISC). parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSources description: Source ID. example: 2c9180835d191a86015d28455b4a2329 responses: '200': description: Source object. content: application/json: schema: $ref: '#/components/schemas/Source' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: putSource security: - userAuth: - idn:sources:manage - applicationAuth: - idn:sources:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN tags: - Sources summary: Update source (full) description: | Use this API to update a source in Identity Security Cloud (ISC), using a full object representation. This means that when you use this API, it completely replaces the existing source configuration. These fields are immutable, so they cannot be changed: * id * type * authoritative * connector * connectorClass * passwordPolicies Attempts to modify these fields will result in a 400 error. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSources description: Source ID. example: 2c9180835d191a86015d28455b4a2329 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/Source' responses: '200': description: Updated Source object. Any passwords will only show the the encrypted cipher-text so that they aren't decryptable in Identity Security Cloud (ISC) cloud-based services, per ISC security design. content: application/json: schema: $ref: '#/components/schemas/Source' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: updateSource security: - userAuth: - idn:sources:manage - applicationAuth: - idn:sources:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN tags: - Sources summary: Update source (partial) description: | Use this API to partially update a source in Identity Security Cloud (ISC), using a list of patch operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. These fields are immutable, so they cannot be changed: * id * type * authoritative * created * modified * connector * connectorClass * passwordPolicies Attempts to modify these fields will result in a 400 error. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSources description: Source ID. example: 2c9180835d191a86015d28455b4a2329 requestBody: required: true description: A list of account update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Any password changes are submitted as plain-text and encrypted upon receipt in Identity Security Cloud (ISC). content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' examples: Edit the source description: description: This example shows how to edit a source description. value: - op: replace path: /description value: new description Edit the source cluster: description: This example shows how to edit a source cluster by ID. value: - op: replace path: /cluster/id value: 2c918087813a902001813f3f85736b45 Edit source features: description: This example illustrates how you can update source supported features. value: - op: replace path: /features value: - PASSWORD - PROVISIONING - ENABLE - AUTHENTICATE Change a source description and cluster in one call: description: This example shows how multiple fields may be updated with a single PATCH call. value: - op: replace path: /description value: new description - op: replace path: /cluster/id value: 2c918087813a902001813f3f85736b45 Add a filter string to the connector: description: This example shows how you can add a filter to incoming accounts during the account aggregation process. In the example, any account that does not have an "m" or "d" in the ID will be aggregated. value: - op: add path: /connectorAttributes/filterString value: '!( id.contains( "m" ) ) || !( id.contains( "d" ) )' Update connector attribute for specific operation type: description: This example shows how you can update the 3rd object in the connection parameter's `operationType`. This changes it from a standard group aggregation to a group aggregation on the "test" entitlement type. value: - op: replace path: /connectorAttributes/connectionParameters/2/operationType value: Group Aggregation-test Enable notifications for new account provisioning on a source: description: This example shows how you can configure and enable email notifications that will send when new accounts are provisioned on a source. value: - op: replace path: /connectorAttributes/accountCreateNotification value: notifyList: - Distribution.list@demo.com notifyAccountOwner: true enabled: true notifyAccountOwnerAltEmail: false responses: '200': description: Updated Source object. Any passwords will only show the the encrypted cipher-text so that they aren't decryptable in Identity Security Cloud (ISC) cloud-based services, per ISC security design. content: application/json: schema: $ref: '#/components/schemas/Source' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteSource security: - userAuth: - idn:sources:manage - applicationAuth: - idn:sources:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN tags: - Sources summary: Delete source by id description: |- Use this API to delete a specific source in Identity Security Cloud (ISC). The API removes all the accounts on the source first, and then it deletes the source. You can retrieve the actual task execution status with this method: GET `/task-status/{id}` parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSources description: Source ID. example: 2c9180835d191a86015d28455b4a2329 responses: '202': description: Accepted - Returned if the request was successfully accepted into the system. content: application/json: schema: type: object properties: type: description: Type of object being referenced. type: string enum: - TASK_RESULT example: TASK_RESULT id: type: string description: Task result ID. example: 2c91808779ecf55b0179f720942f181a name: type: string description: Task result's human-readable display name (this should be null/empty). example: null examples: deleteSource: summary: Response returned when a source is being deleted. value: type: TASK_RESULT id: 2c91808779ecf55b0179f720942f181a name: null '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sources/{sourceId}/provisioning-policies: get: operationId: listProvisioningPolicies tags: - Sources summary: Lists provisioningpolicies description: This end-point lists all the ProvisioningPolicies in IdentityNow. security: - userAuth: - idn:provisioning-policy:read - idn:provisioning-policy:manage - applicationAuth: - idn:provisioning-policy:read - idn:provisioning-policy:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: sourceId required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source id example: 2c9180835d191a86015d28455b4a2329 responses: '200': description: List of ProvisioningPolicyDto objects content: application/json: schema: type: array items: $ref: '#/components/schemas/ProvisioningPolicyDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createProvisioningPolicy tags: - Sources summary: Create provisioning policy description: |- This API generates a create policy/template based on field value transforms. This API is intended for use when setting up JDBC Provisioning type sources, but it will also work on other source types. Transforms can be used in the provisioning policy to create a new attribute that you only need during provisioning. Refer to [Transforms in Provisioning Policies](https://developer.sailpoint.com/docs/extensibility/transforms/guides/transforms-in-provisioning-policies) for more information. security: - userAuth: - idn:provisioning-policy-source-admin-operations:manage - idn:provisioning-policy:manage - applicationAuth: - idn:provisioning-policy-source-admin-operations:manage - idn:provisioning-policy:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: sourceId required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source id example: 2c9180835d191a86015d28455b4a2329 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ProvisioningPolicyDto' examples: Create Account Provisioning Policy: value: name: Account description: Account Provisioning Policy usageType: CREATE fields: - name: displayName transform: type: identityAttribute attributes: name: displayName attributes: {} isRequired: false type: string isMultiValued: false - name: distinguishedName transform: type: usernameGenerator attributes: sourceCheck: true patterns: - CN=$fi $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - CN=$fti $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - CN=$fn $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - CN=$fn$ln${uniqueCounter},OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com fn: type: identityAttribute attributes: name: firstname ln: type: identityAttribute attributes: name: lastname fi: type: substring attributes: input: type: identityAttribute attributes: name: firstname begin: 0 end: 1 fti: type: substring attributes: input: type: identityAttribute attributes: name: firstname begin: 0 end: 2 attributes: cloudMaxUniqueChecks: '5' cloudMaxSize: '100' cloudRequired: 'true' isRequired: false type: '' isMultiValued: false - name: description transform: type: static attributes: value: '' attributes: {} isRequired: false type: string isMultiValued: false responses: '201': description: Created ProvisioningPolicyDto object content: application/json: schema: $ref: '#/components/schemas/ProvisioningPolicyDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sources/{sourceId}/provisioning-policies/{usageType}: get: operationId: getProvisioningPolicy tags: - Sources summary: Get provisioning policy by usagetype description: This end-point retrieves the ProvisioningPolicy with the specified usage on the specified Source in IdentityNow. security: - userAuth: - idn:provisioning-policy-source:read - idn:provisioning-policy:read - idn:provisioning-policy-source-admin-operations:manage - idn:provisioning-policy:manage - applicationAuth: - idn:provisioning-policy-source:read - idn:provisioning-policy:read - idn:provisioning-policy-source-admin-operations:manage - idn:provisioning-policy:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN parameters: - in: path name: sourceId required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source ID. example: 2c9180835d191a86015d28455b4a2329 - in: path name: usageType required: true description: |- The type of provisioning policy usage. In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined. These are the common usage types: CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source. UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source. ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created. DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source. You can use these four usage types for all your provisioning policy needs. example: CREATE schema: $ref: '#/components/schemas/UsageType' responses: '200': description: The requested ProvisioningPolicyDto was successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ProvisioningPolicyDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: putProvisioningPolicy tags: - Sources summary: Update provisioning policy by usagetype description: |- This end-point updates the provisioning policy with the specified usage on the specified source in IdentityNow. Transforms can be used in the provisioning policy to create a new attribute that you only need during provisioning. Refer to [Transforms in Provisioning Policies](https://developer.sailpoint.com/docs/extensibility/transforms/guides/transforms-in-provisioning-policies) for more information. security: - userAuth: - idn:provisioning-policy-source-admin-operations:manage - idn:provisioning-policy:manage - applicationAuth: - idn:provisioning-policy-source-admin-operations:manage - idn:provisioning-policy:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN parameters: - in: path name: sourceId required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source ID. example: 2c9180835d191a86015d28455b4a2329 - in: path name: usageType required: true description: |- The type of provisioning policy usage. In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined. These are the common usage types: CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source. UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source. ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created. DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source. You can use these four usage types for all your provisioning policy needs. example: CREATE schema: $ref: '#/components/schemas/UsageType' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ProvisioningPolicyDto' responses: '200': description: The ProvisioningPolicyDto was successfully replaced. content: application/json: schema: $ref: '#/components/schemas/ProvisioningPolicyDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: updateProvisioningPolicy tags: - Sources summary: Partial update of provisioning policy description: |- This API selectively updates an existing Provisioning Policy using a JSONPatch payload. Transforms can be used in the provisioning policy to create a new attribute that you only need during provisioning. Refer to [Transforms in Provisioning Policies](https://developer.sailpoint.com/docs/extensibility/transforms/guides/transforms-in-provisioning-policies) for more information. security: - userAuth: - idn:provisioning-policy-source-admin-operations:manage - idn:provisioning-policy:manage - applicationAuth: - idn:provisioning-policy-source-admin-operations:manage - idn:provisioning-policy:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN parameters: - in: path name: sourceId required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source id. example: 2c9180835d191a86015d28455b4a2329 - in: path name: usageType required: true description: |- The type of provisioning policy usage. In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined. These are the common usage types: CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source. UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source. ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created. DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source. You can use these four usage types for all your provisioning policy needs. example: CREATE schema: $ref: '#/components/schemas/UsageType' requestBody: required: true description: The JSONPatch payload used to update the schema. content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' examples: add-field: summary: Add a field to the beginning of the list value: - op: add path: /fields/0 value: name: email transform: type: identityAttribute attributes: name: email attributes: {} isRequired: false type: string isMultiValued: false responses: '200': description: The ProvisioningPolicyDto was successfully updated. content: application/json: schema: $ref: '#/components/schemas/ProvisioningPolicyDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteProvisioningPolicy tags: - Sources summary: Delete provisioning policy by usagetype description: Deletes the provisioning policy with the specified usage on an application. security: - userAuth: - idn:provisioning-policy:manage - applicationAuth: - idn:provisioning-policy:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: sourceId required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source ID. example: 2c9180835d191a86015d28455b4a2329 - in: path name: usageType required: true description: |- The type of provisioning policy usage. In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined. These are the common usage types: CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source. UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source. ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created. DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source. You can use these four usage types for all your provisioning policy needs. example: CREATE schema: $ref: '#/components/schemas/UsageType' responses: '204': $ref: '#/components/responses/204' description: The ProvisioningPolicyDto was successfully deleted. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sources/{sourceId}/provisioning-policies/bulk-update: post: operationId: updateProvisioningPoliciesInBulk tags: - Sources summary: Bulk update provisioning policies description: This end-point updates a list of provisioning policies on the specified source in IdentityNow. security: - userAuth: - idn:provisioning-policy:manage - applicationAuth: - idn:provisioning-policy:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: sourceId required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source id. example: 2c9180835d191a86015d28455b4a2329 requestBody: required: true content: application/json: schema: type: array items: $ref: '#/components/schemas/ProvisioningPolicyDto' responses: '200': description: A list of the ProvisioningPolicyDto was successfully replaced. content: application/json: schema: type: array items: $ref: '#/components/schemas/ProvisioningPolicyDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sources/{sourceId}/schemas: get: operationId: getSourceSchemas security: - userAuth: - idn:source-schema:read - idn:source-schema:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN tags: - Sources summary: List schemas on source description: Use this API to list the schemas that exist on the specified source in Identity Security Cloud (ISC). parameters: - in: path name: sourceId required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: Source ID. example: 2c9180835d191a86015d28455b4a2329 - in: query name: include-types required: false schema: type: string enum: - group - user description: |- If set to 'group', then the account schema is filtered and only group schemas are returned. Only a value of 'group' is recognized presently. Note: The API will check whether include-types is group or not, if not, it will list schemas based on include-names, if include-names is not provided, it will list all schemas. example: group - in: query name: include-names required: false schema: type: string description: A comma-separated list of schema names to filter result. example: account responses: '200': description: The schemas were successfully retrieved. content: application/json: schema: type: array items: $ref: '#/components/schemas/Schema' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createSourceSchema security: - userAuth: - idn:source-schema:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN tags: - Sources summary: Create schema on source description: | Use this API to create a new schema on the specified source in Identity Security Cloud (ISC). parameters: - in: path name: sourceId required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: Source ID. example: 2c9180835d191a86015d28455b4a2329 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/Schema' responses: '201': description: The schema was successfully created on the specified source. content: application/json: schema: $ref: '#/components/schemas/Schema' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sources/{sourceId}/schemas/{schemaId}: get: operationId: getSourceSchema tags: - Sources summary: Get source schema by id description: | Get the Source Schema by ID in IdentityNow. parameters: - in: path name: sourceId required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source id. example: 2c9180835d191a86015d28455b4a2329 - in: path name: schemaId schema: type: string required: true x-sailpoint-resource-operation-id: getSourceSchemas description: The Schema id. example: 2c9180835d191a86015d28455b4a2329 responses: '200': description: The requested Schema was successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/Schema' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:source-schema:read - idn:source-schema:manage put: operationId: putSourceSchema tags: - Sources summary: Update source schema (full) description: | This API will completely replace an existing Schema with the submitted payload. Some fields of the Schema cannot be updated. These fields are listed below. * id * name * created * modified Any attempt to modify these fields will result in an error response with a status code of 400. > `id` must remain in the request body, but it cannot be changed. If `id` is omitted from the request body, the result will be a 400 error. parameters: - in: path name: sourceId required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source id. example: 2c9180835d191a86015d28455b4a2329 - in: path name: schemaId schema: type: string required: true x-sailpoint-resource-operation-id: getSourceSchemas description: The Schema id. example: 2c9180835d191a86015d28455b4a2329 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/Schema' responses: '200': description: The Schema was successfully replaced. content: application/json: schema: $ref: '#/components/schemas/Schema' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:source-schema:manage patch: operationId: updateSourceSchema tags: - Sources summary: Update source schema (partial) description: | Use this API to selectively update an existing Schema using a JSONPatch payload. The following schema fields are immutable and cannot be updated: - id - name - created - modified To switch an account attribute to a group entitlement, you need to have the following in place: - `isEntitlement: true` - Must define a schema for the group and [add it to the source](https://developer.sailpoint.com/idn/api/v3/create-source-schema) before updating the `isGroup` flag. For example, here is the `group` account attribute referencing a schema that defines the group: ```json { "name": "groups", "type": "STRING", "schema": { "type": "CONNECTOR_SCHEMA", "id": "2c9180887671ff8c01767b4671fc7d60", "name": "group" }, "description": "The groups, roles etc. that reference account group objects", "isMulti": true, "isEntitlement": true, "isGroup": true } ``` parameters: - in: path name: sourceId required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source id. example: 2c9180835d191a86015d28455b4a2329 - in: path name: schemaId schema: type: string required: true x-sailpoint-resource-operation-id: getSourceSchemas description: The Schema id. example: 2c9180835d191a86015d28455b4a2329 requestBody: required: true description: The JSONPatch payload used to update the schema. content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' examples: add-attribute: summary: Add an attribute to the end of the list value: - op: add path: /attributes/- value: name: location type: STRING schema: null description: Employee location isMulti: false isEntitlement: false isGroup: false responses: '200': description: The Schema was successfully updated. content: application/json: schema: $ref: '#/components/schemas/Schema' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:source-schema:manage delete: operationId: deleteSourceSchema tags: - Sources summary: Delete source schema by id parameters: - in: path name: sourceId required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source id. example: 2c9180835d191a86015d28455b4a2329 - in: path name: schemaId schema: type: string required: true x-sailpoint-resource-operation-id: getSourceSchemas description: The Schema id. example: 2c9180835d191a86015d28455b4a2329 responses: '204': $ref: '#/components/responses/204' description: The Schema was successfully deleted. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:source-schema:manage /sources/{sourceId}/source-health: get: operationId: getSourceHealth security: - userAuth: - idn:sources:read - idn:sources:manage - applicationAuth: - idn:sources:read - idn:sources:manage tags: - Sources summary: Fetches source health by id description: This endpoint fetches source health by source's id parameters: - in: path name: sourceId required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source id. example: 2c9180835d191a86015d28455b4a2329 responses: '200': description: Fetched source health successfully content: application/json: schema: $ref: '#/components/schemas/SourceHealthDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sources/{id}/schemas/accounts: get: tags: - Sources summary: Downloads source accounts schema template description: |- This API downloads the CSV schema that defines the account attributes on a source. >**NOTE: This API is designated only for Delimited File sources.** operationId: getAccountsSchema parameters: - in: path name: id required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source id example: 8c190e6787aa4ed9a90bd9d5344523fb responses: '200': description: Successfully downloaded the file content: text/csv: example: id,name,givenName,familyName,e-mail,location,manager,groups,startDate,endDate '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:source-schema:read - idn:source-schema:manage post: tags: - Sources summary: Uploads source accounts schema template description: |- This API uploads a source schema template file to configure a source's account attributes. To retrieve the file to modify and upload, log into Identity Now. Click **Admin** -> **Connections** -> **Sources** -> **`{SourceName}`** -> **Import Data** -> **Account Schema** -> **Options** -> **Download Schema** >**NOTE: This API is designated only for Delimited File sources.** operationId: importAccountsSchema parameters: - in: path name: id required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source id example: 8c190e6787aa4ed9a90bd9d5344523fb requestBody: required: true content: multipart/form-data: schema: type: object properties: file: type: string format: binary responses: '200': description: Successfully uploaded the file content: application/json: schema: $ref: '#/components/schemas/Schema' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:source-schema:manage /sources/{id}/schemas/entitlements: get: tags: - Sources summary: Downloads source entitlements schema template description: |- This API downloads the CSV schema that defines the entitlement attributes on a source. >**NOTE: This API is designated only for Delimited File sources.** operationId: getEntitlementsSchema parameters: - in: path name: id required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source id example: 8c190e6787aa4ed9a90bd9d5344523fb - in: query name: schemaName schema: type: string description: Name of entitlement schema example: '?schemaName=group' responses: '200': description: Successfully downloaded the file content: text/csv: example: id,name,displayName,created,description,modified,entitlements,groups,permissions '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:source-schema:read post: tags: - Sources summary: Uploads source entitlements schema template description: |- This API uploads a source schema template file to configure a source's entitlement attributes. To retrieve the file to modify and upload, log into Identity Now. Click **Admin** -> **Connections** -> **Sources** -> **`{SourceName}`** -> **Import Data** -> **Import Entitlements** -> **Download** >**NOTE: This API is designated only for Delimited File sources.** operationId: importEntitlementsSchema parameters: - in: path name: id required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source id example: 8c190e6787aa4ed9a90bd9d5344523fb - in: query name: schemaName schema: type: string description: Name of entitlement schema example: '?schemaName=group' requestBody: required: true content: multipart/form-data: schema: type: object properties: file: type: string format: binary responses: '200': description: Successfully uploaded the file content: application/json: schema: $ref: '#/components/schemas/Schema' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:source-schema:manage /sources/{sourceId}/upload-connector-file: post: operationId: importConnectorFile security: - userAuth: - idn:sources-admin:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - Sources summary: Upload connector file to source parameters: - in: path name: sourceId required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source id. example: 2c9180835d191a86015d28455b4a2329 description: This uploads a supplemental source connector file (like jdbc driver jars) to a source's S3 bucket. This also sends ETS and Audit events. requestBody: required: true content: multipart/form-data: schema: type: object properties: file: type: string format: binary responses: '200': description: Uploaded the file successfully and sent all post-upload events content: application/json: schema: $ref: '#/components/schemas/Source' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sources/{sourceId}/connections: get: operationId: getSourceConnections security: - userAuth: - idn:sources:read - idn:sources:manage - applicationAuth: - idn:sources:read - idn:sources:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN tags: - Sources summary: Get source connections by id description: Use this API to get all dependent Profiles, Attributes, Applications and Custom Transforms for a source by a specified ID in Identity Security Cloud (ISC). parameters: - in: path name: sourceId schema: type: string required: true x-sailpoint-resource-operation-id: listSources description: Source ID. example: 2c9180835d191a86015d28455b4a2329 responses: '200': description: Source Connections object. content: application/json: schema: $ref: '#/components/schemas/SourceConnectionsDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /tagged-objects: get: operationId: listTaggedObjects security: - userAuth: - idn:tag:read - idn:tag:manage - applicationAuth: - idn:tag:read - idn:tag:manage tags: - Tagged Objects summary: List tagged objects description: This API returns a list of all tagged objects. parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **objectRef.id**: *eq, in* **objectRef.type**: *eq, in* **tagName**: *eq, in* example: tagName eq "BU_FINANCE" required: false responses: '200': description: List of all tagged objects. content: application/json: schema: type: array items: $ref: '#/components/schemas/TaggedObject' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: setTagToObject security: - userAuth: - idn:tag:manage - applicationAuth: - idn:tag:manage tags: - Tagged Objects summary: Add tag to object description: This adds a tag to an object. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/TaggedObject' responses: '201': description: Created. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /tagged-objects/{type}: get: operationId: listTaggedObjectsByType security: - userAuth: - idn:tag:read - idn:tag:manage - applicationAuth: - idn:tag:read - idn:tag:manage tags: - Tagged Objects summary: List tagged objects by type description: This API returns a list of all tagged objects by type. parameters: - in: path name: type schema: type: string enum: - ACCESS_PROFILE - APPLICATION - CAMPAIGN - ENTITLEMENT - IDENTITY - ROLE - SOD_POLICY - SOURCE required: true description: The type of tagged object to retrieve. example: ROLE - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **objectRef.id**: *eq* **objectRef.type**: *eq* example: objectRef.id eq "2c91808568c529c60168cca6f90c1313" required: false responses: '200': description: List of all tagged objects for specified type. content: application/json: schema: type: array items: $ref: '#/components/schemas/TaggedObject' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /tagged-objects/{type}/{id}: get: operationId: getTaggedObject security: - userAuth: - idn:tag:read - idn:tag:manage - applicationAuth: - idn:tag:read - idn:tag:manage tags: - Tagged Objects summary: Get tagged object description: This gets a tagged object for the specified type. parameters: - in: path name: type schema: type: string enum: - ACCESS_PROFILE - APPLICATION - CAMPAIGN - ENTITLEMENT - IDENTITY - ROLE - SOD_POLICY - SOURCE required: true description: The type of tagged object to retrieve. example: ROLE - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listTaggedObjects description: The ID of the object reference to retrieve. example: ef38f94347e94562b5bb8424a56397d8 responses: '200': description: Tagged object by type and ID. content: application/json: schema: $ref: '#/components/schemas/TaggedObject' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: putTaggedObject security: - userAuth: - idn:tag:manage - applicationAuth: - idn:tag:manage tags: - Tagged Objects summary: Update tagged object description: This updates a tagged object for the specified type. parameters: - in: path name: type schema: type: string enum: - ACCESS_PROFILE - APPLICATION - CAMPAIGN - ENTITLEMENT - IDENTITY - ROLE - SOD_POLICY - SOURCE required: true description: The type of tagged object to update. example: ROLE - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listTaggedObjects description: The ID of the object reference to update. example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/TaggedObject' responses: '200': description: Tagged object by type and ID. content: application/json: schema: $ref: '#/components/schemas/TaggedObject' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteTaggedObject security: - userAuth: - idn:tag:manage - applicationAuth: - idn:tag:manage tags: - Tagged Objects summary: Delete object tags description: Delete all tags from a tagged object. parameters: - in: path name: type schema: type: string enum: - ACCESS_PROFILE - APPLICATION - CAMPAIGN - ENTITLEMENT - IDENTITY - ROLE - SOD_POLICY - SOURCE required: true description: The type of object to delete tags from. example: ROLE - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listTaggedObjects description: The ID of the object to delete tags from. example: ef38f94347e94562b5bb8424a56397d8 responses: '204': description: No content. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /tagged-objects/bulk-add: post: operationId: setTagsToManyObjects security: - userAuth: - idn:tag:manage - applicationAuth: - idn:tag:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN - REPORT_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN tags: - Tagged Objects summary: Tag multiple objects description: This API adds tags to multiple objects. requestBody: required: true description: Supported object types are ACCESS_PROFILE, APPLICATION, CAMPAIGN, ENTITLEMENT, IDENTITY, ROLE, SOD_POLICY, SOURCE. content: application/json: schema: $ref: '#/components/schemas/BulkAddTaggedObject' responses: '200': description: Request succeeded. content: application/json: schema: type: array items: $ref: '#/components/schemas/BulkTaggedObjectResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /tagged-objects/bulk-remove: post: operationId: deleteTagsToManyObject security: - userAuth: - idn:tag:manage - applicationAuth: - idn:tag:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN - REPORT_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN tags: - Tagged Objects summary: Remove tags from multiple objects description: This API removes tags from multiple objects. requestBody: description: Supported object types are ACCESS_PROFILE, APPLICATION, CAMPAIGN, ENTITLEMENT, IDENTITY, ROLE, SOD_POLICY, SOURCE. required: true content: application/json: schema: $ref: '#/components/schemas/BulkRemoveTaggedObject' responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /transforms: get: tags: - Transforms summary: List transforms description: Gets a list of all saved transform objects. operationId: listTransforms parameters: - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' - name: name in: query description: Name of the transform to retrieve from the list. required: false style: form schema: type: string example: ExampleTransformName123 - name: filters in: query description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **internal**: *eq* **name**: *eq, sw* required: false style: form explode: true example: name eq "Uppercase" schema: type: string responses: '200': description: A list of transforms matching the given criteria. content: application/json: schema: type: array items: $ref: '#/components/schemas/TransformRead' example: - id: 2cd78adghjkja34jh2b1hkjhasuecd name: Timestamp To Date type: dateFormat attributes: inputFormat: MMM-dd-yyyy, HH:mm:ss.SSS outputFormat: yyyy/dd/MM internal: false - id: 2lkas8dhj4bkuakja77giih7l4ashh name: PrefixSubstring type: substring attributes: begin: 0 end: 3 internal: true '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:transform:read - idn:transform:manage - applicationAuth: - idn:transform:read - idn:transform:manage x-sailpoint-userLevels: - ORG_ADMIN post: tags: - Transforms summary: Create transform description: Creates a new transform object immediately. By default, the internal flag is set to false to indicate that this is a custom transform. Only SailPoint employees have the ability to create a transform with internal set to true. Newly created Transforms can be used in the Identity Profile mappings within the UI. operationId: createTransform requestBody: required: true description: The transform to be created. content: application/json: schema: $ref: '#/components/schemas/Transform' example: name: Timestamp To Date type: dateFormat attributes: inputFormat: MMM dd yyyy, HH:mm:ss.SSS outputFormat: yyyy/dd/MM responses: '201': description: Indicates the transform was successfully created and returns its representation. content: application/json: schema: $ref: '#/components/schemas/TransformRead' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:transform:manage - applicationAuth: - idn:transform:manage x-sailpoint-userLevels: - ORG_ADMIN /transforms/{id}: get: tags: - Transforms summary: Transform by id description: This API returns the transform specified by the given ID. operationId: getTransform parameters: - name: id in: path description: ID of the transform to retrieve required: true x-sailpoint-resource-operation-id: listTransforms style: simple explode: false example: 2cd78adghjkja34jh2b1hkjhasuecd schema: type: string responses: '200': description: Transform with the given ID content: application/json: schema: $ref: '#/components/schemas/TransformRead' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:transform:read - idn:transform:manage - applicationAuth: - idn:transform:read - idn:transform:manage x-sailpoint-userLevels: - ORG_ADMIN put: tags: - Transforms summary: Update a transform description: Replaces the transform specified by the given ID with the transform provided in the request body. Only the "attributes" field is mutable. Attempting to change other properties (ex. "name" and "type") will result in an error. operationId: updateTransform parameters: - name: id in: path description: ID of the transform to update required: true x-sailpoint-resource-operation-id: listTransforms style: simple explode: false schema: type: string example: 2cd78adghjkja34jh2b1hkjhasuecd requestBody: description: The updated transform object. Must include "name", "type", and "attributes" fields, but "name" and "type" must not be modified. content: application/json: schema: $ref: '#/components/schemas/Transform' example: name: Timestamp To Date type: dateFormat attributes: inputFormat: MMM-dd-yyyy, HH:mm:ss.SSS outputFormat: yyyy/dd/MM responses: '200': description: Indicates the transform was successfully updated and returns its new representation. content: application/json: schema: $ref: '#/components/schemas/TransformRead' example: id: 2cd78adghjkja34jh2b1hkjhasuecd name: Timestamp To Date type: dateFormat attributes: inputFormat: MMM-dd-yyyy, HH:mm:ss.SSS outputFormat: yyyy/dd/MM internal: false '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:transform:manage - applicationAuth: - idn:transform:manage x-sailpoint-userLevels: - ORG_ADMIN delete: tags: - Transforms summary: Delete a transform description: Deletes the transform specified by the given ID. Attempting to delete a transform that is used in one or more Identity Profile mappings will result in an error. If this occurs, you must first remove the transform from all mappings before deleting the transform. operationId: deleteTransform parameters: - name: id in: path description: ID of the transform to delete required: true x-sailpoint-resource-operation-id: listTransforms style: simple explode: false schema: type: string example: 2cd78adghjkja34jh2b1hkjhasuecd responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:transform:manage - applicationAuth: - idn:transform:manage x-sailpoint-userLevels: - ORG_ADMIN /work-items: get: operationId: listWorkItems tags: - Work Items summary: List work items description: This gets a collection of work items belonging to either the specified user(admin required), or the current user. parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: ownerId schema: type: string description: ID of the work item owner. required: false example: 1211bcaa32112bcef6122adb21cef1ac responses: '200': description: List of work items content: application/json: schema: type: array items: $ref: '#/components/schemas/WorkItems' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /work-items/completed: get: operationId: getCompletedWorkItems tags: - Work Items summary: Completed work items description: This gets a collection of completed work items belonging to either the specified user(admin required), or the current user. parameters: - in: query name: ownerId schema: type: string description: The id of the owner of the work item list being requested. Either an admin, or the owning/current user must make this request. required: false example: 1211bcaa32112bcef6122adb21cef1ac - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' responses: '200': description: List of completed work items. content: application/json: schema: type: array items: $ref: '#/components/schemas/WorkItems' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /work-items/count: get: operationId: getCountWorkItems tags: - Work Items summary: Count work items description: This gets a count of work items belonging to either the specified user(admin required), or the current user. parameters: - in: query name: ownerId schema: type: string description: ID of the work item owner. required: false example: ef38f94347e94562b5bb8424a56397d8 responses: '200': description: List of work items content: application/json: schema: $ref: '#/components/schemas/WorkItemsCount' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /work-items/completed/count: get: operationId: getCountCompletedWorkItems tags: - Work Items summary: Count completed work items description: This gets a count of completed work items belonging to either the specified user(admin required), or the current user. parameters: - in: query name: ownerId schema: type: string description: ID of the work item owner. required: false example: 1211bcaa32112bcef6122adb21cef1ac responses: '200': description: List of work items content: application/json: schema: $ref: '#/components/schemas/WorkItemsCount' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /work-items/summary: get: operationId: getWorkItemsSummary tags: - Work Items summary: Work items summary description: This gets a summary of work items belonging to either the specified user(admin required), or the current user. parameters: - in: query name: ownerId schema: type: string description: ID of the work item owner. required: false example: 1211bcaa32112bcef6122adb21cef1ac responses: '200': description: List of work items content: application/json: schema: $ref: '#/components/schemas/WorkItemsSummary' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /work-items/{id}: get: operationId: getWorkItem tags: - Work Items summary: Get a work item description: This gets the details of a Work Item belonging to either the specified user(admin required), or the current user. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listWorkItems description: ID of the work item. example: 2c9180835d191a86015d28455b4a2329 responses: '200': description: The work item with the given ID. content: application/json: schema: $ref: '#/components/schemas/WorkItems' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: completeWorkItem tags: - Work Items summary: Complete a work item description: This API completes a work item. Either an admin, or the owning/current user must make this request. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listWorkItems description: The ID of the work item example: ef38f94347e94562b5bb8424a56397d8 requestBody: description: Body is the request payload to create form definition request content: application/json: schema: type: string nullable: true responses: '200': description: A WorkItems object content: application/json: schema: $ref: '#/components/schemas/WorkItems' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /work-items/{id}/forward: post: operationId: sendWorkItemForward security: - userAuth: - idn:work-item:update tags: - Work Items summary: Forward a work item description: This API forwards a work item to a new owner. Either an admin, or the owning/current user must make this request. Accessible to work-item Owner, ORG_ADMIN, REPORT_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listWorkItems description: The ID of the work item example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/WorkItemForward' responses: '200': description: Success, but no data is returned. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /work-items/{id}/approve/{approvalItemId}: post: operationId: approveApprovalItem tags: - Work Items summary: Approve an approval item description: This API approves an Approval Item. Either an admin, or the owning/current user must make this request. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listWorkItems description: The ID of the work item example: ef38f94347e94562b5bb8424a56397d8 - in: path name: approvalItemId schema: type: string required: true description: The ID of the approval item. example: 1211bcaa32112bcef6122adb21cef1ac responses: '200': description: A work items details object. content: application/json: schema: $ref: '#/components/schemas/WorkItems' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /work-items/{id}/reject/{approvalItemId}: post: operationId: rejectApprovalItem tags: - Work Items summary: Reject an approval item description: This API rejects an Approval Item. Either an admin, or the owning/current user must make this request. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listWorkItems description: The ID of the work item example: ef38f94347e94562b5bb8424a56397d8 - in: path name: approvalItemId schema: type: string required: true description: The ID of the approval item. example: 1211bcaa32112bcef6122adb21cef1ac responses: '200': description: A work items details object. content: application/json: schema: $ref: '#/components/schemas/WorkItems' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /work-items/bulk-approve/{id}: post: operationId: approveApprovalItemsInBulk tags: - Work Items summary: Bulk approve approval items description: This API bulk approves Approval Items. Either an admin, or the owning/current user must make this request. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listWorkItems description: The ID of the work item example: ef38f94347e94562b5bb8424a56397d8 responses: '200': description: A work items details object. content: application/json: schema: $ref: '#/components/schemas/WorkItems' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /work-items/bulk-reject/{id}: post: operationId: rejectApprovalItemsInBulk tags: - Work Items summary: Bulk reject approval items description: This API bulk rejects Approval Items. Either an admin, or the owning/current user must make this request. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listWorkItems description: The ID of the work item example: ef38f94347e94562b5bb8424a56397d8 responses: '200': description: A work items details object. content: application/json: schema: $ref: '#/components/schemas/WorkItems' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /work-items/{id}/submit-account-selection: post: operationId: submitAccountSelection tags: - Work Items summary: Submit account selections description: This API submits account selections. Either an admin, or the owning/current user must make this request. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listWorkItems description: The ID of the work item example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true content: application/json: schema: type: object additionalProperties: true example: fieldName: fieldValue description: Account Selection Data map, keyed on fieldName responses: '200': description: A work items details object. content: application/json: schema: $ref: '#/components/schemas/WorkItems' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /workflows: get: operationId: listWorkflows tags: - Workflows summary: List workflows description: List all workflows in the tenant. security: - userAuth: - sp:workflow:read - sp:workflow:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: query name: filters schema: type: string example: enabled eq true and triggerId eq "abc123" description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **enabled**: *eq* **connectorInstanceId**: *eq* **triggerId**: *eq* required: false - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **modified, name** example: modified required: false - name: limit in: query description: |- Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. required: false example: 250 schema: type: integer format: int32 minimum: 0 maximum: 250 default: 250 - name: offset in: query description: |- Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. required: false example: 0 schema: type: integer format: int32 minimum: 0 default: 0 responses: '200': description: List of workflows content: application/json: schema: type: array items: $ref: '#/components/schemas/Workflow' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createWorkflow tags: - Workflows summary: Create workflow description: Create a new workflow with the desired trigger and steps specified in the request body. security: - userAuth: - sp:workflow:manage x-sailpoint-userLevels: - ORG_ADMIN requestBody: required: true content: application/json: schema: allOf: - required: - name - $ref: '#/components/schemas/WorkflowBody' examples: Event Trigger: description: Workflow initiated by an event trigger value: name: Send Email owner: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 name: William Wilson description: Send an email to the identity who's attributes changed. definition: start: Send Email Test steps: Send Email: actionId: sp:send-email attributes: body: This is a test from: sailpoint@sailpoint.com recipientId.$: $.identity.id subject: test nextStep: success selectResult: null type: action success: type: success enabled: false trigger: type: EVENT attributes: id: idn:identity-attributes-changed filter: $.changes[?(@.attribute == 'manager')] Scheduled Trigger: description: Workflow initiated by a scheduled trigger value: name: Send Email owner: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 name: William Wilson description: Send an email to the identity who's attributes changed. definition: start: Send Email Test steps: Send Email: actionId: sp:send-email attributes: body: This is a test from: sailpoint@sailpoint.com recipientId.$: $.identity.id subject: test nextStep: success selectResult: null type: action success: type: success enabled: false trigger: type: SCHEDULED attributes: cronString: 0 * */3 */5 * External Trigger: description: Workflow initiated by an external trigger value: name: Send Email owner: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 name: William Wilson description: Send an email to the identity whose attributes changed. definition: start: Send Email Test steps: Send Email: actionId: sp:send-email attributes: body: This is a test from: sailpoint@sailpoint.com recipientId.$: $.identity.id subject: test nextStep: success selectResult: null type: action success: type: success enabled: false trigger: type: EXTERNAL attributes: name: search-and-notify description: Run a search and notify the results responses: '200': description: The Workflow object content: application/json: schema: $ref: '#/components/schemas/Workflow' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /workflows/{id}: get: operationId: getWorkflow tags: - Workflows summary: Get workflow by id description: Get a single workflow by id. security: - userAuth: - sp:workflow:read - sp:workflow:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - name: id in: path description: Id of the workflow required: true x-sailpoint-resource-operation-id: listWorkflows style: simple explode: false schema: type: string example: c17bea3a-574d-453c-9e04-4365fbf5af0b - name: workflowMetrics in: query description: disable workflow metrics required: false schema: type: boolean default: true example: false responses: '200': description: The workflow object content: application/json: schema: $ref: '#/components/schemas/Workflow' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: putWorkflow tags: - Workflows summary: Update workflow description: Perform a full update of a workflow. The updated workflow object is returned in the response. security: - userAuth: - sp:workflow:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - name: id in: path description: Id of the Workflow required: true x-sailpoint-resource-operation-id: listWorkflows style: simple explode: false schema: type: string example: c17bea3a-574d-453c-9e04-4365fbf5af0b requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/WorkflowBody' responses: '200': description: The Workflow object content: application/json: schema: $ref: '#/components/schemas/Workflow' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: patchWorkflow tags: - Workflows summary: Patch workflow description: Partially update an existing Workflow using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax. security: - userAuth: - sp:workflow:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - name: id in: path description: Id of the Workflow required: true x-sailpoint-resource-operation-id: listWorkflows style: simple explode: false schema: type: string example: c17bea3a-574d-453c-9e04-4365fbf5af0b requestBody: required: true content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' examples: Update all patchable fields: description: Demonstrate how to update each patchable field in one PATCH request. value: - op: replace path: /name value: Send Email - op: replace path: /owner value: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 name: William Wilson - op: replace path: /description value: Send an email to the identity who's attributes changed. - op: replace path: /enabled value: false - op: replace path: /definition value: start: Send Email Test steps: Send Email: actionId: sp:send-email attributes: body: This is a test from: sailpoint@sailpoint.com recipientId.$: $.identity.id subject: test nextStep: success selectResult: null type: action success: type: success - op: replace path: /trigger value: type: EVENT attributes: id: idn:identity-attributes-changed responses: '200': description: The Workflow object content: application/json: schema: $ref: '#/components/schemas/Workflow' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteWorkflow tags: - Workflows summary: Delete workflow by id description: Delete a workflow. **Enabled workflows cannot be deleted**. They must first be disabled. security: - userAuth: - sp:workflow:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - name: id in: path description: Id of the Workflow required: true x-sailpoint-resource-operation-id: listWorkflows style: simple explode: false schema: type: string example: c17bea3a-574d-453c-9e04-4365fbf5af0b responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /workflows/{id}/test: post: operationId: testWorkflow tags: - Workflows summary: Test workflow by id description: | :::info Workflow must be disabled in order to use this endpoint. ::: Test a workflow with the provided input data. The input data should resemble the input that the trigger will send the workflow. See the [event trigger documentation](https://developer.sailpoint.com/docs/extensibility/event-triggers/available) for an example input for the trigger that initiates this workflow. This endpoint will return an execution ID, which can be used to lookup more information about the execution using the `Get a Workflow Execution` endpoint. **This will cause a live run of the workflow, which could result in unintended modifications to your IDN tenant.** security: - userAuth: - sp:workflow-execute:external x-sailpoint-userLevels: - ORG_ADMIN parameters: - name: id in: path description: Id of the workflow required: true x-sailpoint-resource-operation-id: listWorkflows style: simple explode: false schema: type: string example: c17bea3a-574d-453c-9e04-4365fbf5af0b requestBody: required: true content: application/json: schema: type: object required: - input properties: input: type: object description: The test input for the workflow. examples: Identity Attributes Changed: description: Identity Attributes Changed Trigger Input value: input: identity: id: ee769173319b41d19ccec6cea52f237b name: john.doe type: IDENTITY changes: - attribute: department oldValue: sales newValue: marketing - attribute: manager oldValue: id: ee769173319b41d19ccec6c235423237b name: nice.guy type: IDENTITY newValue: id: ee769173319b41d19ccec6c235423236c name: mean.guy type: IDENTITY - attribute: email oldValue: john.doe@hotmail.com newValue: john.doe@gmail.com responses: '200': description: The Workflow object content: application/json: schema: type: object properties: workflowExecutionId: type: string description: The workflow execution id example: 0e11cefa-96e7-4b67-90d0-065bc1da5753 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /workflows/{id}/executions: get: operationId: getWorkflowExecutions tags: - Workflows summary: List workflow executions description: |- Use this API to list a specified workflow's executions. Workflow executions are available for up to 90 days before being archived. By default, you can get a maximum of 250 executions. To get executions past the first 250 records, you can do the following: 1. Use the [Get Workflows](https://developer.sailpoint.com/idn/api/beta/list-workflows) endpoint to get your workflows. 2. Get your workflow ID from the response. 3. You can then do either of the following: - Filter to find relevant workflow executions. For example, you can filter for failed workflow executions: `GET /workflows/:workflowID/executions?filters=status eq "Failed"` - Paginate through results with the `offset` parameter. For example, you can page through 50 executions per page and use that as a way to get to the records past the first 250. Refer to [Paginating Results](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-results) for more information about the query parameters you can use to achieve pagination. security: - userAuth: - sp:workflow:read - sp:workflow:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_SUBADMIN - SOURCE_ADMIN parameters: - name: id in: path description: Workflow ID. required: true x-sailpoint-resource-operation-id: listWorkflows style: simple explode: false schema: type: string example: c17bea3a-574d-453c-9e04-4365fbf5af0b - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **start_time**: *eq, lt, le, gt, ge* **status**: *eq* example: status eq "Failed" required: false responses: '200': description: List of workflow executions for the specified workflow. content: application/json: schema: type: array items: $ref: '#/components/schemas/WorkflowExecution' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /workflow-executions/{id}: get: operationId: getWorkflowExecution tags: - Workflows summary: Get workflow execution description: Get a single workflow execution. Workflow executions are available for up to 90 days before being archived. If you attempt to access a workflow execution that has been archived, you will receive a "404 Not Found" response. x-sailpoint-userLevels: - ORG_ADMIN security: - userAuth: - sp:workflow:read - sp:workflow:manage parameters: - name: id in: path description: Workflow execution ID. x-sailpoint-resource-operation-id: listWorkflows required: true style: simple explode: false schema: type: string example: c17bea3a-574d-453c-9e04-4365fbf5af0b responses: '200': description: Workflow execution. content: application/json: schema: items: $ref: '#/components/schemas/WorkflowExecution' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /workflow-executions/{id}/history: get: operationId: getWorkflowExecutionHistory tags: - Workflows summary: Get workflow execution history description: '[Deprecated] This endpoint will be removed in October 2027. Please use `/workflow-executions/{id}/history-v2` instead. Retrieves the detailed history of a single workflow execution. Workflow executions are available for up to 90 days before being archived; accessing an archived execution will return a 404 Not Found.' deprecated: true security: - userAuth: - sp:workflow:read - sp:workflow:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_SUBADMIN - SOURCE_ADMIN parameters: - name: id in: path description: Id of the workflow execution required: true x-sailpoint-resource-operation-id: getWorkflowExecution style: simple explode: false schema: type: string example: c17bea3a-574d-453c-9e04-4365fbf5af0b responses: '200': description: List of workflow execution events for the given workflow execution content: application/json: schema: type: array items: $ref: '#/components/schemas/WorkflowExecutionEvent' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /workflow-executions/{id}/cancel: post: operationId: cancelWorkflowExecution tags: - Workflows summary: Cancel workflow execution by id description: Use this API to cancel a running workflow execution. security: - userAuth: - sp:workflow-execute:external parameters: - name: id in: path description: The workflow execution ID required: true style: simple explode: false schema: type: string example: c17bea3a-574d-453c-9e04-4365fbf5af0b responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /workflow-library: get: operationId: listCompleteWorkflowLibrary tags: - Workflows summary: List complete workflow library description: This lists all triggers, actions, and operators in the library externalDocs: description: Additional documentation for workflows url: https://documentation.sailpoint.com/saas/help/workflows/index.html parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' security: - userAuth: - sp:workflow:read - sp:workflow:manage responses: '200': description: List of workflow steps content: application/json: schema: type: array items: anyOf: - $ref: '#/components/schemas/WorkflowLibraryAction' - $ref: '#/components/schemas/WorkflowLibraryTrigger' - $ref: '#/components/schemas/WorkflowLibraryOperator' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /workflow-library/actions: get: operationId: listWorkflowLibraryActions tags: - Workflows summary: List workflow library actions description: This lists the workflow actions available to you. externalDocs: description: Additional documentation for each action url: https://documentation.sailpoint.com/saas/help/workflows/index.html#actions parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - in: query name: filters required: false schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq* example: id eq "sp:create-campaign" security: - userAuth: - sp:workflow:read - sp:workflow:manage responses: '200': description: List of workflow actions content: application/json: schema: type: array items: $ref: '#/components/schemas/WorkflowLibraryAction' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /workflow-library/triggers: get: operationId: listWorkflowLibraryTriggers tags: - Workflows summary: List workflow library triggers description: This lists the workflow triggers available to you externalDocs: description: Additional documentation for each trigger url: https://documentation.sailpoint.com/saas/help/workflows/index.html#triggers parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - in: query name: filters required: false schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq* example: id eq "idn:identity-attributes-changed" security: - userAuth: - sp:workflow:read - sp:workflow:manage responses: '200': description: List of workflow triggers content: application/json: schema: type: array items: $ref: '#/components/schemas/WorkflowLibraryTrigger' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /workflow-library/operators: get: operationId: listWorkflowLibraryOperators tags: - Workflows summary: List workflow library operators description: This lists the workflow operators available to you security: - userAuth: - sp:workflow:read - sp:workflow:manage responses: '200': description: List of workflow operators content: application/json: schema: type: array items: $ref: '#/components/schemas/WorkflowLibraryOperator' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /workflows/{id}/external/oauth-clients: post: operationId: createWorkflowExternalTrigger tags: - Workflows summary: Generate external trigger oauth client description: Create OAuth client ID, client secret, and callback URL for use in an external trigger. External triggers will need this information to generate an access token to authenticate to the callback URL and submit a trigger payload that will initiate the workflow. security: - userAuth: - sp:workflow:manage parameters: - name: id in: path description: Id of the workflow required: true style: simple explode: false schema: type: string example: c17bea3a-574d-453c-9e04-4365fbf5af0b responses: '200': description: The OAuth Client object content: application/json: schema: $ref: '#/components/schemas/WorkflowOAuthClient' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /workflows/execute/external/{id}: post: operationId: createExternalExecuteWorkflow tags: - Workflows summary: Execute workflow via external trigger description: This endpoint allows a service outside of IdentityNow to initiate a workflow that uses the "External Trigger" step. The external service will invoke this endpoint with the input data it wants to send to the workflow in the body. security: - userAuth: - sp:workflow-execute:external - applicationAuth: - sp:workflow-execute:external parameters: - name: id in: path description: Id of the workflow required: true style: simple explode: false schema: type: string example: c17bea3a-574d-453c-9e04-4365fbf5af0b requestBody: required: false content: application/json: schema: type: object properties: input: type: object description: The input for the workflow example: customAttribute1: value1 customAttribute2: value2 responses: '200': description: The Workflow object content: application/json: schema: type: object properties: workflowExecutionId: type: string description: The workflow execution id example: 0e11cefa-96e7-4b67-90d0-065bc1da5753 message: type: string description: An error message if any errors occurred example: Workflow was not executed externally. Check enabled flag on workflow definition '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /workflows/execute/external/{id}/test: post: operationId: testExternalExecuteWorkflow tags: - Workflows summary: Test workflow via external trigger description: Validate a workflow with an "External Trigger" can receive input. The response includes the input that the workflow received, which can be used to validate that the input is intact when it reaches the workflow. security: - userAuth: - sp:workflow-execute:external - applicationAuth: - sp:workflow-execute:external parameters: - name: id in: path description: Id of the workflow required: true style: simple explode: false schema: type: string example: c17bea3a-574d-453c-9e04-4365fbf5af0b requestBody: required: false content: application/json: schema: type: object properties: input: type: object description: The test input for the workflow example: test: hello world responses: '200': description: Responds with the test input content: application/json: schema: type: object properties: payload: type: object description: The input that was received example: test: hello world '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /source-usages/{sourceId}/status: get: tags: - Source Usages summary: Finds status of source usage description: This API returns the status of the source usage insights setup by IDN source ID. operationId: getStatusBySourceId parameters: - name: sourceId in: path description: ID of IDN source required: true x-sailpoint-resource-operation-id: listSources schema: type: string example: 2c9180835d191a86015d28455b4a2329 security: - userAuth: - idn:identity-history:manage - applicationAuth: - idn:identity-history:manage responses: '200': description: Status of the source usage insights setup by IDN source ID. content: application/json: schema: $ref: '#/components/schemas/SourceUsageStatus' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /source-usages/{sourceId}/summaries: get: tags: - Source Usages summary: Returns source usage insights description: This API returns a summary of source usage insights for past 12 months. operationId: getUsagesBySourceId parameters: - name: sourceId in: path description: ID of IDN source required: true x-sailpoint-resource-operation-id: listSources schema: type: string example: 2c9180835d191a86015d28455b4a2329 - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **date** example: '-date' security: - userAuth: - idn:identity-history:manage - applicationAuth: - idn:identity-history:manage responses: '200': description: Summary of source usage insights for past 12 months. content: application/json: schema: type: array items: $ref: '#/components/schemas/SourceUsage' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /account-usages/{accountId}/summaries: get: tags: - Account Usages summary: Returns account usage insights description: This API returns a summary of account usage insights for past 12 months. operationId: getUsagesByAccountId parameters: - name: accountId in: path description: ID of IDN account required: true x-sailpoint-resource-operation-id: listAccounts schema: type: string example: ef38f94347e94562b5bb8424a56397d8 - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **date** example: '-date' security: - userAuth: - idn:identity-history:manage - applicationAuth: - idn:identity-history:manage responses: '200': description: Summary of account usage insights for past 12 months. content: application/json: schema: type: array items: $ref: '#/components/schemas/AccountUsage' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /manual-discover-applications-template: get: summary: Download csv template for discovery tags: - Application Discovery description: | Download an example CSV file with two columns `application_name` and `description`. The CSV file contains a single row with the values 'Example Application' and 'Example Description'. The downloaded template is specifically designed for use with the `/manual-discover-applications` endpoint. security: - userAuth: - idn:application-discovery:read operationId: getManualDiscoverApplicationsCsvTemplate responses: '200': description: A CSV file download was successful. content: text/csv: schema: $ref: '#/components/schemas/ManualDiscoverApplicationsTemplate' example: | application_name,description Example Application,Example Description '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /manual-discover-applications: post: summary: Upload csv to discover applications tags: - Application Discovery description: |- Uploading a CSV file with application data for manual correlation to specific ISC connectors. If a suitable ISC connector is unavailable, the system will recommend generic connectors instead. security: - userAuth: - idn:application-discovery:write - applicationAuth: - idn:application-discovery:write operationId: sendManualDiscoverApplicationsCsvTemplate requestBody: content: multipart/form-data: schema: $ref: '#/components/schemas/ManualDiscoverApplications' responses: '200': description: The CSV has been successfully processed. '400': $ref: '#/components/responses/400' description: | Bad request - There was an error with the CSV format or validation failed (e.g., `application_name` missing). Error message should be provided in response. '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /discovered-applications: get: operationId: getDiscoveredApplications tags: - Application Discovery summary: Get discovered applications for tenant description: | Get a list of applications that have been identified within the environment. This includes details such as application names, discovery dates, potential correlated saas_vendors and related suggested connectors. security: - userAuth: - idn:application-discovery:read parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - in: query name: detail schema: type: string enum: - SLIM - FULL description: Determines whether slim, or increased level of detail is provided for each discovered application in the returned list. SLIM is the default behavior. example: FULL - in: query name: filter schema: type: string description: | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **name**: *eq, sw, co* **description**: *eq, sw, co* **createdAtStart**: *eq, le, ge* **createdAtEnd**: *eq, le, ge* **discoveredAtStart**: *eq, le, ge* **discoveredAtEnd**: *eq, le, ge* **discoverySource**: *eq, in* example: name eq "Okta" and description co "Okta" and discoverySource in ("csv", "Okta Saas") required: false style: form - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, description, discoveredAt, discoverySource** example: name responses: '200': description: List of discovered applications. By default, the API returns a list of SLIM discovered applications. content: application/json: schema: type: array items: oneOf: - $ref: '#/components/schemas/SlimDiscoveredApplications' - $ref: '#/components/schemas/FullDiscoveredApplications' examples: Slim Discovered Application: $ref: '#/components/examples/SlimDiscoveredApplications' Discovered Application: $ref: '#/components/examples/FullDiscoveredApplications' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' components: securitySchemes: userAuth: type: oauth2 x-displayName: Personal Access Token description: | OAuth2 Bearer token (JWT) generated using either a [personal access token (PAT)](https://developer.sailpoint.com/docs/api/authentication/#generate-a-personal-access-token) or through the [authorization code flow](https://developer.sailpoint.com/docs/api/authentication/#request-access-token-with-authorization-code-grant-flow). Personal access tokens are associated with a user in Identity Security Cloud and relies on the user's [user level](https://documentation.sailpoint.com/saas/help/common/users/index.html) (ex. Admin, Helpdesk, etc.) to determine a base level of access. See [Identity Security Cloud REST API Authentication](https://developer.sailpoint.com/docs/api/authentication/) for more information. flows: clientCredentials: tokenUrl: https://example-tenant.api.identitynow.com/oauth/token scopes: sp:scopes:default: default scope sp:scopes:all: access to all scopes authorizationCode: authorizationUrl: https://example-tenant.login.sailpoint.com/oauth/authorize tokenUrl: https://example-tenant.api.identitynow.com/oauth/token scopes: sp:scopes:default: default scope sp:scopes:all: access to all scopes applicationAuth: type: oauth2 x-displayName: Client Credentials description: | OAuth2 Bearer token (JWT) generated using [client credentials flow](https://developer.sailpoint.com/docs/api/authentication/#request-access-token-with-client-credentials-grant-flow). Client credentials refers to tokens that are not associated with a user in Identity Security Cloud. See [Identity Security Cloud REST API Authentication](https://developer.sailpoint.com/docs/api/authentication/) for more information. flows: clientCredentials: tokenUrl: https://example-tenant.api.identitynow.com/oauth/token scopes: sp:scopes:default: default scope sp:scopes:all: access to all scopes schemas: AccessRequest: type: object title: Access Request properties: requestedFor: description: A list of Identity IDs for whom the Access is requested. If it's a Revoke request, there can only be one Identity ID. type: array items: type: string example: 2c918084660f45d6016617daa9210584 requestType: $ref: '#/components/schemas/AccessRequestType' requestedItems: type: array items: $ref: '#/components/schemas/AccessRequestItem' minItems: 1 clientMetadata: type: object additionalProperties: type: string example: requestedAppId: 2c91808f7892918f0178b78da4a305a1 requestedAppName: test-app example: requestedAppId: 2c91808f7892918f0178b78da4a305a1 requestedAppName: test-app description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities. requestedForWithRequestedItems: description: | Additional submit data structure with requestedFor containing requestedItems allowing distinction for each request item and Identity. * Can only be used when 'requestedFor' and 'requestedItems' are not separately provided * Adds ability to specify which account the user wants the access on, in case they have multiple accounts on a source * Allows the ability to request items with different remove dates * Also allows different combinations of request items and identities in the same request * Only for use in GRANT_ACCESS type requests type: array items: $ref: '#/components/schemas/RequestedForDtoRef' nullable: true required: - requestedFor - requestedItems AccessRequestItem: type: object title: Access Request Item properties: type: type: string enum: - ACCESS_PROFILE - ROLE - ENTITLEMENT description: The type of the item being requested. example: ACCESS_PROFILE id: type: string description: ID of Role, Access Profile or Entitlement being requested. example: 2c9180835d2e5168015d32f890ca1581 comment: type: string description: | Comment provided by requester. * Comment is required when the request is of type Revoke Access. example: Requesting access profile for John Doe clientMetadata: type: object additionalProperties: type: string example: requestedAppId: 2c91808f7892918f0178b78da4a305a1 requestedAppName: test-app example: requestedAppName: test-app requestedAppId: 2c91808f7892918f0178b78da4a305a1 description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities and /access-request-status. removeDate: type: string description: | The date and time the role or access profile or entitlement is no longer assigned to the specified identity. Also known as the expiration date. * Specify a date-time in the future. * The current SLA for the deprovisioning is 24 hours. * This date-time can be used to change the duration of an existing access item assignment for the specified identity. A GRANT_ACCESS request can extend duration or even remove an expiration date, and either a GRANT_ACCESS or REVOKE_ACCESS request can reduce duration or add an expiration date where one has not previously been present. You can change the expiration date in requests for yourself or others you are authorized to request for. format: date-time example: '2020-07-11T21:23:15.000Z' assignmentId: type: string nullable: true description: | The assignmentId for a specific role assignment on the identity. This id is used to revoke that specific roleAssignment on that identity. * For use with REVOKE_ACCESS requests for roles for identities with multiple accounts on a single source. example: ee48a191c00d49bf9264eb0a4fc3a9fc nativeIdentity: type: string nullable: true description: | The unique identifier for an account on the identity, designated as the account ID attribute in the source's account schema. This is used to revoke a specific attributeAssignment on the identity. * For use with REVOKE_ACCESS requests for entitlements for identities with multiple accounts on a single source. example: CN=User db3377de14bf,OU=YOURCONTAINER, DC=YOURDOMAIN required: - id - type AccessProfileDocument: description: 'More complete representation of an access profile. ' allOf: - $ref: '#/components/schemas/BaseAccess' - type: object required: - id - name properties: id: type: string description: Access profile's ID. example: 2c9180825a6c1adc015a71c9023f0818 name: type: string description: Access profile's name. example: Cloud Eng source: type: object description: Access profile's source. properties: id: type: string description: Source's ID. example: ff8081815757d4fb0157588f3d9d008f name: type: string description: Source's name. example: Employees entitlements: type: array description: Entitlements the access profile has access to. items: $ref: '#/components/schemas/BaseEntitlement' entitlementCount: type: integer description: Number of entitlements. example: 5 segments: type: array description: Segments with the access profile. items: $ref: '#/components/schemas/BaseSegment' segmentCount: type: integer description: Number of segments with the access profile. format: int32 example: 1 tags: $ref: '#/components/schemas/Tags' apps: type: array description: Applications with the access profile items: $ref: '#/components/schemas/AccessApps' AccessProfileSummary: description: This is a summary representation of an access profile. allOf: - $ref: '#/components/schemas/Access' - type: object properties: type: type: string description: Type of the access item. example: ACCESS_PROFILE source: $ref: '#/components/schemas/Reference' owner: $ref: '#/components/schemas/DisplayReference' revocable: type: boolean example: true AccessReviewReassignment: $ref: '#/components/schemas/ReviewReassign' Account: allOf: - $ref: '#/components/schemas/BaseCommonDto' - type: object required: - sourceId - sourceName - attributes - authoritative - disabled - locked - nativeIdentity - systemAccount - uncorrelated - manuallyCorrelated - hasEntitlements properties: sourceId: type: string example: 2c9180835d2e5168015d32f890ca1581 description: The unique ID of the source this account belongs to sourceName: type: string nullable: true example: Employees description: The display name of the source this account belongs to identityId: type: string example: 2c9180835d2e5168015d32f890ca1581 description: The unique ID of the identity this account is correlated to cloudLifecycleState: type: string nullable: true example: active description: The lifecycle state of the identity this account is correlated to identityState: type: string nullable: true example: ACTIVE description: The identity state of the identity this account is correlated to connectionType: type: string nullable: true example: direct description: The connection type of the source this account is from isMachine: type: boolean default: false description: Indicates if the account is of machine type example: true recommendation: allOf: - $ref: '#/components/schemas/Recommendation' - nullable: true description: Indicates that the account is currently classified to be one type but is recommended to be a different one example: type: MACHINE method: DISCOVERY attributes: type: object nullable: true additionalProperties: true description: The account attributes that are aggregated example: firstName: SailPoint lastName: Support displayName: SailPoint Support authoritative: type: boolean description: Indicates if this account is from an authoritative source example: false description: type: string description: A description of the account nullable: true example: null disabled: type: boolean description: Indicates if the account is currently disabled example: false locked: type: boolean description: Indicates if the account is currently locked example: false nativeIdentity: type: string description: The unique ID of the account generated by the source system example: '552775' systemAccount: type: boolean example: false description: If true, this is a user account within IdentityNow. If false, this is an account from a source system. uncorrelated: type: boolean description: Indicates if this account is not correlated to an identity example: false uuid: type: string description: The unique ID of the account as determined by the account schema example: '{b0dce506-d6d4-44d2-8a32-d9a5b21fb175}' nullable: true manuallyCorrelated: type: boolean description: Indicates if the account has been manually correlated to an identity example: false hasEntitlements: type: boolean description: Indicates if the account has entitlements example: true identity: description: The identity this account is correlated to properties: id: type: string description: The ID of the identity example: 2c918084660f45d6016617daa9210584 type: type: string description: The type of object being referenced enum: - IDENTITY example: IDENTITY name: type: string description: display name of identity example: John Doe sourceOwner: type: object nullable: true description: The owner of the source this account belongs to. properties: id: type: string description: The ID of the identity example: 2c918084660f45d6016617daa9210584 type: type: string description: The type of object being referenced enum: - IDENTITY example: IDENTITY name: type: string description: display name of identity example: Adam Kennedy features: type: string description: A string list containing the owning source's features example: ENABLE nullable: true origin: type: string nullable: true enum: - AGGREGATED - PROVISIONED - null description: The origin of the account either aggregated or provisioned example: AGGREGATED ownerIdentity: allOf: - $ref: '#/components/schemas/BaseReferenceDto' - description: The identity who owns this account, used only for machine accounts nullable: true example: id: 2c918084660f45d6016617daa9210584 type: IDENTITY name: Adam Kennedy AccountActivity: type: object title: Account Activity properties: id: type: string description: Id of the account activity example: 2c9180835d2e5168015d32f890ca1581 name: type: string description: The name of the activity example: 2c9180835d2e5168015d32f890ca1581 created: description: When the activity was first created type: string format: date-time example: '2017-07-11T18:45:37.098Z' modified: description: When the activity was last modified type: string format: date-time example: '2018-06-25T20:22:28.104Z' nullable: true completed: description: When the activity was completed type: string format: date-time nullable: true example: '2018-10-19T13:49:37.385Z' completionStatus: $ref: '#/components/schemas/CompletionStatus' type: nullable: true type: string example: appRequest description: | The type of action the activity performed. Please see the following list of types. This list may grow over time. - CloudAutomated - IdentityAttributeUpdate - appRequest - LifecycleStateChange - AccountStateUpdate - AccountAttributeUpdate - CloudPasswordRequest - Attribute Synchronization Refresh - Certification - Identity Refresh - Lifecycle Change Refresh [Learn more here](https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data). requesterIdentitySummary: $ref: '#/components/schemas/IdentitySummary' targetIdentitySummary: $ref: '#/components/schemas/IdentitySummary' errors: nullable: true description: A list of error messages, if any, that were encountered. type: array items: type: string example: - 'sailpoint.connector.ConnectorException: java.lang.InterruptedException: Timeout waiting for response to message 0 from client 57a4ab97-ab3f-4aef-9fe2-0eaf15c73d26 after 60 seconds.' warnings: nullable: true description: A list of warning messages, if any, that were encountered. type: array items: type: string example: - Some warning, another warning items: nullable: true type: array description: Individual actions performed as part of this account activity items: $ref: '#/components/schemas/AccountActivityItem' executionStatus: $ref: '#/components/schemas/ExecutionStatus' clientMetadata: nullable: true type: object additionalProperties: type: string description: Arbitrary key-value pairs, if any were included in the corresponding access request example: customKey1: custom value 1 customKey2: custom value 2 AccountActivitySearchedItem: $ref: '#/components/schemas/AccountActivityDocument' AccountAttributes: type: object title: Account Attributes required: - attributes properties: attributes: description: The schema attribute values for the account type: object additionalProperties: true example: city: Austin displayName: John Doe userName: jdoe sAMAccountName: jDoe mail: john.doe@sailpoint.com AccountsAsyncResult: description: Accounts async response containing details on started async process required: - id type: object title: Accounts Async Result properties: id: description: id of the task type: string example: 2c91808474683da6017468693c260195 AccountToggleRequest: description: Request used for account enable/disable type: object title: Account Toggle Request properties: externalVerificationId: description: If set, an external process validates that the user wants to proceed with this request. type: string example: 3f9180835d2e5168015d32f890ca1581 forceProvisioning: description: If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated. Providing 'true' for an unlocked account will add and process 'Unlock' operation by the workflow. type: boolean example: false AccountUnlockRequest: description: Request used for account unlock type: object title: Account Unlock Request properties: externalVerificationId: description: If set, an external process validates that the user wants to proceed with this request. type: string example: 3f9180835d2e5168015d32f890ca1581 unlockIDNAccount: description: If set, the IDN account is unlocked after the workflow completes. type: boolean example: false forceProvisioning: description: If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated. type: boolean example: false ApprovalItems: $ref: '#/components/schemas/ApprovalItemDetails' Campaign: $ref: '#/components/schemas/CampaignReference' Certification: $ref: '#/components/schemas/IdentityCertificationDto' CertificationReference: type: object title: Certification Reference properties: id: type: string description: The id of the certification. example: ef38f94347e94562b5bb8424a56397d8 name: type: string description: The name of the certification. example: Certification Name type: type: string enum: - CERTIFICATION example: CERTIFICATION reviewer: $ref: '#/components/schemas/Reviewer' EntitlementDocument: description: Entitlement allOf: - $ref: '#/components/schemas/BaseDocument' - type: object properties: modified: type: string description: ISO-8601 date-time referring to the time when the object was last modified. nullable: true format: date-time example: '2018-06-25T20:22:28.104Z' synced: type: string description: |- ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API. This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database. There may be some delay between the `synced` time and the time when the updated data is actually available in the search API. displayName: type: string description: Entitlement's display name. example: Admin source: type: object description: Entitlement's source. properties: id: type: string description: ID of entitlement's source. example: 2c91808b6e9e6fb8016eec1a2b6f7b5f name: type: string description: Display name of entitlement's source. example: ODS-HR-Employees type: type: string example: SOURCE description: Type of object. segments: type: array description: Segments with the entitlement. items: $ref: '#/components/schemas/BaseSegment' segmentCount: type: integer description: Number of segments with the role. format: int32 example: 1 requestable: type: boolean description: Indicates whether the entitlement is requestable. default: false example: false cloudGoverned: type: boolean description: Indicates whether the entitlement is cloud governed. default: false example: false created: type: string description: ISO-8601 date-time referring to the time when the object was created. nullable: true format: date-time example: '2018-06-25T20:22:28.104Z' privileged: type: boolean description: Indicates whether the entitlement is privileged. default: false example: false tags: $ref: '#/components/schemas/Tags' attribute: type: string description: Attribute information for the entitlement. example: groups value: type: string description: Value of the entitlement. example: 1733ff75-441e-4327-9bfc-3ac445fd8cd1 sourceSchemaObjectType: type: string description: Source schema object type of the entitlement. example: group schema: type: string description: Schema type of the entitlement. example: group hash: type: string description: Read-only calculated hash value of an entitlement. example: c6fab95235584cca98a454a2f51e5683bc77d6a0 attributes: type: object additionalProperties: true description: Attributes of the entitlement. truncatedAttributes: type: array description: Truncated attributes of the entitlement. items: type: string containsDataAccess: type: boolean description: Indicates whether the entitlement contains data access. default: false manuallyUpdatedFields: type: object description: Indicates whether the entitlement's display name and/or description have been manually updated. nullable: true properties: DESCRIPTION: type: boolean default: false example: false DISPLAY_NAME: type: boolean default: false example: false permissions: type: array items: type: object properties: target: type: string description: The target the permission would grants rights on. example: SYS.GV_$TRANSACTION rights: type: array description: All the rights (e.g. actions) that this permission allows on the target items: type: string example: SELECT EntitlementSummary: $ref: '#/components/schemas/AccessProfileEntitlement' Event: $ref: '#/components/schemas/EventDocument' IdentityDocument: description: Identity allOf: - $ref: '#/components/schemas/BaseDocument' - $ref: '#/components/schemas/DisplayReference' - type: object properties: displayName: type: string example: Carol.Adams description: Identity's display name. firstName: type: string description: Identity's first name. example: Carol lastName: type: string description: Identity's last name. example: Adams email: type: string description: Identity's primary email address. example: Carol.Adams@sailpointdemo.com created: type: string description: ISO-8601 date-time referring to the time when the object was created. nullable: true format: date-time example: '2018-06-25T20:22:28.104Z' modified: type: string description: ISO-8601 date-time referring to the time when the object was last modified. nullable: true format: date-time example: '2018-06-25T20:22:28.104Z' phone: type: string description: Identity's phone number. example: +1 440-527-3672 synced: type: string description: |- ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API. This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database. There may be some delay between the `synced` time and the time when the updated data is actually available in the search API. inactive: type: boolean description: Indicates whether the identity is inactive. default: false example: false protected: type: boolean description: Indicates whether the identity is protected. default: false example: false status: type: string description: Identity's status in SailPoint. example: UNREGISTERED employeeNumber: type: string description: Identity's employee number. example: 1a2a3d4e manager: type: object description: Identity's manager. nullable: true properties: id: type: string description: ID of identity's manager. example: 2c9180867dfe694b017e208e27c05799 name: type: string description: Name of identity's manager. example: Amanda.Ross displayName: type: string description: Display name of identity's manager. example: Amanda.Ross isManager: type: boolean description: Indicates whether the identity is a manager of other identities. example: false identityProfile: type: object description: Identity's identity profile. properties: id: type: string description: Identity profile's ID. example: 3bc8ad26b8664945866b31339d1ff7d2 name: type: string description: Identity profile's name. example: HR Employees source: type: object description: Identity's source. properties: id: type: string description: ID of identity's source. example: 2c91808b6e9e6fb8016eec1a2b6f7b5f name: type: string description: Display name of identity's source. example: ODS-HR-Employees attributes: type: object description: Map or dictionary of key/value pairs. additionalProperties: true example: country: US firstname: Carol cloudStatus: UNREGISTERED disabled: type: boolean description: Indicates whether the identity is disabled. default: false example: false locked: type: boolean description: Indicates whether the identity is locked. default: false example: false processingState: type: string description: Identity's processing state. nullable: true example: ERROR processingDetails: $ref: '#/components/schemas/ProcessingDetails' description: Identity's processing details. nullable: true accounts: type: array description: List of accounts associated with the identity. items: $ref: '#/components/schemas/BaseAccount' accountCount: type: integer description: Number of accounts associated with the identity. format: int32 example: 3 apps: type: array description: List of applications the identity has access to. items: $ref: '#/components/schemas/App' appCount: type: integer format: int32 description: Number of applications the identity has access to. example: 2 access: type: array description: List of access items assigned to the identity. items: $ref: '#/components/schemas/IdentityAccess' accessCount: type: integer format: int32 description: Number of access items assigned to the identity. example: 5 entitlementCount: type: integer format: int32 description: Number of entitlements assigned to the identity. example: 10 roleCount: type: integer format: int32 description: Number of roles assigned to the identity. example: 1 accessProfileCount: type: integer format: int32 description: Number of access profiles assigned to the identity. example: 1 owns: type: array description: Access items the identity owns. items: $ref: '#/components/schemas/Owns' ownsCount: type: integer format: int32 description: Number of access items the identity owns. example: 5 tags: $ref: '#/components/schemas/Tags' tagsCount: type: integer format: int32 description: Number of tags on the identity. visibleSegments: type: array description: List of segments that the identity is in. items: type: string nullable: true example: - All Employees visibleSegmentCount: type: integer format: int32 description: Number of segments the identity is in. example: 1 IdentityProfile: allOf: - $ref: '#/components/schemas/BaseCommonDto' - type: object required: - authoritativeSource properties: description: type: string description: Identity profile's description. example: My custom flat file profile nullable: true owner: type: object description: Identity profile's owner. nullable: true properties: type: type: string enum: - IDENTITY description: Owner's object type. example: IDENTITY id: type: string description: Owner's ID. example: 2c9180835d191a86015d28455b4b232a name: type: string description: Owner's name. example: William Wilson priority: type: integer format: int64 description: Identity profile's priority. example: 10 authoritativeSource: type: object properties: type: type: string enum: - SOURCE description: Authoritative source's object type. example: SOURCE id: type: string description: Authoritative source's ID. example: 2c9180835d191a86015d28455b4b232a name: type: string description: Authoritative source's name. example: HR Active Directory identityRefreshRequired: type: boolean default: false description: Set this value to 'True' if an identity refresh is necessary. You would typically want to trigger an identity refresh when a change has been made on the source. example: true identityCount: type: integer description: Number of identities belonging to the identity profile. format: int32 example: 8 identityAttributeConfig: $ref: '#/components/schemas/IdentityAttributeConfig' identityExceptionReportReference: $ref: '#/components/schemas/IdentityExceptionReportReference' hasTimeBasedAttr: description: Indicates the value of `requiresPeriodicRefresh` attribute for the identity profile. type: boolean default: false example: true IdentityReferenceWithNameAndEmail: type: object title: Identity Reference With Name And Email nullable: true properties: type: type: string description: The type can only be IDENTITY. This is read-only. example: IDENTITY id: type: string description: Identity ID. example: 5168015d32f890ca15812c9180835d2e name: type: string description: Identity's human-readable display name. This is read-only. example: Alison Ferguso email: type: string description: Identity's email address. This is read-only. example: alison.ferguso@identitysoon.com ProvisioningConfig: type: object title: Provisioning Config description: Specification of a Service Desk integration provisioning configuration. properties: universalManager: description: Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed. type: boolean readOnly: true default: false example: true managedResourceRefs: description: References to sources for the Service Desk integration template. May only be specified if universalManager is false. type: array items: allOf: - $ref: '#/components/schemas/ServiceDeskSource' example: - type: SOURCE id: 2c9180855d191c59015d291ceb051111 name: My Source 1 - type: SOURCE id: 2c9180855d191c59015d291ceb052222 name: My Source 2 planInitializerScript: description: This is a reference to a plan initializer script. type: object nullable: true properties: source: description: This is a Rule that allows provisioning instruction changes. type: string example: | \r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n noProvisioningRequests: description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration. type: boolean default: false example: true provisioningRequestExpiration: description: When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation. type: integer format: int32 example: 7 ProvisioningPolicy: $ref: '#/components/schemas/ProvisioningPolicyDto' QueuedCheckConfigDetails: description: Configuration of maximum number of days and interval for checking Service Desk integration queue status. required: - provisioningStatusCheckIntervalMinutes - provisioningMaxStatusCheckDays type: object title: Queued Check Config Details properties: provisioningStatusCheckIntervalMinutes: description: Interval in minutes between status checks type: string example: 30 provisioningMaxStatusCheckDays: description: Maximum number of days to check type: string example: 2 Reassignment: type: object title: Reassignment nullable: true properties: from: $ref: '#/components/schemas/CertificationReference' comment: type: string description: The comment entered when the Certification was reassigned example: Reassigned for a reason ReassignmentReference: $ref: '#/components/schemas/ReassignReference' RemediationItems: $ref: '#/components/schemas/RemediationItemDetails' RequestableObject: type: object title: Requestable Object properties: id: type: string description: Id of the requestable object itself example: 2c9180835d2e5168015d32f890ca1581 name: type: string description: Human-readable display name of the requestable object example: Applied Research Access created: type: string format: date-time example: '2017-07-11T18:45:37.098Z' description: The time when the requestable object was created modified: nullable: true type: string format: date-time example: '2018-06-25T20:22:28.104Z' description: The time when the requestable object was last modified description: type: string description: Description of the requestable object. example: Access to research information, lab results, and schematics. nullable: true type: $ref: '#/components/schemas/RequestableObjectType' requestStatus: allOf: - $ref: '#/components/schemas/RequestableObjectRequestStatus' - nullable: true identityRequestId: type: string description: If *requestStatus* is *PENDING*, indicates the id of the associated account activity. nullable: true example: null ownerRef: $ref: '#/components/schemas/IdentityReferenceWithNameAndEmail' requestCommentsRequired: type: boolean description: Whether the requester must provide comments when requesting the object. example: false RequestableObjectType: type: string enum: - ACCESS_PROFILE - ROLE - ENTITLEMENT description: Currently supported requestable object types. example: ACCESS_PROFILE RequestableObjectRequestStatus: type: string enum: - AVAILABLE - PENDING - ASSIGNED - null description: Status indicating the ability of an access request for the object to be made by or on behalf of the identity specified by *identity-id*. *AVAILABLE* indicates the object is available to request. *PENDING* indicates the object is unavailable because the identity has a pending request in flight. *ASSIGNED* indicates the object is unavailable because the identity already has the indicated role or access profile. If *identity-id* is not specified (allowed only for admin users), then status will be *AVAILABLE* for all results. example: AVAILABLE Reviewer: type: object title: Reviewer properties: id: type: string description: The id of the reviewer. example: ef38f94347e94562b5bb8424a56397d8 name: type: string description: The name of the reviewer. example: Reviewer Name email: type: string description: The email of the reviewing identity. example: reviewer@test.com type: type: string enum: - IDENTITY description: The type of the reviewing identity. example: IDENTITY created: nullable: true example: '2018-06-25T20:22:28.104Z' format: date-time type: string description: The created date of the reviewing identity. modified: nullable: true example: '2018-06-25T20:22:28.104Z' format: date-time type: string description: The modified date of the reviewing identity. RoleDocument: description: Role allOf: - $ref: '#/components/schemas/BaseAccess' - type: object required: - id - name properties: id: type: string example: 2c91808375d8e80a0175e1f88a575222 description: ID of the role. name: type: string example: Branch Manager Access description: Name of the role. accessProfiles: type: array description: Access profiles included with the role. nullable: true items: $ref: '#/components/schemas/BaseAccessProfile' accessProfileCount: type: integer description: Number of access profiles included with the role. nullable: true format: int32 example: 1 tags: $ref: '#/components/schemas/Tags' nullable: true segments: type: array description: Segments with the role. nullable: true items: $ref: '#/components/schemas/BaseSegment' segmentCount: type: integer description: Number of segments with the role. nullable: true format: int32 example: 1 entitlements: type: array description: Entitlements included with the role. nullable: true items: allOf: - $ref: '#/components/schemas/BaseEntitlement' - properties: sourceSchemaObjectType: type: string description: Schema objectType. example: group hash: type: string description: Read-only calculated hash value of an entitlement. example: c6fab95235584cca98a454a2f51e5683bc77d6a0 entitlementCount: type: integer description: Number of entitlements included with the role. nullable: true format: int32 example: 3 dimensional: type: boolean example: false default: false dimensionSchemaAttributeCount: type: integer description: Number of dimension attributes included with the role. nullable: true format: int32 example: 3 dimensionSchemaAttributes: type: array description: Dimension attributes included with the role. nullable: true items: type: object properties: derived: type: boolean example: true default: true displayName: type: string description: Displayname of the dimension attribute. example: Department name: type: string description: Name of the dimension attribute. example: department dimensions: type: array nullable: true items: type: object properties: id: type: string description: Unique ID of the dimension. example: b3c28992ba964a40a7598978139d1ced name: type: string description: Name of the dimension. example: Manager Austin Branch description: type: string nullable: true description: Description of the dimension. example: Managers located at the Austin branch entitlements: type: array description: Entitlements included with the role. nullable: true items: allOf: - $ref: '#/components/schemas/BaseEntitlement' - properties: sourceSchemaObjectType: type: string description: Schema objectType. example: group hash: type: string description: Read-only calculated hash value of an entitlement. example: c6fab95235584cca98a454a2f51e5683bc77d6a0 accessProfiles: type: array nullable: true description: Access profiles included in the dimension. items: $ref: '#/components/schemas/BaseAccessProfile' RoleSummary: $ref: '#/components/schemas/AccessProfileRole' SearchDocument: type: object oneOf: - $ref: '#/components/schemas/AccessProfileDocument' - $ref: '#/components/schemas/AccountActivityDocument' - $ref: '#/components/schemas/EntitlementDocument' - $ref: '#/components/schemas/EventDocument' - $ref: '#/components/schemas/IdentityDocument' - $ref: '#/components/schemas/RoleDocument' SavedSearch: type: object allOf: - type: object properties: id: description: | The saved search ID. type: string example: 0de46054-fe90-434a-b84e-c6b3359d0c64 owner: description: | The owner of the saved search. $ref: '#/components/schemas/TypedReference' ownerId: type: string description: The ID of the identity that owns this saved search. example: 2c91808568c529c60168cca6f90c1313 public: type: boolean description: Whether this saved search is visible to anyone but the owner. This field will always be false as there is no way to set a saved search as public at this time. default: false example: false - $ref: '#/components/schemas/SavedSearchName' - $ref: '#/components/schemas/SavedSearchDetail' Schedule: type: object description: The schedule information. properties: type: $ref: '#/components/schemas/ScheduleType' months: allOf: - $ref: '#/components/schemas/Selector' - description: | The months to execute the search. This only applies to schedules with a type of `ANNUALLY`. example: type: LIST values: - '3' - '6' - '9' - '12' nullable: true days: allOf: - $ref: '#/components/schemas/Selector' - description: | The days to execute the search. If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`. If `type` is `MONTHLY` or `ANNUALLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month. example: type: LIST values: - MON - WED - FRI nullable: true hours: allOf: - $ref: '#/components/schemas/Selector' - description: The hours selected. example: type: RANGE values: - '9' - '18' interval: 3 expiration: description: The schedule expiration date. Latest possible expiration date is '2038-01-19T03:14:07+0000' $ref: '#/components/schemas/DateTime' timeZoneId: description: The canonical TZ identifier the schedule will run in (ex. America/New_York). If no timezone is specified, the org's default timezone is used. nullable: true type: string example: America/Chicago required: - type - hours ScheduledSearch: type: object allOf: - type: object properties: id: description: The scheduled search ID. type: string example: 0de46054-fe90-434a-b84e-c6b3359d0c64 readOnly: true owner: description: The owner of the scheduled search readOnly: true type: object properties: type: type: string description: The type of object being referenced enum: - IDENTITY example: IDENTITY id: type: string description: The ID of the referenced object example: 2c9180867624cbd7017642d8c8c81f67 required: - type - id ownerId: description: | The ID of the scheduled search owner. Please use the `id` in the `owner` object instead. type: string example: 2c9180867624cbd7017642d8c8c81f67 readOnly: true deprecated: true - $ref: '#/components/schemas/ScheduledSearchName' - $ref: '#/components/schemas/SearchSchedule' required: - id - owner - ownerId ServiceDeskIntegrationDto: allOf: - type: object description: Service Desk integration's specification. required: - name - description - type - attributes properties: id: type: string description: Unique identifier for the Service Desk integration example: 62945a496ef440189b1f03e3623411c8 name: description: Service Desk integration's name. The name must be unique. type: string example: Service Desk Integration Name created: type: string format: date-time description: The date and time the Service Desk integration was created example: '2024-01-17T18:45:25.994Z' modified: type: string format: date-time description: The date and time the Service Desk integration was last modified example: '2024-02-18T18:45:25.994Z' description: description: Service Desk integration's description. type: string example: A very nice Service Desk integration type: description: | Service Desk integration types: - ServiceNowSDIM - ServiceNow type: string default: ServiceNowSDIM example: ServiceNowSDIM ownerRef: allOf: - $ref: '#/components/schemas/OwnerDto' clusterRef: allOf: - $ref: '#/components/schemas/SourceClusterDto' cluster: description: Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility). type: string example: xyzzy999 deprecated: true nullable: true managedSources: description: Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility). type: array items: type: string deprecated: true example: - 2c9180835d191a86015d28455b4a2329 - 2c5680835d191a85765d28455b4a9823 provisioningConfig: description: The 'provisioningConfig' property specifies the configuration used to provision integrations. $ref: '#/components/schemas/ProvisioningConfig' attributes: description: Service Desk integration's attributes. Validation constraints enforced by the implementation. type: object additionalProperties: true example: property: value key: value beforeProvisioningRule: allOf: - $ref: '#/components/schemas/BeforeProvisioningRuleDto' ServiceDeskIntegrationTemplateDto: allOf: - $ref: '#/components/schemas/BaseCommonDto' - type: object description: This is the model for a Service Desk integration template, used to create and edit Service Desk Integrations. required: - type - attributes - provisioningConfig properties: type: description: The 'type' property specifies the type of the Service Desk integration template. type: string example: Web Service SDIM default: Web Service SDIM attributes: description: The 'attributes' property value is a map of attributes available for integrations using this Service Desk integration template. type: object additionalProperties: true example: property: value key: value provisioningConfig: description: The 'provisioningConfig' property specifies the configuration used to provision integrations using the template. $ref: '#/components/schemas/ProvisioningConfig' ServiceDeskIntegrationTemplateType: description: This represents a Service Desk Integration template type. required: - type - scriptName type: object title: Service Desk Integration Template Type properties: name: description: This is the name of the type. example: aName type: string type: description: This is the type value for the type. example: aType type: string scriptName: description: This is the scriptName attribute value for the type. example: aScriptName type: string Source: type: object title: Source properties: id: type: string readOnly: true description: Source ID. example: 2c91808568c529c60168cca6f90c1324 name: type: string description: Source's human-readable name. example: My Source description: type: string description: Source's human-readable description. example: This is the corporate directory. owner: description: Reference to identity object who owns the source. type: object nullable: true properties: type: description: Type of object being referenced. type: string enum: - IDENTITY example: IDENTITY id: type: string description: Owner identity's ID. example: 2c91808568c529c60168cca6f90c1313 name: type: string description: Owner identity's human-readable display name. example: MyName cluster: description: Reference to the source's associated cluster. type: object nullable: true required: - name - id - type properties: type: description: Type of object being referenced. type: string enum: - CLUSTER example: CLUSTER id: type: string description: Cluster ID. example: 2c9180866166b5b0016167c32ef31a66 name: type: string description: Cluster's human-readable display name. example: Corporate Cluster accountCorrelationConfig: description: Reference to account correlation config object. type: object nullable: true properties: type: description: Type of object being referenced. type: string enum: - ACCOUNT_CORRELATION_CONFIG example: ACCOUNT_CORRELATION_CONFIG id: type: string description: Account correlation config ID. example: 2c9180855d191c59015d28583727245a name: type: string description: Account correlation config's human-readable display name. example: Directory [source-62867] Account Correlation accountCorrelationRule: description: Reference to a rule that can do COMPLEX correlation. Only use this rule when you can't use accountCorrelationConfig. type: object nullable: true properties: type: description: Type of object being referenced. type: string enum: - RULE example: RULE id: type: string description: Rule ID. example: 2c918085708c274401708c2a8a760001 name: type: string description: Rule's human-readable display name. example: Example Rule managerCorrelationMapping: allOf: - $ref: '#/components/schemas/ManagerCorrelationMapping' - nullable: true description: | Filter object used during manager correlation to match incoming manager values to an existing manager's account/identity. managerCorrelationRule: description: Reference to the ManagerCorrelationRule. Only use this rule when a simple filter isn't sufficient. type: object nullable: true properties: type: description: Type of object being referenced. type: string enum: - RULE example: RULE id: type: string description: Rule ID. example: 2c918085708c274401708c2a8a760001 name: type: string description: Rule's human-readable display name. example: Example Rule beforeProvisioningRule: description: 'Rule that runs on the CCG and allows for customization of provisioning plans before the API calls the connector. ' type: object nullable: true properties: type: description: Type of object being referenced. type: string enum: - RULE example: RULE id: type: string description: Rule ID. example: 2c918085708c274401708c2a8a760001 name: type: string description: Rule's human-readable display name. example: Example Rule schemas: type: array items: type: object properties: type: description: Type of object being referenced. type: string enum: - CONNECTOR_SCHEMA example: CONNECTOR_SCHEMA id: type: string description: Schema ID. example: 2c91808568c529c60168cca6f90c1777 name: type: string description: Schema's human-readable display name. example: MySchema description: List of references to schema objects. example: - type: CONNECTOR_SCHEMA id: 2c9180835d191a86015d28455b4b232a name: account - type: CONNECTOR_SCHEMA id: 2c9180835d191a86015d28455b4b232b name: group passwordPolicies: type: array nullable: true items: type: object properties: type: description: Type of object being referenced. type: string enum: - PASSWORD_POLICY example: PASSWORD_POLICY id: type: string description: Policy ID. example: 2c91808568c529c60168cca6f90c1777 name: type: string description: Policy's human-readable display name. example: My Password Policy description: List of references to the associated PasswordPolicy objects. example: - type: PASSWORD_POLICY id: 2c9180855d191c59015d291ceb053980 name: Corporate Password Policy - type: PASSWORD_POLICY id: 2c9180855d191c59015d291ceb057777 name: Vendor Password Policy features: $ref: '#/components/schemas/SourceFeature' type: type: string description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a delimited file source, you must set the `provisionasCsv` query parameter to `true`. ' example: OpenLDAP - Direct connector: type: string description: Connector script name. example: active-directory connectorClass: type: string description: Fully qualified name of the Java class that implements the connector interface. example: sailpoint.connector.LDAPConnector connectorAttributes: type: object description: Connector specific configuration. This configuration will differ from type to type. example: healthCheckTimeout: 30 authSearchAttributes: - cn - uid - mail deleteThreshold: type: integer format: int32 description: Number from 0 to 100 that specifies when to skip the delete phase. example: 10 authoritative: type: boolean description: When this is true, it indicates that the source is referenced by an identity profile. default: false example: false managementWorkgroup: description: Reference to management workgroup for the source. type: object nullable: true properties: type: description: Type of object being referenced. type: string enum: - GOVERNANCE_GROUP example: GOVERNANCE_GROUP id: type: string description: Management workgroup ID. example: 2c91808568c529c60168cca6f90c2222 name: type: string description: Management workgroup's human-readable display name. example: My Management Workgroup healthy: type: boolean description: When this is true, it indicates that the source is healthy. default: false example: true status: type: string enum: - SOURCE_STATE_ERROR_ACCOUNT_FILE_IMPORT - SOURCE_STATE_ERROR_CLUSTER - SOURCE_STATE_ERROR_SOURCE - SOURCE_STATE_ERROR_VA - SOURCE_STATE_FAILURE_CLUSTER - SOURCE_STATE_FAILURE_SOURCE - SOURCE_STATE_HEALTHY - SOURCE_STATE_UNCHECKED_CLUSTER - SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES - SOURCE_STATE_UNCHECKED_SOURCE - SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS description: 'Status identifier that gives specific information about why a source is or isn''t healthy. ' example: SOURCE_STATE_HEALTHY since: type: string description: Timestamp that shows when a source health check was last performed. example: '2021-09-28T15:48:29.3801666300Z' connectorId: type: string description: Connector ID example: active-directory connectorName: type: string description: Name of the connector that was chosen during source creation. example: Active Directory connectionType: type: string description: Type of connection (direct or file). example: file connectorImplementationId: type: string description: Connector implementation ID. example: delimited-file created: type: string description: Date-time when the source was created format: date-time example: '2022-02-08T14:50:03.827Z' modified: type: string description: Date-time when the source was last modified. format: date-time example: '2024-01-23T18:08:50.897Z' credentialProviderEnabled: type: boolean description: If this is true, it enables a credential provider for the source. If credentialProvider is turned on, then the source can use credential provider(s) to fetch credentials. default: false example: false category: type: string nullable: true default: null description: Source category (e.g. null, CredentialProvider). example: CredentialProvider required: - name - owner - connector SourceHealthDto: type: object title: Source Health Dto description: Dto for source health data properties: id: type: string readOnly: true description: the id of the Source example: 2c91808568c529c60168cca6f90c1324 type: type: string description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ' example: OpenLDAP - Direct name: type: string description: the name of the source example: Source1234 org: type: string description: source's org example: denali-cjh isAuthoritative: type: boolean example: false description: Is the source authoritative isCluster: type: boolean example: false description: Is the source in a cluster hostname: type: string example: megapod-useast1-secret-hostname.sailpoint.com description: source's hostname pod: type: string description: source's pod example: megapod-useast1 iqServiceVersion: type: string description: The version of the iqService example: iqVersion123 status: type: string enum: - SOURCE_STATE_ERROR_CLUSTER - SOURCE_STATE_ERROR_SOURCE - SOURCE_STATE_ERROR_VA - SOURCE_STATE_FAILURE_CLUSTER - SOURCE_STATE_FAILURE_SOURCE - SOURCE_STATE_HEALTHY - SOURCE_STATE_UNCHECKED_CLUSTER - SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES - SOURCE_STATE_UNCHECKED_SOURCE - SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS description: connection test result example: SOURCE_STATE_UNCHECKED_SOURCE Transform: type: object title: Transform description: The representation of an internally- or customer-defined transform. required: - name - type - attributes properties: name: type: string description: Unique name of this transform example: Timestamp To Date minLength: 1 maxLength: 50 type: type: string description: The type of transform operation enum: - accountAttribute - base64Decode - base64Encode - concat - conditional - dateCompare - dateFormat - dateMath - decomposeDiacriticalMarks - e164phone - firstValid - rule - identityAttribute - indexOf - iso3166 - lastIndexOf - leftPad - lookup - lower - normalizeNames - randomAlphaNumeric - randomNumeric - reference - replaceAll - replace - rightPad - split - static - substring - trim - upper - usernameGenerator - uuid - displayName - rfc5646 example: dateFormat externalDocs: description: Transform Operations url: https://developer.sailpoint.com/docs/extensibility/transforms/operations attributes: nullable: true description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed. oneOf: - $ref: '#/components/schemas/AccountAttribute' - $ref: '#/components/schemas/Base64Decode' - $ref: '#/components/schemas/Base64Encode' - $ref: '#/components/schemas/Concatenation' - $ref: '#/components/schemas/Conditional' - $ref: '#/components/schemas/DateCompare' - $ref: '#/components/schemas/DateFormat' - $ref: '#/components/schemas/DateMath' - $ref: '#/components/schemas/DecomposeDiacriticalMarks' - $ref: '#/components/schemas/E164phone' - $ref: '#/components/schemas/FirstValid' - $ref: '#/components/schemas/Rule' - $ref: '#/components/schemas/IdentityAttribute' - $ref: '#/components/schemas/IndexOf' - $ref: '#/components/schemas/ISO3166' - $ref: '#/components/schemas/LeftPad' - $ref: '#/components/schemas/Lookup' - $ref: '#/components/schemas/Lower' - $ref: '#/components/schemas/NameNormalizer' - $ref: '#/components/schemas/RandomAlphaNumeric' - $ref: '#/components/schemas/RandomNumeric' - $ref: '#/components/schemas/Reference-2' - $ref: '#/components/schemas/ReplaceAll' - $ref: '#/components/schemas/Replace' - $ref: '#/components/schemas/RightPad' - $ref: '#/components/schemas/Split' - $ref: '#/components/schemas/Static' - $ref: '#/components/schemas/Substring' - $ref: '#/components/schemas/Trim' - $ref: '#/components/schemas/Upper' - $ref: '#/components/schemas/UUIDGenerator' WorkItems: type: object title: Work Items properties: id: type: string description: ID of the work item example: 2c9180835d2e5168015d32f890ca1581 requesterId: type: string description: ID of the requester example: 2c9180835d2e5168015d32f890ca1581 nullable: true requesterDisplayName: type: string description: The displayname of the requester example: John Smith nullable: true ownerId: type: string description: The ID of the owner example: 2c9180835d2e5168015d32f890ca1581 nullable: true ownerName: type: string description: The name of the owner example: Jason Smith created: type: string format: date-time example: '2017-07-11T18:45:37.098Z' description: Time when the work item was created modified: type: string format: date-time example: '2018-06-25T20:22:28.104Z' description: Time when the work item was last updated nullable: true description: type: string description: The description of the work item example: Create account on source 'AD' state: $ref: '#/components/schemas/WorkItemStateManualWorkItems' type: $ref: '#/components/schemas/WorkItemTypeManualWorkItems' remediationItems: type: array nullable: true items: $ref: '#/components/schemas/RemediationItemDetails' description: A list of remediation items approvalItems: type: array nullable: true items: $ref: '#/components/schemas/ApprovalItemDetails' description: A list of items that need to be approved name: type: string description: The work item name example: Account Create nullable: true completed: type: string format: date-time example: '2018-10-19T13:49:37.385Z' description: The time at which the work item completed nullable: true numItems: type: integer format: int32 description: The number of items in the work item example: 19 nullable: true form: allOf: - $ref: '#/components/schemas/FormDetails' - nullable: true errors: type: array items: type: string example: - The work item ID that was specified was not found. description: An array of errors that ocurred during the work item WorkItemsCount: type: object title: Work Items Count properties: count: type: integer description: The count of work items example: 29 WorkItemsSummary: type: object title: Work Items Summary properties: open: type: integer description: The count of open work items example: 29 completed: type: integer description: The count of completed work items example: 1 total: type: integer description: The count of total work items example: 30 AccountUsage: type: object title: Account Usage properties: date: type: string format: date description: The first day of the month for which activity is aggregated. example: '2023-04-21' count: type: integer format: int64 description: The number of days within the month that the account was active in a source. example: 10 SourceUsage: type: object title: Source Usage properties: date: type: string format: date description: The first day of the month for which activity is aggregated. example: '2023-04-21' count: type: number format: float description: The average number of days that accounts were active within this source, for the month. example: 10.45 SourceUsageStatus: type: object title: Source Usage Status properties: status: type: string description: |- Source Usage Status. Acceptable values are: - COMPLETE - This status means that an activity data source has been setup and usage insights are available for the source. - INCOMPLETE - This status means that an activity data source has not been setup and usage insights are not available for the source. example: COMPLETE enum: - COMPLETE - INCOMPLETE BrandingItem: type: object title: Branding Item properties: name: type: string description: name of branding item example: default productName: type: string description: product name example: product name nullable: true actionButtonColor: type: string description: hex value of color for action button example: 0074D9 nullable: true activeLinkColor: type: string description: hex value of color for link example: '011E69' nullable: true navigationColor: type: string description: hex value of color for navigation bar example: '011E69' nullable: true emailFromAddress: type: string description: email from address example: no-reply@sailpoint.com nullable: true standardLogoURL: type: string description: url to standard logo example: '' nullable: true loginInformationalMessage: type: string description: login information message example: '' nullable: true BrandingItemCreate: type: object title: Branding Item Create required: - name - productName properties: name: type: string description: name of branding item example: custom-branding-item productName: type: string description: product name example: product name nullable: true actionButtonColor: type: string description: hex value of color for action button example: 0074D9 activeLinkColor: type: string description: hex value of color for link example: '011E69' navigationColor: type: string description: hex value of color for navigation bar example: '011E69' emailFromAddress: type: string description: email from address example: no-reply@sailpoint.com loginInformationalMessage: type: string description: login information message example: '' fileStandard: type: string format: binary description: png file with logo example: \x00\x00\x00\x02 OwnerReference: type: object nullable: false description: Owner of the object. properties: type: type: string enum: - IDENTITY description: Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result. example: IDENTITY id: type: string description: Owner's identity ID. example: 2c9180a46faadee4016fb4e018c20639 name: type: string description: Owner's name. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result. example: support AccessProfileSourceRef: type: object properties: id: type: string description: ID of the source the access profile is associated with. example: 2c91809773dee3610173fdb0b6061ef4 type: type: string enum: - SOURCE description: Source's DTO type. example: SOURCE name: type: string description: Source name. example: ODS-AD-SOURCE EntitlementRef: type: object description: Entitlement including a specific set of access. properties: type: type: string description: Entitlement's DTO type. enum: - ENTITLEMENT example: ENTITLEMENT id: type: string description: Entitlement's ID. example: 2c91809773dee32014e13e122092014e name: type: string nullable: true description: Entitlement's display name. example: CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local AccessDuration: type: object nullable: true properties: value: type: integer description: The numeric value representing the amount of time, which is defined in the **timeUnit**. format: int32 example: 6 timeUnit: type: string description: The unit of time that corresponds to the **value**. It defines the scale of the time period. enum: - HOURS - DAYS - WEEKS - MONTHS example: MONTHS AccessProfileApprovalScheme: type: object properties: approverType: type: string enum: - APP_OWNER - OWNER - SOURCE_OWNER - MANAGER - GOVERNANCE_GROUP - WORKFLOW description: |- Describes the individual or group that is responsible for an approval step. These are the possible values: **APP_OWNER**: The owner of the Application **OWNER**: Owner of the associated Access Profile or Role **SOURCE_OWNER**: Owner of the Source associated with an Access Profile **MANAGER**: Manager of the Identity making the request **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field **WORKFLOW**: A Workflow, the ID of which is specified by the **approverId** field. Workflow is exclusive to other types of approvals and License required. example: GOVERNANCE_GROUP approverId: type: string nullable: true description: Id of the specific approver, used when approverType is GOVERNANCE_GROUP or WORKFLOW. example: 46c79819-a69f-49a2-becb-12c971ae66c6 Requestability: type: object nullable: true properties: commentsRequired: type: boolean description: Indicates whether the requester of the containing object must provide comments justifying the request. example: true nullable: true default: false denialCommentsRequired: type: boolean description: Indicates whether an approver must provide comments when denying the request. example: true nullable: true default: false reauthorizationRequired: type: boolean description: Indicates whether reauthorization is required for the request. example: true nullable: true default: false requireEndDate: type: boolean description: Indicates whether the requester of the containing object must provide access end date. example: true nullable: true default: false maxPermittedAccessDuration: $ref: '#/components/schemas/AccessDuration' nullable: true approvalSchemes: type: array nullable: true description: List describing the steps involved in approving the request. items: $ref: '#/components/schemas/AccessProfileApprovalScheme' Revocability: type: object nullable: true properties: approvalSchemes: type: array nullable: true description: List describing the steps involved in approving the revocation request. items: $ref: '#/components/schemas/AccessProfileApprovalScheme' AttributeValueDTO: type: object properties: value: type: string description: Technical name of the Attribute value. This is unique and cannot be changed after creation. example: public name: type: string description: The display name of the Attribute value. example: Public status: type: string description: The status of the Attribute value. example: active AttributeDTO: type: object properties: key: type: string description: Technical name of the Attribute. This is unique and cannot be changed after creation. example: iscPrivacy name: type: string description: The display name of the key. example: Privacy multiselect: type: boolean default: false description: Indicates whether the attribute can have multiple values. example: false status: type: string description: The status of the Attribute. example: active type: type: string description: The type of the Attribute. This can be either "custom" or "governance". example: governance objectTypes: type: array items: type: string nullable: true description: An array of object types this attributes values can be applied to. Possible values are "all" or "entitlement". Value "all" means this attribute can be used with all object types that are supported. example: - entitlement description: type: string description: The description of the Attribute. example: Specifies the level of privacy associated with an access item. values: type: array nullable: true items: $ref: '#/components/schemas/AttributeValueDTO' AttributeDTOList: type: object properties: attributes: type: array nullable: true items: $ref: '#/components/schemas/AttributeDTO' example: - key: iscPrivacy name: Privacy multiselect: false status: active type: governance objectTypes: - all description: Specifies the level of privacy associated with an access item. values: - value: public name: Public status: active ProvisioningCriteriaOperation: type: string enum: - EQUALS - NOT_EQUALS - CONTAINS - HAS - AND - OR description: Supported operations on `ProvisioningCriteria`. example: EQUALS ProvisioningCriteriaLevel3: type: object description: Defines matching criteria for an account to be provisioned with a specific access profile. properties: operation: $ref: '#/components/schemas/ProvisioningCriteriaOperation' attribute: type: string description: Name of the account attribute to be tested. If **operation** is one of `EQUALS`, `NOT_EQUALS`, `CONTAINS`, or `HAS`, this field is required. Otherwise, specifying it results in an error. example: email nullable: true value: type: string nullable: true description: String value to test the account attribute w/r/t the specified operation. If the operation is one of `EQUALS`, `NOT_EQUALS`, or `CONTAINS`, this field is required. Otherwise, specifying it results in an error. If the attribute is not string-typed, the API will convert it to the appropriate type. example: carlee.cert1c9f9b6fd@mailinator.com children: type: string nullable: true description: Array of child criteria. This field is required if the operation is `AND` or `OR`. Otherwise, it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. example: null ProvisioningCriteriaLevel2: type: object description: Defines matching criteria for an account to be provisioned with a specific access profile. properties: operation: $ref: '#/components/schemas/ProvisioningCriteriaOperation' attribute: type: string description: Name of the account attribute to be tested. If **operation** is one of `EQUALS`, `NOT_EQUALS`, `CONTAINS`, or `HAS`, this field is required. Otherwise, specifying it results in an error. example: email nullable: true value: type: string nullable: true description: String value to test the account attribute w/r/t the specified operation. If the operation is one of `EQUALS`, `NOT_EQUALS`, or `CONTAINS`, this field is required. Otherwise, specifying it results in an error. If the attribute is not string-typed, the API will convert it to the appropriate type. example: carlee.cert1c9f9b6fd@mailinator.com children: type: array items: $ref: '#/components/schemas/ProvisioningCriteriaLevel3' nullable: true description: Array of child criteria. This field is required if the operation is `AND` or `OR`. Otherwise, it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. example: null ProvisioningCriteriaLevel1: type: object nullable: true description: Defines matching criteria for an account to be provisioned with a specific access profile. properties: operation: $ref: '#/components/schemas/ProvisioningCriteriaOperation' attribute: type: string description: Name of the account attribute to be tested. If **operation** is one of `EQUALS`, `NOT_EQUALS`, `CONTAINS`, or `HAS`, this field is required. Otherwise, specifying it results in an error. example: email nullable: true value: type: string nullable: true description: String value to test the account attribute w/r/t the specified operation. If the operation is one of `EQUALS`, `NOT_EQUALS`, or `CONTAINS`, this field is required. Otherwise, specifying it results in an error. If the attribute is not string-typed, the API will convert it to the appropriate type. example: carlee.cert1c9f9b6fd@mailinator.com children: type: array items: $ref: '#/components/schemas/ProvisioningCriteriaLevel2' nullable: true description: Array of child criteria. This field is required if the operation is `AND` or `OR`. Otherwise, it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. example: null AccessProfile: type: object description: Access profile. properties: id: type: string description: Access profile ID. example: 2c91808a7190d06e01719938fcd20792 readOnly: true name: type: string description: Access profile name. example: Employee-database-read-write description: type: string nullable: true description: Access profile description. example: Collection of entitlements to read/write the employee database created: type: string description: Date and time when the access profile was created. format: date-time example: '2021-03-01T22:32:58.104Z' readOnly: true modified: type: string description: Date and time when the access profile was last modified. format: date-time example: '2021-03-02T20:22:28.104Z' readOnly: true enabled: type: boolean default: false description: Indicates whether the access profile is enabled. If it's enabled, you must include at least one entitlement. example: true owner: $ref: '#/components/schemas/OwnerReference' description: Access profile owner. source: $ref: '#/components/schemas/AccessProfileSourceRef' entitlements: type: array nullable: true description: List of entitlements associated with the access profile. If `enabled` is false, this can be empty. Otherwise, it must contain at least one entitlement. items: $ref: '#/components/schemas/EntitlementRef' requestable: type: boolean default: true description: Indicates whether the access profile is requestable by access request. Currently, making an access profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an access profile with a value **false** in this field results in a 400 error. example: true accessRequestConfig: $ref: '#/components/schemas/Requestability' nullable: true description: Access request configuration for the object. revocationRequestConfig: $ref: '#/components/schemas/Revocability' nullable: true description: Revocation request configuration for the object. segments: type: array nullable: true items: type: string description: List of segment IDs, if any, that the access profile is assigned to. example: - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 - 29cb6c06-1da8-43ea-8be4-b3125f248f2a accessModelMetadata: $ref: '#/components/schemas/AttributeDTOList' description: This field must be left null or empty when creating an Role, otherwise a 400 Bad Request error will result. example: - key: iscFederalClassifications name: Federal Classifications multiselect: true status: active type: governance objectTypes: - general description: Classification used by government organizations to specify the level of confidentiality for an access item. values: - value: secret name: Secret status: active provisioningCriteria: $ref: '#/components/schemas/ProvisioningCriteriaLevel1' description: When an identity has multiple accounts on the source the access profile is associated with, the API evaluates this expression against those accounts to choose one to provision with the access profile. nullable: true example: operation: OR children: - operation: AND children: - attribute: dn operation: CONTAINS value: useast - attribute: manager operation: CONTAINS value: Scott.Clark - operation: AND children: - attribute: dn operation: EQUALS value: Gibson - attribute: telephoneNumber operation: CONTAINS value: '512' additionalOwners: type: array nullable: true items: $ref: '#/components/schemas/OwnerReference' required: - owner - name - source LocaleOrigin: type: string enum: - DEFAULT - REQUEST - null description: An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice. example: DEFAULT nullable: true ErrorMessageDto: type: object title: Error Message Dto properties: locale: type: string description: The locale for the message text, a BCP 47 language tag. example: en-US nullable: true localeOrigin: $ref: '#/components/schemas/LocaleOrigin' text: type: string description: Actual text of the error message in the indicated locale. example: The request was syntactically correct but its content is semantically invalid. ErrorResponseDto: type: object title: Error Response Dto properties: detailCode: type: string description: Fine-grained error code providing more detail of the error. example: 400.1 Bad Request Content trackingId: type: string description: Unique tracking id for the error. example: e7eab60924f64aa284175b9fa3309599 messages: type: array description: Generic localized reason for error items: $ref: '#/components/schemas/ErrorMessageDto' causes: type: array description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field items: $ref: '#/components/schemas/ErrorMessageDto' JsonPatchOperation: type: object title: Json Patch Operation description: A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902) required: - op - path properties: op: type: string description: The operation to be performed enum: - add - remove - replace - move - copy - test example: replace path: type: string description: A string JSON Pointer representing the target path to an element to be affected by the operation example: /description value: oneOf: - type: string example: New description title: string - type: boolean example: true title: boolean - type: integer example: 300 title: integer - type: object title: object example: attributes: name: philip - type: array title: array items: anyOf: - type: string - type: integer - type: object example: - '001' - '002' - '003' description: The value to be used for the operation, required for "add" and "replace" operations example: New description AccessProfileBulkDeleteRequest: type: object properties: accessProfileIds: description: List of IDs of Access Profiles to be deleted. type: array items: type: string example: - 2c9180847812e0b1017817051919ecca - 2c9180887812e0b201781e129f151816 bestEffortOnly: description: If **true**, silently skip over any of the specified Access Profiles if they cannot be deleted because they are in use. If **false**, no deletions will be attempted if any of the Access Profiles are in use. type: boolean example: true AccessProfileUsage: type: object properties: accessProfileId: type: string description: ID of the Access Profile that is in use example: 2c91808876438bbb017668c21919ecca usedBy: type: array description: List of references to objects which are using the indicated Access Profile items: type: object description: Role using the access profile. properties: type: type: string description: DTO type of role using the access profile. enum: - ROLE example: ROLE id: type: string description: ID of role using the access profile. example: 2c8180857a9b3da0017aa03418480f9d name: type: string description: Display name of role using the access profile. example: Manager Role AccessProfileBulkDeleteResponse: type: object properties: taskId: type: string description: ID of the task which is executing the bulk deletion. This can be passed to the **/task-status** API to track status. example: 2c9180867817ac4d017817c491119a20 pending: type: array description: List of IDs of Access Profiles which are pending deletion. items: type: string example: - 2c91808876438bbb017668c21919ecca - 2c91808876438bb201766e129f151816 inUse: type: array description: List of usages of Access Profiles targeted for deletion. items: $ref: '#/components/schemas/AccessProfileUsage' AccessModelMetadata: type: object title: Access Model Metadata description: Metadata that describes an access item properties: key: type: string description: Unique identifier for the metadata type example: iscCsp name: type: string description: Human readable name of the metadata type example: CSP multiselect: type: boolean default: false example: true description: Allows selecting multiple values status: type: string description: The state of the metadata item example: active type: type: string description: The type of the metadata item example: governance objectTypes: type: array description: The types of objects items: type: string example: general description: type: string description: Describes the metadata item example: Indicates the type of deployment environment of an access item. values: type: array description: The value to assign to the metadata item items: type: object description: An individual value to assign to the metadata item properties: value: type: string description: The value to assign to the metdata item example: development name: type: string description: Display name of the value example: Development status: type: string description: The status of the individual value example: active PermissionDto: type: object title: Permission Dto description: Simplified DTO for the Permission objects stored in SailPoint's database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers. properties: rights: type: array description: All the rights (e.g. actions) that this permission allows on the target readOnly: true items: type: string example: SELECT target: type: string description: The target the permission would grants rights on. readOnly: true example: SYS.GV_$TRANSACTION Entitlement: type: object title: Entitlement properties: id: type: string description: The entitlement id example: 2c91808874ff91550175097daaec161c name: type: string description: The entitlement name example: LauncherTest2 attribute: type: string description: The entitlement attribute name example: memberOf value: type: string description: The value of the entitlement example: CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local sourceSchemaObjectType: type: string description: The object type of the entitlement from the source schema example: group description: type: string description: The description of the entitlement example: CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local nullable: true privileged: type: boolean description: True if the entitlement is privileged example: true cloudGoverned: type: boolean description: True if the entitlement is cloud governed example: true requestable: type: boolean description: True if the entitlement is able to be directly requested example: true default: false owner: type: object description: The identity that owns the entitlement nullable: true properties: id: type: string description: The identity ID example: 2c9180827ca885d7017ca8ce28a000eb type: type: string enum: - IDENTITY description: The type of object example: IDENTITY name: type: string description: The display name of the identity example: john.doe manuallyUpdatedFields: type: object description: A map of entitlement fields that have been manually updated. The key is the field name in UPPER_SNAKE_CASE format, and the value is true or false to indicate if the field has been updated. nullable: true additionalProperties: true example: DISPLAY_NAME: true DESCRIPTION: true accessModelMetadata: type: object description: Additional data to classify the entitlement properties: attributes: type: array items: $ref: '#/components/schemas/AccessModelMetadata' created: type: string description: Time when the entitlement was created format: date-time example: '2020-10-08T18:33:52.029Z' modified: type: string description: Time when the entitlement was last modified format: date-time example: '2020-10-08T18:33:52.029Z' source: type: object properties: id: type: string description: The source ID example: 2c9180827ca885d7017ca8ce28a000eb type: type: string description: The source type, will always be "SOURCE" example: SOURCE name: type: string description: The source name example: ODS-AD-Source attributes: type: object description: A map of free-form key-value pairs from the source system example: fieldName: fieldValue additionalProperties: true segments: type: array items: type: string nullable: true description: List of IDs of segments, if any, to which this Entitlement is assigned. example: - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 - 29cb6c06-1da8-43ea-8be4-b3125f248f2a directPermissions: type: array items: $ref: '#/components/schemas/PermissionDto' AccessRequestType: type: string enum: - GRANT_ACCESS - REVOKE_ACCESS - MODIFY_ACCESS - null description: Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field. MODIFY_ACCESS type is used for updating access expiration dates or other access modifications. example: GRANT_ACCESS nullable: true AccountItemRef: type: object properties: accountUuid: type: string nullable: true description: The uuid for the account, available under the 'objectguid' attribute example: '{fab7119e-004f-4822-9c33-b8d570d6c6a6}' nativeIdentity: type: string nullable: false description: The 'distinguishedName' attribute for the account example: CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local SourceItemRef: type: object properties: sourceId: type: string nullable: true description: The id for the source on which account selections are made example: cb89bc2f1ee6445fbea12224c526ba3a accounts: description: A list of account selections on the source. Currently, only one selection per source is supported. type: array items: $ref: '#/components/schemas/AccountItemRef' nullable: true RequestedItemDtoRef: type: object properties: type: type: string enum: - ACCESS_PROFILE - ROLE - ENTITLEMENT description: The type of the item being requested. example: ACCESS_PROFILE id: type: string description: ID of Role, Access Profile or Entitlement being requested. example: 2c9180835d2e5168015d32f890ca1581 comment: type: string description: | Comment provided by requester. * Comment is required when the request is of type Revoke Access. example: Requesting access profile for John Doe clientMetadata: type: object additionalProperties: type: string example: requestedAppId: 2c91808f7892918f0178b78da4a305a1 requestedAppName: test-app example: requestedAppName: test-app requestedAppId: 2c91808f7892918f0178b78da4a305a1 description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities and /access-request-status. removeDate: type: string description: | The date and time the role or access profile or entitlement is no longer assigned to the specified identity. Also known as the expiration date. * Specify a date-time in the future. * The current SLA for the deprovisioning is 24 hours. * This date-time can be used to change the duration of an existing access item assignment for the specified identity. A GRANT_ACCESS request can extend duration or even remove an expiration date, and either a GRANT_ACCESS or REVOKE_ACCESS request can reduce duration or add an expiration date where one has not previously been present. You can change the expiration date in requests for yourself or others you are authorized to request for. format: date-time example: '2020-07-11T21:23:15.000Z' accountSelection: type: array items: $ref: '#/components/schemas/SourceItemRef' nullable: true description: | The accounts where the access item will be provisioned to * Includes selections performed by the user in the event of multiple accounts existing on the same source * Also includes details for sources where user only has one account required: - id - type RequestedForDtoRef: type: object properties: identityId: type: string nullable: false description: The identity id for which the access is requested example: cb89bc2f1ee6445fbea12224c526ba3a requestedItems: description: the details for the access items that are requested for the identity type: array items: $ref: '#/components/schemas/RequestedItemDtoRef' nullable: false required: - identityId - requestedItems RequestedItemDetails: type: object properties: type: type: string description: The type of access item requested. enum: - ACCESS_PROFILE - ENTITLEMENT - ROLE example: ENTITLEMENT id: type: string description: The id of the access item requested. example: 779c6fd7171540bba1184e5946112c28 AccessRequestTracking: type: object properties: requestedFor: type: string description: The identity id in which the access request is for. example: 2c918084660f45d6016617daa9210584 requestedItemsDetails: type: array description: The details of the item requested. example: |- { "type": "ENTITLEMENT", "id": "779c6fd7171540bba1184e5946112c28" } items: $ref: '#/components/schemas/RequestedItemDetails' attributesHash: type: integer format: int32 description: a hash representation of the access requested, useful for longer term tracking client side. example: -1928438224 accessRequestIds: type: array items: type: string description: a list of access request identifiers, generally only one will be populated, but high volume requested may result in multiple ids. example: - 5d3118c518a44ec7805450d53479ccdb AccessRequestResponse: type: object properties: newRequests: description: A list of new access request tracking data mapped to the values requested. type: array items: $ref: '#/components/schemas/AccessRequestTracking' example: - requestedFor: 899fd612ecfc4cf3bf48f14d0afdef89 requestedItemsDetails: - type: ENTITLEMENT id: 779c6fd7171540bba1184e5946112c28 attributesHash: -1928438224 accessRequestIds: - 5d3118c518a44ec7805450d53479ccdb existingRequests: description: A list of existing access request tracking data mapped to the values requested. This indicates access has already been requested for this item. type: array items: $ref: '#/components/schemas/AccessRequestTracking' example: - requestedFor: 899fd612ecfc4cf3bf48f14d0afdef89 requestedItemsDetails: - type: ROLE id: 779c6fd7171540bbc1184e5946112c28 attributesHash: 2843118224 accessRequestIds: - 5d3118c518a44ec7805450d53479ccdc CancelAccessRequest: type: object title: Cancel Access Request description: Request body payload for cancel access request endpoint. required: - accountActivityId - comment properties: accountActivityId: type: string description: This refers to the identityRequestId. To successfully cancel an access request, you must provide the identityRequestId. example: 2c9180835d2e5168015d32f890ca1581 comment: type: string description: Reason for cancelling the pending access request. example: I requested this role by mistake. RequestOnBehalfOfConfig: type: object title: Request On Behalf Of Config properties: allowRequestOnBehalfOfAnyoneByAnyone: type: boolean description: If this is true, anyone can request access for anyone. default: false example: true allowRequestOnBehalfOfEmployeeByManager: type: boolean description: If this is true, a manager can request access for his or her direct reports. default: false example: true ApprovalReminderAndEscalationConfig: type: object title: Approval Reminder And Escalation Config properties: daysUntilEscalation: type: integer description: Number of days to wait before the first reminder. If no reminders are configured, then this is the number of days to wait before escalation. format: int32 example: 0 nullable: true daysBetweenReminders: type: integer description: Number of days to wait between reminder notifications. format: int32 example: 0 nullable: true maxReminders: type: integer description: Maximum number of reminder notification to send to the reviewer before approval escalation. format: int32 minimum: 1 example: 1 nullable: true fallbackApproverRef: $ref: '#/components/schemas/IdentityReferenceWithNameAndEmail' EntitlementRequestConfig: type: object title: Entitlement Request Config properties: allowEntitlementRequest: type: boolean description: If this is true, entitlement requests are allowed. default: false example: true requestCommentsRequired: type: boolean description: If this is true, comments are required to submit entitlement requests. default: false example: false deniedCommentsRequired: type: boolean description: If this is true, comments are required to reject entitlement requests. default: false example: false grantRequestApprovalSchemes: type: string description: | Approval schemes for granting entitlement request. This can be empty if no approval is needed. Multiple schemes must be comma-separated. The valid schemes are "entitlementOwner", "sourceOwner", "manager" and "`workgroup:{id}`". You can use multiple governance groups (workgroups). default: sourceOwner nullable: true example: entitlementOwner, sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584 AccessRequestConfig: type: object title: Access Request Config properties: approvalsMustBeExternal: type: boolean description: If this is true, approvals must be processed by an external system. Also, if this is true, it blocks Request Center access requests and returns an error for any user who isn't an org admin. default: false example: true autoApprovalEnabled: type: boolean description: If this is true and the requester and reviewer are the same, the request is automatically approved. default: false example: true reauthorizationEnabled: type: boolean description: If this is true, reauthorization will be enforced for appropriately configured access items. Enablement of this feature is currently in a limited state. default: false example: true requestOnBehalfOfConfig: $ref: '#/components/schemas/RequestOnBehalfOfConfig' description: Request On Behalf Of configuration. approvalReminderAndEscalationConfig: $ref: '#/components/schemas/ApprovalReminderAndEscalationConfig' description: Approval reminder and escalation configuration. entitlementRequestConfig: $ref: '#/components/schemas/EntitlementRequestConfig' description: Entitlement request configuration. OwnerDto: type: object title: Owner Dto description: Owner's identity. properties: type: type: string description: Owner's DTO type. enum: - IDENTITY example: IDENTITY id: type: string description: Owner's identity ID. example: 2c9180a46faadee4016fb4e018c20639 name: type: string description: Owner's name. example: Support CancelledRequestDetails: type: object title: Cancelled Request Details properties: comment: type: string description: Comment made by the owner when cancelling the associated request. example: This request must be cancelled. owner: $ref: '#/components/schemas/OwnerDto' modified: type: string format: date-time description: Date comment was added by the owner when cancelling the associated request. example: '2019-12-20T09:17:12.192Z' description: Provides additional details for a request that has been cancelled. ErrorMessageDtoList: type: array items: $ref: '#/components/schemas/ErrorMessageDto' RequestedItemStatusRequestState: type: string enum: - EXECUTING - REQUEST_COMPLETED - CANCELLED - TERMINATED - PROVISIONING_VERIFICATION_PENDING - REJECTED - PROVISIONING_FAILED - NOT_ALL_ITEMS_PROVISIONED - ERROR description: |- Indicates the state of an access request: * EXECUTING: The request is executing, which indicates the system is doing some processing. * REQUEST_COMPLETED: Indicates the request has been completed. * CANCELLED: The request was cancelled with no user input. * TERMINATED: The request has been terminated before it was able to complete. * PROVISIONING_VERIFICATION_PENDING: The request has finished any approval steps and provisioning is waiting to be verified. * REJECTED: The request was rejected. * PROVISIONING_FAILED: The request has failed to complete. * NOT_ALL_ITEMS_PROVISIONED: One or more of the requested items failed to complete, but there were one or more successes. * ERROR: An error occurred during request processing. example: EXECUTING AccessItemReviewedBy: type: object title: Access Item Reviewed By description: Identity who reviewed the access item request. properties: type: type: string description: DTO type of identity who reviewed the access item request. enum: - IDENTITY example: IDENTITY id: type: string description: ID of identity who reviewed the access item request. example: 2c3780a46faadee4016fb4e018c20652 name: type: string description: Human-readable display name of identity who reviewed the access item request. example: Allen Albertson ManualWorkItemState: type: string enum: - PENDING - APPROVED - REJECTED - EXPIRED - CANCELLED - ARCHIVED description: |- Indicates the state of the request processing for this item: * PENDING: The request for this item is awaiting processing. * APPROVED: The request for this item has been approved. * REJECTED: The request for this item was rejected. * EXPIRED: The request for this item expired with no action taken. * CANCELLED: The request for this item was cancelled with no user action. * ARCHIVED: The request for this item has been archived after completion. example: PENDING ApprovalScheme: type: string enum: - APP_OWNER - SOURCE_OWNER - MANAGER - ROLE_OWNER - ACCESS_PROFILE_OWNER - ENTITLEMENT_OWNER - GOVERNANCE_GROUP description: Describes the individual or group that is responsible for an approval step. example: MANAGER ApprovalStatusDto: type: object title: Approval Status Dto properties: approvalId: type: string description: Unique identifier for the approval. example: 2c9180877b2b6ea4017b2c545f971429 nullable: true forwarded: type: boolean default: false description: True if the request for this item was forwarded from one owner to another. example: false originalOwner: type: object description: Identity of orginal approval owner. properties: type: type: string description: DTO type of original approval owner's identity. enum: - GOVERNANCE_GROUP - IDENTITY example: IDENTITY id: type: string description: ID of original approval owner's identity. example: 2c7180a46faadee4016fb4e018c20642 name: type: string description: Display name of original approval owner. example: Michael Michaels currentOwner: allOf: - $ref: '#/components/schemas/AccessItemReviewedBy' - nullable: true modified: type: string format: date-time description: Time at which item was modified. example: '2019-08-23T18:52:57.398Z' nullable: true status: $ref: '#/components/schemas/ManualWorkItemState' scheme: $ref: '#/components/schemas/ApprovalScheme' errorMessages: type: array items: $ref: '#/components/schemas/ErrorMessageDto' description: If the request failed, includes any error messages that were generated. nullable: true comment: type: string description: Comment, if any, provided by the approver. example: I approve this request nullable: true removeDate: type: string description: The date the role or access profile or entitlement is no longer assigned to the specified identity. format: date-time example: '2020-07-11T00:00:00Z' nullable: true ReassignmentType: type: string enum: - MANUAL_REASSIGNMENT - AUTOMATIC_REASSIGNMENT - AUTO_ESCALATION - SELF_REVIEW_DELEGATION description: |- The approval reassignment type. * MANUAL_REASSIGNMENT: An approval with this reassignment type has been specifically reassigned by the approval task's owner, from their queue to someone else's. * AUTOMATIC_REASSIGNMENT: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to that approver's reassignment configuration. The approver's reassignment configuration may be set up to automatically reassign approval tasks for a defined (or possibly open-ended) period of time. * AUTO_ESCALATION: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to the request's escalation configuration. For more information about escalation configuration, refer to [Setting Global Reminders and Escalation Policies](https://documentation.sailpoint.com/saas/help/requests/config_emails.html). * SELF_REVIEW_DELEGATION: An approval with this reassignment type has been automatically reassigned by the system to prevent self-review. This helps prevent situations like a requester being tasked with approving their own request. For more information about preventing self-review, refer to [Self-review Prevention](https://documentation.sailpoint.com/saas/help/users/work_reassignment.html#self-review-prevention) and [Preventing Self-approval](https://documentation.sailpoint.com/saas/help/requests/config_ap_roles.html#preventing-self-approval). example: AUTOMATIC_REASSIGNMENT ApprovalForwardHistory: type: object title: Approval Forward History properties: oldApproverName: type: string description: Display name of approver from whom the approval was forwarded. example: Frank Mir newApproverName: type: string description: Display name of approver to whom the approval was forwarded. example: Al Volta comment: type: string nullable: true description: Comment made while forwarding. example: Forwarding from Frank to Al modified: type: string format: date-time description: Time at which approval was forwarded. example: '2019-08-23T18:52:57.398Z' forwarderName: type: string nullable: true description: Display name of forwarder who forwarded the approval. example: William Wilson reassignmentType: $ref: '#/components/schemas/ReassignmentType' description: |- The approval reassignment type. * MANUAL_REASSIGNMENT: An approval with this reassignment type has been specifically reassigned by the approval task's owner, from their queue to someone else's. * AUTOMATIC_REASSIGNMENT: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to that approver's reassignment configuration. The approver's reassignment configuration may be set up to automatically reassign approval tasks for a defined (or possibly open-ended) period of time. * AUTO_ESCALATION: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to the request's escalation configuration. For more information about escalation configuration, refer to [Setting Global Reminders and Escalation Policies](https://documentation.sailpoint.com/saas/help/requests/config_emails.html). * SELF_REVIEW_DELEGATION: An approval with this reassignment type has been automatically reassigned by the system to prevent self-review. This helps prevent situations like a requester being tasked with approving their own request. For more information about preventing self-review, refer to [Self-review Prevention](https://documentation.sailpoint.com/saas/help/users/work_reassignment.html#self-review-prevention) and [Preventing Self-approval](https://documentation.sailpoint.com/saas/help/requests/config_ap_roles.html#preventing-self-approval). example: AUTOMATIC_REASSIGNMENT ManualWorkItemDetails: type: object title: Manual Work Item Details properties: forwarded: type: boolean default: false description: True if the request for this item was forwarded from one owner to another. example: true originalOwner: type: object nullable: true description: Identity of original work item owner, if the work item has been forwarded. properties: type: type: string description: DTO type of original work item owner's identity. enum: - GOVERNANCE_GROUP - IDENTITY example: IDENTITY id: type: string description: ID of original work item owner's identity. example: 2c7180a46faadee4016fb4e018c20642 name: type: string description: Display name of original work item owner. example: Michael Michaels currentOwner: type: object description: Identity of current work item owner. nullable: true properties: type: type: string description: DTO type of current work item owner's identity. enum: - GOVERNANCE_GROUP - IDENTITY example: IDENTITY id: type: string description: ID of current work item owner's identity. example: 2c3780a46faadee4016fb4e018c20652 name: type: string description: Display name of current work item owner. example: Allen Albertson modified: type: string format: date-time description: Time at which item was modified. example: '2019-08-23T18:52:57.398Z' status: $ref: '#/components/schemas/ManualWorkItemState' forwardHistory: type: array nullable: true items: $ref: '#/components/schemas/ApprovalForwardHistory' description: The history of approval forward action. AccessItemRequester: type: object title: Access Item Requester description: Access item requester's identity. properties: type: type: string description: Access item requester's DTO type. enum: - IDENTITY example: IDENTITY id: type: string description: Access item requester's identity ID. example: 2c7180a46faadee4016fb4e018c20648 name: type: string description: Access item owner's human-readable display name. example: William Wilson CommentDto: type: object title: Comment Dto properties: comment: type: string nullable: true description: Comment content. example: This is a comment. created: type: string format: date-time description: Date and time comment was created. example: '2017-07-11T18:45:37.098Z' author: type: object readOnly: true description: Author of the comment properties: type: type: string enum: - IDENTITY example: IDENTITY description: The type of object id: type: string description: The unique ID of the object example: 2c9180847e25f377017e2ae8cae4650b name: type: string description: The display name of the object example: john.doe SodPolicyDto: type: object title: Sod Policy Dto description: SOD policy. properties: type: type: string description: SOD policy DTO type. enum: - SOD_POLICY example: SOD_POLICY id: type: string description: SOD policy ID. example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde name: type: string description: SOD policy display name. example: Business SOD Policy DtoType: type: string enum: - ACCOUNT_CORRELATION_CONFIG - ACCESS_PROFILE - ACCESS_REQUEST_APPROVAL - ACCOUNT - APPLICATION - CAMPAIGN - CAMPAIGN_FILTER - CERTIFICATION - CLUSTER - CONNECTOR_SCHEMA - ENTITLEMENT - GOVERNANCE_GROUP - IDENTITY - IDENTITY_PROFILE - IDENTITY_REQUEST - MACHINE_IDENTITY - LIFECYCLE_STATE - PASSWORD_POLICY - ROLE - RULE - SOD_POLICY - SOURCE - TAG - TAG_CATEGORY - TASK_RESULT - REPORT_RESULT - SOD_VIOLATION - ACCOUNT_ACTIVITY - WORKGROUP description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. example: IDENTITY SodExemptCriteria: description: Details of the Entitlement criteria type: object title: Sod Exempt Criteria properties: existing: type: boolean default: false example: true description: If the entitlement already belonged to the user or not. type: $ref: '#/components/schemas/DtoType' example: ENTITLEMENT id: type: string description: Entitlement ID example: 2c918085771e9d3301773b3cb66f6398 name: type: string description: Entitlement name example: My HR Entitlement SodViolationContext: description: The contextual information of the violated criteria type: object title: Sod Violation Context properties: policy: $ref: '#/components/schemas/SodPolicyDto' conflictingAccessCriteria: type: object description: The object which contains the left and right hand side of the entitlements that got violated according to the policy. properties: leftCriteria: type: object properties: criteriaList: type: array items: $ref: '#/components/schemas/SodExemptCriteria' rightCriteria: type: object properties: criteriaList: type: array items: $ref: '#/components/schemas/SodExemptCriteria' SodViolationCheckResult: description: The inner object representing the completed SOD Violation check type: object title: Sod Violation Check Result properties: message: $ref: '#/components/schemas/ErrorMessageDto' description: If the request failed, this includes any error message that was generated. example: - locale: en-US localeOrigin: DEFAULT text: An error has occurred during the SOD violation check clientMetadata: type: object nullable: true additionalProperties: type: string description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check. example: requestedAppName: test-app requestedAppId: 2c91808f7892918f0178b78da4a305a1 violationContexts: type: array nullable: true items: $ref: '#/components/schemas/SodViolationContext' violatedPolicies: type: array nullable: true description: A list of the SOD policies that were violated. items: $ref: '#/components/schemas/SodPolicyDto' SodViolationContextCheckCompleted: description: An object referencing a completed SOD violation check type: object title: Sod Violation Context Check Completed nullable: true properties: state: type: string enum: - SUCCESS - ERROR - null description: The status of SOD violation check example: SUCCESS nullable: true uuid: description: The id of the Violation check event type: string example: f73d16e9-a038-46c5-b217-1246e15fdbdd nullable: true violationCheckResult: $ref: '#/components/schemas/SodViolationCheckResult' ProvisioningDetails: type: object title: Provisioning Details properties: orderedSubPhaseReferences: type: string description: Ordered CSV of sub phase references to objects that contain more information about provisioning. For example, this can contain "manualWorkItemDetails" which indicate that there is further information in that object for this phase. example: manualWorkItemDetails description: Provides additional details about provisioning for this request. PreApprovalTriggerDetails: type: object title: Pre Approval Trigger Details properties: comment: type: string description: Comment left for the pre-approval decision example: Access is Approved reviewer: type: string description: The reviewer of the pre-approval decision example: John Doe decision: type: string enum: - APPROVED - REJECTED description: The decision of the pre-approval trigger example: APPROVED description: Provides additional details about the pre-approval trigger for this request. AccessRequestPhases: type: object title: Access Request Phases properties: started: type: string description: The time that this phase started. format: date-time example: '2020-07-11T00:00:00Z' finished: type: string description: The time that this phase finished. format: date-time example: '2020-07-12T00:00:00Z' nullable: true name: type: string description: The name of this phase. example: APPROVAL_PHASE state: type: string enum: - PENDING - EXECUTING - COMPLETED - CANCELLED - NOT_EXECUTED description: The state of this phase. example: COMPLETED result: type: string enum: - SUCCESSFUL - FAILED - null description: The state of this phase. example: SUCCESSFUL nullable: true phaseReference: type: string description: A reference to another object on the RequestedItemStatus that contains more details about the phase. Note that for the Provisioning phase, this will be empty if there are no manual work items. example: approvalDetails nullable: true description: Provides additional details about this access request phase. RequestedAccountRef: type: object title: Requested Account Ref properties: name: type: string description: Display name of the account for the user example: Glen.067da3248e914 type: description: The type of item $ref: '#/components/schemas/DtoType' example: ACCOUNT accountUuid: type: string nullable: true description: The uuid for the account example: '{fab7119e-004f-4822-9c33-b8d570d6c6a6}' accountId: type: string nullable: true description: The native identity for the account example: CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local sourceName: type: string nullable: false description: Display name of the source for the account example: Multi Account AD source name RequestedItemStatus: type: object title: Requested Item Status properties: id: type: string description: The ID of the access request. example: 2c9180926cbfbddd016cbfc7c3b10010 name: type: string description: Human-readable display name of the item being requested. example: AccessProfile1 nullable: true type: type: string enum: - ACCESS_PROFILE - ROLE - ENTITLEMENT - null description: Type of requested object. example: ACCESS_PROFILE nullable: true cancelledRequestDetails: allOf: - $ref: '#/components/schemas/CancelledRequestDetails' - nullable: true errorMessages: type: array nullable: true items: $ref: '#/components/schemas/ErrorMessageDtoList' description: List of list of localized error messages, if any, encountered during the approval/provisioning process. state: $ref: '#/components/schemas/RequestedItemStatusRequestState' approvalDetails: type: array items: $ref: '#/components/schemas/ApprovalStatusDto' description: Approval details for each item. approvalIds: type: array items: type: string description: List of approval IDs associated with the request. example: - 85f0cf482dd44327b593624c07906c21 - fa57e1bfa36f41ee85e33ee59fcbeac5 nullable: true manualWorkItemDetails: type: array nullable: true items: $ref: '#/components/schemas/ManualWorkItemDetails' description: Manual work items created for provisioning the item. accountActivityItemId: type: string description: Id of associated account activity item. example: 2c9180926cbfbddd016cbfc7c3b10010 requestType: $ref: '#/components/schemas/AccessRequestType' modified: type: string format: date-time description: When the request was last modified. example: '2019-08-23T18:52:59.162Z' nullable: true created: type: string format: date-time description: When the request was created. example: '2019-08-23T18:40:35.772Z' requester: $ref: '#/components/schemas/AccessItemRequester' requestedFor: type: object description: Identity access was requested for. properties: type: type: string enum: - IDENTITY description: Type of the object to which this reference applies example: IDENTITY id: type: string description: ID of the object to which this reference applies example: 2c9180835d191a86015d28455b4b232a name: type: string description: Human-readable display name of the object to which this reference applies example: William Wilson requesterComment: allOf: - $ref: '#/components/schemas/CommentDto' - nullable: true description: The requester's comment. sodViolationContext: allOf: - $ref: '#/components/schemas/SodViolationContextCheckCompleted' - nullable: true description: The details of the SOD violations for the associated approval. provisioningDetails: allOf: - $ref: '#/components/schemas/ProvisioningDetails' - nullable: true preApprovalTriggerDetails: allOf: - $ref: '#/components/schemas/PreApprovalTriggerDetails' - nullable: true accessRequestPhases: type: array items: $ref: '#/components/schemas/AccessRequestPhases' description: A list of Phases that the Access Request has gone through in order, to help determine the status of the request. nullable: true description: type: string description: Description associated to the requested object. example: This is the Engineering role that engineers are granted. nullable: true removeDate: type: string format: date-time nullable: true description: When the role access is scheduled for removal. example: '2019-10-23T00:00:00.000Z' cancelable: type: boolean default: false description: True if the request can be canceled. example: true accessRequestId: type: string description: This is the account activity id. example: 2b838de9-db9b-abcf-e646-d4f274ad4238 clientMetadata: nullable: true type: object additionalProperties: type: string description: Arbitrary key-value pairs, if any were included in the corresponding access request example: key1: value1 key2: value2 requestedAccounts: nullable: true type: array items: $ref: '#/components/schemas/RequestedAccountRef' description: The accounts selected by the user for the access to be provisioned on, in case they have multiple accounts on one or more sources. privilegeLevel: nullable: true type: string description: The privilege level of the requested access item, if applicable. example: High AccessItemRequestedFor: type: object title: Access Item Requested For description: Identity the access item is requested for. properties: type: type: string description: DTO type of identity the access item is requested for. enum: - IDENTITY example: IDENTITY id: type: string description: ID of identity the access item is requested for. example: 2c4180a46faadee4016fb4e018c20626 name: type: string description: Human-readable display name of identity the access item is requested for. example: Robert Robinson RequestableObjectReference: type: object title: Requestable Object Reference properties: id: type: string description: Id of the object. example: 2c9180835d2e5168015d32f890ca1581 name: type: string description: Name of the object. example: Applied Research Access description: type: string description: Description of the object. example: Access to research information, lab results, and schematics type: type: string enum: - ACCESS_PROFILE - ROLE - ENTITLEMENT description: Type of the object. example: ROLE PendingApprovalAction: type: string enum: - APPROVED - REJECTED - FORWARDED description: Enum represents action that is being processed on an approval. example: APPROVED PendingApproval: type: object title: Pending Approval properties: id: type: string description: The approval id. example: id12345 accessRequestId: type: string description: This is the access request id. example: 2b838de9db9babcfe646d4f274ad4238 name: type: string description: The name of the approval. example: aName created: type: string format: date-time description: When the approval was created. example: '2017-07-11T18:45:37.098Z' modified: type: string format: date-time description: When the approval was modified last time. example: '2018-07-25T20:22:28.104Z' requestCreated: type: string format: date-time description: When the access-request was created. example: '2017-07-11T18:45:35.098Z' requestType: $ref: '#/components/schemas/AccessRequestType' description: If the access-request was for granting or revoking access. requester: $ref: '#/components/schemas/AccessItemRequester' requestedFor: $ref: '#/components/schemas/AccessItemRequestedFor' owner: type: object description: Access item owner's identity. properties: type: type: string description: Access item owner's DTO type. enum: - IDENTITY example: IDENTITY id: type: string description: Access item owner's identity ID. example: 2c9180a46faadee4016fb4e018c20639 name: type: string description: Access item owner's human-readable display name. example: Support requestedObject: $ref: '#/components/schemas/RequestableObjectReference' description: The requested access item. requesterComment: $ref: '#/components/schemas/CommentDto' description: The requester's comment. previousReviewersComments: type: array items: $ref: '#/components/schemas/CommentDto' description: The history of the previous reviewers comments. forwardHistory: type: array items: $ref: '#/components/schemas/ApprovalForwardHistory' description: The history of approval forward action. commentRequiredWhenRejected: type: boolean default: false description: When true the rejector has to provide comments when rejecting example: true actionInProcess: $ref: '#/components/schemas/PendingApprovalAction' description: Action that is performed on this approval, and system has not finished performing that action yet. removeDate: type: string description: The date the role or access profile or entitlement is no longer assigned to the specified identity. format: date-time example: '2020-07-11T00:00:00Z' removeDateUpdateRequested: type: boolean default: false description: If true, then the request is to change the remove date or sunset date. example: true currentRemoveDate: type: string description: The remove date or sunset date that was assigned at the time of the request. format: date-time example: '2020-07-11T00:00:00Z' sodViolationContext: $ref: '#/components/schemas/SodViolationContextCheckCompleted' description: The details of the SOD violations for the associated approval. clientMetadata: nullable: true type: object additionalProperties: type: string description: Arbitrary key-value pairs, if any were included in the corresponding access request item example: customKey1: custom value 1 customKey2: custom value 2 requestedAccounts: nullable: true type: array items: $ref: '#/components/schemas/RequestedAccountRef' description: The accounts selected by the user for the access to be provisioned on, in case they have multiple accounts on one or more sources. privilegeLevel: nullable: true type: string description: The privilege level of the requested access item, if applicable. example: High maxPermittedAccessDuration: nullable: true type: object description: The maximum duration for which the access is permitted. properties: value: type: integer format: int32 description: The numeric value of the duration. example: 5 timeUnit: type: string description: The time unit for the duration. enum: - HOURS - DAYS - WEEKS - MONTHS example: DAYS CompletedApprovalState: type: string enum: - APPROVED - REJECTED description: Enum represents completed approval object's state. example: APPROVED CompletedApproval: type: object title: Completed Approval properties: id: type: string description: The approval id. example: id12345 name: type: string description: The name of the approval. example: aName created: type: string format: date-time description: When the approval was created. example: '2017-07-11T18:45:37.098Z' modified: type: string format: date-time description: When the approval was modified last time. example: '2018-07-25T20:22:28.104Z' requestCreated: type: string format: date-time description: When the access-request was created. example: '2017-07-11T18:45:35.098Z' requestType: $ref: '#/components/schemas/AccessRequestType' description: If the access-request was for granting or revoking access. requester: $ref: '#/components/schemas/AccessItemRequester' requestedFor: type: object description: Identity access was requested for. properties: type: type: string enum: - IDENTITY description: Type of the object to which this reference applies example: IDENTITY id: type: string description: ID of the object to which this reference applies example: 2c9180835d191a86015d28455b4b232a name: type: string description: Human-readable display name of the object to which this reference applies example: William Wilson reviewedBy: $ref: '#/components/schemas/AccessItemReviewedBy' owner: $ref: '#/components/schemas/OwnerDto' requestedObject: $ref: '#/components/schemas/RequestableObjectReference' description: The requested access item. requesterComment: allOf: - $ref: '#/components/schemas/CommentDto' - description: The requester's comment. reviewerComment: allOf: - $ref: '#/components/schemas/CommentDto' - description: The approval's reviewer's comment. nullable: true previousReviewersComments: type: array items: $ref: '#/components/schemas/CommentDto' description: The history of the previous reviewers comments. forwardHistory: type: array items: $ref: '#/components/schemas/ApprovalForwardHistory' description: The history of approval forward action. commentRequiredWhenRejected: type: boolean default: false description: When true the rejector has to provide comments when rejecting example: true state: $ref: '#/components/schemas/CompletedApprovalState' description: The final state of the approval removeDate: type: string description: The date the role or access profile or entitlement is no longer assigned to the specified identity. format: date-time example: '2020-07-11T00:00:00Z' nullable: true removeDateUpdateRequested: type: boolean default: false description: If true, then the request was to change the remove date or sunset date. example: true currentRemoveDate: type: string description: The remove date or sunset date that was assigned at the time of the request. format: date-time example: '2020-07-11T00:00:00Z' nullable: true sodViolationContext: $ref: '#/components/schemas/SodViolationContextCheckCompleted' description: The details of the SOD violations for the associated approval. preApprovalTriggerResult: nullable: true type: object description: If the access request submitted event trigger is configured and this access request was intercepted by it, then this is the result of the trigger's decision to either approve or deny the request. properties: comment: type: string description: The comment from the trigger example: This request was autoapproved by our automated ETS subscriber decision: $ref: '#/components/schemas/CompletedApprovalState' description: The approval decision of the trigger reviewer: type: string description: The name of the approver example: Automated AR Approval date: type: string format: date-time example: '2022-06-07T19:18:40.748Z' description: The date and time the trigger decided on the request clientMetadata: type: object additionalProperties: type: string description: Arbitrary key-value pairs provided during the request. example: requestedAppName: test-app requestedAppId: 2c91808f7892918f0178b78da4a305a1 requestedAccounts: nullable: true type: array items: $ref: '#/components/schemas/RequestedAccountRef' description: The accounts selected by the user for the access to be provisioned on, in case they have multiple accounts on one or more sources. privilegeLevel: nullable: true type: string description: The privilege level of the requested access item, if applicable. example: High maxPermittedAccessDuration: nullable: true type: object description: The maximum duration for which the access is permitted. properties: value: type: integer format: int32 description: The numeric value of the duration. example: 5 timeUnit: type: string description: The time unit for the duration. enum: - HOURS - DAYS - WEEKS - MONTHS example: DAYS ForwardApprovalDto: type: object title: Forward Approval Dto required: - newOwnerId - comment properties: newOwnerId: type: string description: The Id of the new owner example: 2c91808568c529c60168cca6f90c1314 minLength: 1 maxLength: 255 comment: type: string description: The comment provided by the forwarder example: 2c91808568c529c60168cca6f90c1313 minLength: 1 maxLength: 255 ApprovalSummary: type: object title: Approval Summary properties: pending: type: integer description: The number of pending access requests approvals. format: int32 example: 0 approved: type: integer description: The number of approved access requests approvals. format: int32 example: 0 rejected: type: integer description: The number of rejected access requests approvals. format: int32 example: 0 BaseCommonDto: type: object title: Base Common Dto required: - name properties: id: description: System-generated unique ID of the Object type: string example: id12345 readOnly: true name: description: Name of the Object type: string example: aName nullable: true created: description: Creation date of the Object type: string example: '2015-05-28T14:07:17Z' format: date-time readOnly: true modified: description: Last modification date of the Object type: string example: '2015-05-28T14:07:17Z' format: date-time readOnly: true Recommendation: type: object title: Recommendation properties: type: type: string enum: - HUMAN - MACHINE description: Recommended type of account. example: MACHINE method: type: string enum: - DISCOVERY - SOURCE - CRITERIA description: Method used to produce the recommendation. DISCOVERY - suggested by AI, SOURCE - the account comes from a source flagged as containing machine accounts, CRITERIA - the account satisfies classification criteria. example: DISCOVERY required: - type - method BaseReferenceDto: type: object title: Base Reference Dto properties: type: $ref: '#/components/schemas/DtoType' description: DTO type id: type: string description: ID of the object to which this reference applies example: 2c91808568c529c60168cca6f90c1313 name: type: string description: Human-readable display name of the object to which this reference applies example: William Wilson AccountAttributesCreate: type: object title: Account Attributes Create required: - attributes properties: attributes: description: The schema attribute values for the account type: object required: - sourceId properties: sourceId: type: string description: Target source to create an account example: 34bfcbe116c9407464af37acbaf7a4dc additionalProperties: type: string example: sourceId: 34bfcbe116c9407464af37acbaf7a4dc city: Austin displayName: John Doe userName: jdoe sAMAccountName: jDoe mail: john.doe@sailpoint.com SearchAttributeConfig: type: object title: Search Attribute Config properties: name: type: string description: Name of the new attribute example: newMailAttribute displayName: type: string description: The display name of the new attribute example: New Mail Attribute applicationAttributes: type: object description: Map of application id and their associated attribute. example: 2c91808b79fd2422017a0b35d30f3968: employeeNumber 2c91808b79fd2422017a0b36008f396b: employeeNumber CompletionStatus: nullable: true type: string description: The status after completion. enum: - SUCCESS - FAILURE - INCOMPLETE - PENDING - null example: SUCCESS IdentitySummary: type: object title: Identity Summary nullable: true properties: id: type: string description: ID of this identity summary example: ff80818155fe8c080155fe8d925b0316 name: type: string description: Human-readable display name of identity example: SailPoint Services identityId: type: string description: ID of the identity that this summary represents example: c15b9f5cca5a4e9599eaa0e64fa921bd completed: type: boolean description: Indicates if all access items for this summary have been decided on example: true default: false AccountActivityApprovalStatus: type: string nullable: true enum: - FINISHED - REJECTED - RETURNED - EXPIRED - PENDING - CANCELED - null example: PENDING description: The state of an approval status ProvisioningState: type: string enum: - PENDING - FINISHED - UNVERIFIABLE - COMMITED - FAILED - RETRY description: Provisioning state of an account activity item example: PENDING Comment: type: object title: Comment nullable: true properties: commenterId: type: string description: Id of the identity making the comment example: 2c918084660f45d6016617daa9210584 commenterName: type: string description: Human-readable display name of the identity making the comment example: Adam Kennedy body: type: string description: Content of the comment example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat. date: type: string format: date-time description: Date and time comment was made example: '2017-07-11T18:45:37.098Z' AccountActivityItemOperation: type: string nullable: true enum: - ADD - CREATE - MODIFY - DELETE - DISABLE - ENABLE - UNLOCK - LOCK - REMOVE - SET - null description: Represents an operation in an account activity item example: ADD AccountRequestInfo: type: object title: Account Request Info nullable: true properties: requestedObjectId: type: string description: Id of requested object example: 2c91808563ef85690164001c31140c0c requestedObjectName: type: string description: Human-readable name of requested object example: Treasury Analyst requestedObjectType: $ref: '#/components/schemas/RequestableObjectType' description: If an account activity item is associated with an access request, captures details of that request. AccountActivityItem: type: object title: Account Activity Item properties: id: type: string description: Item id example: 48c545831b264409a81befcabb0e3c5a name: type: string description: Human-readable display name of item example: 48c545831b264409a81befcabb0e3c5a requested: type: string format: date-time description: Date and time item was requested example: '2017-07-11T18:45:37.098Z' approvalStatus: $ref: '#/components/schemas/AccountActivityApprovalStatus' provisioningStatus: $ref: '#/components/schemas/ProvisioningState' requesterComment: $ref: '#/components/schemas/Comment' reviewerIdentitySummary: $ref: '#/components/schemas/IdentitySummary' reviewerComment: $ref: '#/components/schemas/Comment' operation: $ref: '#/components/schemas/AccountActivityItemOperation' attribute: type: string description: Attribute to which account activity applies nullable: true example: detectedRoles value: type: string description: Value of attribute nullable: true example: Treasury Analyst [AccessProfile-1529010191212] nativeIdentity: nullable: true type: string description: Native identity in the target system to which the account activity applies example: Sandie.Camero sourceId: type: string description: Id of Source to which account activity applies example: 2c91808363ef85290164000587130c0c accountRequestInfo: $ref: '#/components/schemas/AccountRequestInfo' clientMetadata: nullable: true type: object additionalProperties: type: string description: Arbitrary key-value pairs, if any were included in the corresponding access request item example: customKey1: custom value 1 customKey2: custom value 2 removeDate: nullable: true type: string description: The date the role or access profile or entitlement is no longer assigned to the specified identity. format: date-time example: '2020-07-11T00:00:00Z' ExecutionStatus: type: string description: The current state of execution. enum: - EXECUTING - VERIFYING - TERMINATED - COMPLETED example: COMPLETED NetworkConfiguration: type: object title: Network Configuration properties: range: type: array description: The collection of ip ranges. items: type: string example: - 1.3.7.2 - 255.255.255.252/30 nullable: true geolocation: type: array description: The collection of country codes. items: type: string example: - CA - FR - HT nullable: true whitelisted: type: boolean description: Denotes whether the provided lists are whitelisted or blacklisted for geo location. default: false example: true LockoutConfiguration: type: object title: Lockout Configuration properties: maximumAttempts: type: integer format: int32 description: The maximum attempts allowed before lockout occurs. example: 5 lockoutDuration: type: integer format: int32 description: The total time in minutes a user will be locked out. example: 15 lockoutWindow: type: integer format: int32 description: A rolling window where authentication attempts in a series count towards the maximum before lockout occurs. example: 5 FederationProtocolDetails: type: object title: Federation Protocol Details properties: role: type: string description: Federation protocol role example: SAML_IDP enum: - SAML_IDP - SAML_SP entityId: type: string description: An entity ID is a globally unique name for a SAML entity, either an Identity Provider (IDP) or a Service Provider (SP). example: http://www.okta.com/exkdaruy8Ln5Ry7C54x6 JITConfiguration: type: object title: JIT Configuration properties: enabled: type: boolean description: The indicator for just-in-time provisioning enabled default: false example: false sourceId: type: string description: the sourceId that mapped to just-in-time provisioning configuration example: 2c9180857377ed2901739c12a2da5ac8 sourceAttributeMappings: type: object description: A mapping of identity profile attribute names to SAML assertion attribute names additionalProperties: type: string description: a mapping of JIT source attributes to the SAML assertion attribute example: firstName: okta.firstName lastName: okta.lastName email: okta.email IdpDetails: allOf: - $ref: '#/components/schemas/FederationProtocolDetails' - type: object description: Specification of Identity Provider Details section of Service Provider Config required: - mappingAttribute properties: binding: type: string description: Defines the binding used for the SAML flow. Used with IDP configurations. example: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST authnContext: type: string description: Specifies the SAML authentication method to use. Used with IDP configurations. example: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport logoutUrl: type: string description: The IDP logout URL. Used with IDP configurations. example: https://dev-206445.oktapreview.com/login/signout includeAuthnContext: type: boolean description: Determines if the configured AuthnContext should be used or the default. Used with IDP configurations. default: false example: false nameId: type: string description: The name id format to use. Used with IDP configurations. example: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress jitConfiguration: $ref: '#/components/schemas/JITConfiguration' cert: type: string description: The Base64-encoded certificate used by the IDP. Used with IDP configurations. example: '-----BEGIN CERTIFICATE-----****-----END CERTIFICATE-----' loginUrlPost: type: string description: The IDP POST URL, used with IDP HTTP-POST bindings for IDP-initiated logins. Used with IDP configurations. example: https://dev-157216.okta.com/app/sailpointdev157216_cdovsaml_1/exkdaruy8Ln5Ry7C54x6/sso/saml loginUrlRedirect: type: string description: The IDP Redirect URL. Used with IDP configurations. example: https://dev-157216.okta.com/app/sailpointdev157216_cdovsaml_1/exkdaruy8Ln5Ry7C54x6/sso/saml mappingAttribute: type: string description: Return the saml Id for the given user, based on the IDN as SP settings of the org. Used with IDP configurations. example: email certificateExpirationDate: type: string description: The expiration date extracted from the certificate. example: Fri Mar 08 08:54:24 UTC 2013 certificateName: type: string description: The name extracted from the certificate. example: OU=Conext, O=Surfnet, L=Utrecht, ST=Utrecht, C=NL SpDetails: allOf: - $ref: '#/components/schemas/FederationProtocolDetails' - type: object description: Specification of a Service Provider Details properties: alias: type: string description: Unique alias used to identify the selected local service provider based on used URL. Used with SP configurations. example: acme-sp callbackUrl: type: string description: The allowed callback URL where users will be redirected to after authentication. Used with SP configurations. example: https://example-tenant.identitynow.com/sso/Consumer/metaAlias/example-tenant-sp legacyAcsUrl: type: string description: The legacy ACS URL used for SAML authentication. Used with SP configurations. example: https://megapod-useast1-sso.identitysoon.com/sso/Consumer/metaAlias/acme/sp required: - callbackUrl ServiceProviderConfiguration: description: Represents the IdentityNow as Service Provider Configuration allowing customers to log into IDN via an Identity Provider type: object title: Service Provider Configuration properties: enabled: description: This determines whether or not the SAML authentication flow is enabled for an org type: boolean example: true default: false bypassIdp: description: This allows basic login with the parameter prompt=true. This is often toggled on when debugging SAML authentication setup. When false, only org admins with MFA-enabled can bypass the IDP. type: boolean example: true default: false samlConfigurationValid: description: This indicates whether or not the SAML configuration is valid. type: boolean example: true default: false federationProtocolDetails: description: A list of the abstract implementations of the Federation Protocol details. Typically, this will include on SpDetails object and one IdpDetails object used in tandem to define a SAML integration between a customer's identity provider and a customer's SailPoint instance (i.e., the service provider). type: array items: anyOf: - $ref: '#/components/schemas/IdpDetails' - $ref: '#/components/schemas/SpDetails' example: - role: SAML_IDP entityId: http://www.okta.com/exktq4o24bmQA4fr60h7 cert: MIIDpDCCAoygAwIBAgIGAYhZ+b29MA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi0yMDY0NDUxHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjMwNTI2MjEzMDU5WhcNMzMwNTI2MjEzMTU5WjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtMjA2NDQ1MRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwvi1+WbF2ceGlLCrLl5PrG1lpj04IsrHX6OE666ObC2WFh+Nxvpxy+Vmzon9c9+akhK3bTv+9ifEoVc6tA1qWuCfXISAn9g81JqI68I1PGUbe6eF8pmOA18rjOrt7x94k4QukpR3+I8DfPJ+TynatltB51laLb8H4jchMafA4rDTjV/ZiYPxV0LMEIbprVyGuvBEhiEWha3wwVdDuJq996okX36YNS8PcGH+5CJ8c3YWZp/wrspgJmfCooMXeV+6zBpZfXqPpMWlUo0gcZqDOFgy3r4vkXehJdVYRlInMfDv04Lvy8VI1YAZClG/duO/6o9YVUFLjD9s+mQfhgaF5wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB1CTrA/pTHkarbhMHsdSFAjVoYWwdAfrssG99rIjwwr/CW9tavTC3keaoUmUeddcnLY4V/TfL07+xgQGHCBR88cnzG9h6rC9qWxt6C3nug3YDVQfkdCDgnW9A8QEvLeq/KVLoRccpJNEENb2Y5ESUXHi1+PtjkFBtvfSgZ4eEhVggirL0bJdWVm700hCnjb2iCGSbSX7WflfPi0GSmjht983caG9OwZDnDzNFt8qGWCxo4bNSThT00JnWEN/6f1BWNOt9YDrxqEyNclqhLL+RDqFsPBFIrQlsoXzqpWqCL8oS9UMNxbGATK2v3d5ueE9+SswBAFBhirCuqZw19Ri2W loginUrlPost: https://dev-206445.oktapreview.com/app/tivolidev206445_acmeidntest_1/exktq4o24bmQA4fr60h7/sso/saml loginUrlRedirect: https://dev-206445.oktapreview.com/app/tivolidev206445_acmeidntest_1/exktq4o24bmQA4fr60h7/sso/saml logoutUrl: https://dev-206445.oktapreview.com/login/signout nameId: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST authnContext: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport includeAuthnContext: true mappingAttribute: email jitConfiguration: enabled: true sourceId: 2c9180897427f3a501745042afc83144 sourceAttributeMappings: firstName: okta.firstName lastName: okta.lastName email: okta.email certificateExpirationDate: Thu May 26 21:31:59 GMT 2033 certificateName: EMAILADDRESS=info@okta.com, CN=dev-206445, OU=SSOProvider, O=Okta, L=San Francisco, ST=California, C=US - role: SAML_SP entityId: https://acme.identitysoon.com/sp alias: acme-sp callbackUrl: https://acme.test-login.sailpoint.com/saml/SSO/alias/acme-sp legacyAcsUrl: https://megapod-useast1-sso.identitysoon.com/sso/Consumer/metaAlias/acme/sp SessionConfiguration: type: object title: Session Configuration properties: maxIdleTime: type: integer format: int32 description: The maximum time in minutes a session can be idle. example: 15 rememberMe: type: boolean description: Denotes if 'remember me' is enabled. default: false example: true maxSessionTime: type: integer format: int32 description: The maximum allowable session time in minutes. example: 45 AuthUser: type: object title: Auth User properties: tenant: type: string description: Tenant name. example: test-tenant id: type: string description: Identity ID. example: 2c91808458ae7a4f0158b1bbf8af0628 uid: type: string description: Identity's unique identitifier. example: will.smith profile: type: string description: ID of the auth profile associated with the auth user. example: 2c91808458ae7a4f0158b1bbf8af0756 identificationNumber: type: string description: Auth user's employee number. example: 19-5588452 nullable: true email: type: string description: Auth user's email. example: william.smith@example.com nullable: true phone: type: string description: Auth user's phone number. example: '5555555555' nullable: true workPhone: type: string description: Auth user's work phone number. example: '5555555555' nullable: true personalEmail: type: string description: Auth user's personal email. example: william.smith@example.com nullable: true firstname: type: string description: Auth user's first name. example: Will nullable: true lastname: type: string description: Auth user's last name. example: Smith nullable: true displayName: type: string description: Auth user's name in displayed format. example: Will Smith alias: type: string description: Auth user's alias. example: will.smith lastPasswordChangeDate: type: string format: date-time description: Date of last password change. example: '2021-03-08T22:37:33.901Z' nullable: true lastLoginTimestamp: description: Timestamp of the last login (long type value). type: integer format: int64 example: 1656327185832 currentLoginTimestamp: description: Timestamp of the current login (long type value). type: integer format: int64 example: 1656327185832 lastUnlockTimestamp: type: string format: date-time description: The date and time when the user was last unlocked. example: '2021-03-08T22:37:33.901Z' nullable: true capabilities: description: Array of the auth user's capabilities. type: array nullable: true items: type: string enum: - CERT_ADMIN - CLOUD_GOV_ADMIN - CLOUD_GOV_USER - HELPDESK - ORG_ADMIN - REPORT_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN - SAAS_MANAGEMENT_ADMIN - SAAS_MANAGEMENT_READER - SOURCE_ADMIN - SOURCE_SUBADMIN - das:ui-administrator - das:ui-compliance_manager - das:ui-auditor - das:ui-data-scope - sp:aic-dashboard-read - sp:aic-dashboard-write - sp:ui-config-hub-admin - sp:ui-config-hub-backup-admin - sp:ui-config-hub-read example: ORG_ADMIN CampaignAlert: type: object title: Campaign Alert properties: level: type: string enum: - ERROR - WARN - INFO description: Denotes the level of the message example: ERROR localizations: type: array items: $ref: '#/components/schemas/ErrorMessageDto' SlimCampaign: type: object title: Slim Campaign required: - name - description - type properties: id: type: string readOnly: true description: Id of the campaign example: 2c9079b270a266a60170a2779fcb0007 name: description: | The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details. type: string example: Manager Campaign description: type: string nullable: true description: | The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details. example: Everyone needs to be reviewed by their manager deadline: type: string format: date-time description: The campaign's completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response. example: '2020-03-15T10:00:01.456Z' type: type: string description: The type of campaign. Could be extended in the future. enum: - MANAGER - SOURCE_OWNER - SEARCH - ROLE_COMPOSITION - MACHINE_ACCOUNT example: MANAGER emailNotificationEnabled: type: boolean description: Enables email notification for this campaign default: false example: false autoRevokeAllowed: type: boolean description: Allows auto revoke for this campaign default: false example: false recommendationsEnabled: type: boolean description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future. default: false example: true status: type: string description: The campaign's current status. readOnly: true enum: - PENDING - STAGED - CANCELING - ACTIVATING - ACTIVE - COMPLETING - COMPLETED - ERROR - ARCHIVED example: ACTIVE correlatedStatus: type: string description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). enum: - CORRELATED - UNCORRELATED example: CORRELATED created: type: string readOnly: true format: date-time description: Created time of the campaign example: '2020-03-03T22:15:13.611Z' totalCertifications: type: integer format: int32 description: The total number of certifications in this campaign. readOnly: true example: 100 completedCertifications: type: integer format: int32 description: The number of completed certifications in this campaign. readOnly: true example: 10 alerts: type: array description: A list of errors and warnings that have accumulated. readOnly: true items: $ref: '#/components/schemas/CampaignAlert' AccessConstraint: type: object title: Access Constraint properties: type: type: string enum: - ENTITLEMENT - ACCESS_PROFILE - ROLE description: Type of Access example: ENTITLEMENT ids: description: Must be set only if operator is SELECTED. type: array items: type: string example: - 2c90ad2a70ace7d50170acf22ca90010 operator: type: string enum: - ALL - SELECTED description: Used to determine whether the scope of the campaign should be reduced for selected ids or all. example: SELECTED required: - type - operator Campaign-2: type: object title: Campaign allOf: - $ref: '#/components/schemas/SlimCampaign' - type: object properties: modified: type: string readOnly: true format: date-time description: Modified time of the campaign example: '2020-03-03T22:20:12.674Z' filter: type: object description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank. properties: id: type: string description: The ID of whatever type of filter is being used. example: 0fbe863c063c4c88a35fd7f17e8a3df5 type: type: string description: Type of the filter enum: - CAMPAIGN_FILTER example: CAMPAIGN_FILTER name: type: string description: Name of the filter example: Test Filter sunsetCommentsRequired: type: boolean description: Determines if comments on sunset date changes are required. default: true example: true sourceOwnerCampaignInfo: type: object description: Must be set only if the campaign type is SOURCE_OWNER. properties: sourceIds: type: array description: The list of sources to be included in the campaign. items: type: string example: - 0fbe863c063c4c88a35fd7f17e8a3df5 searchCampaignInfo: type: object description: Must be set only if the campaign type is SEARCH. properties: type: type: string description: The type of search campaign represented. enum: - IDENTITY - ACCESS example: ACCESS description: type: string description: Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available. example: Search Campaign description reviewer: type: object description: If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP. properties: type: type: string description: The reviewer's DTO type. enum: - GOVERNANCE_GROUP - IDENTITY example: IDENTITY id: type: string description: The reviewer's ID. example: 2c91808568c529c60168cca6f90c1313 name: type: string description: The reviewer's name. example: William Wilson query: type: string description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set. example: Search Campaign query description identityIds: type: array description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set. items: type: string example: - 0fbe863c063c4c88a35fd7f17e8a3df5 accessConstraints: type: array description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access. items: $ref: '#/components/schemas/AccessConstraint' maxItems: 1000 required: - type roleCompositionCampaignInfo: type: object description: Optional configuration options for role composition campaigns. properties: reviewer: type: object description: If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP. properties: type: type: string description: The reviewer's DTO type. enum: - GOVERNANCE_GROUP - IDENTITY example: IDENTITY id: type: string description: The reviewer's ID. example: 2c91808568c529c60168cca6f90c1313 name: type: string description: The reviewer's name. example: William Wilson roleIds: type: array description: Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included. items: type: string example: - 2c90ad2a70ace7d50170acf22ca90010 remediatorRef: type: object description: This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is 'IDENTITY', and the chosen identity must be a Role Admin or Org Admin. properties: type: type: string enum: - IDENTITY description: Legal Remediator Type example: IDENTITY id: type: string description: The ID of the remediator. example: 2c90ad2a70ace7d50170acf22ca90010 name: type: string description: The name of the remediator. readOnly: true example: Role Admin required: - type - id query: type: string description: Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included. example: Search Query description: type: string description: Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available. example: Role Composition Description required: - remediatorRef machineAccountCampaignInfo: type: object description: Must be set only if the campaign type is MACHINE_ACCOUNT. properties: sourceIds: type: array description: The list of sources to be included in the campaign. items: type: string example: - 0fbe863c063c4c88a35fd7f17e8a3df5 reviewerType: type: string description: The reviewer's type. enum: - ACCOUNT_OWNER example: ACCOUNT_OWNER sourcesWithOrphanEntitlements: type: array description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented). readOnly: true items: type: object properties: id: type: string description: Id of the source example: 2c90ad2a70ace7d50170acf22ca90010 type: type: string enum: - SOURCE description: Type example: SOURCE name: type: string description: Name of the source example: Source with orphan entitlements mandatoryCommentRequirement: type: string description: Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions. enum: - ALL_DECISIONS - REVOKE_ONLY_DECISIONS - NO_DECISIONS example: NO_DECISIONS AdminReviewReassign: type: object title: Admin Review Reassign properties: certificationIds: description: List of certification IDs to reassign type: array items: type: string minItems: 1 maxItems: 250 example: - af3859464779471211bb8424a563abc1 - af3859464779471211bb8424a563abc2 - af3859464779471211bb8424a563abc3 reassignTo: type: object properties: id: type: string description: The identity ID to which the review is being assigned. example: ef38f94347e94562b5bb8424a56397d8 type: type: string description: The type of the ID provided. enum: - IDENTITY example: IDENTITY reason: type: string description: Comment to explain why the certification was reassigned example: reassigned for some reason ReassignmentTrailDTO: type: object title: Reassignment Trail DTO properties: previousOwner: type: string description: The ID of previous owner identity. example: ef38f94347e94562b5bb8424a56397d8 newOwner: type: string description: The ID of new owner identity. example: ef38f94347e94562b5bb8424a56397a3 reassignmentType: type: string description: The type of reassignment. example: AUTOMATIC_REASSIGNMENT ReassignmentTrailDTOList: type: array items: $ref: '#/components/schemas/ReassignmentTrailDTO' description: Reassignment trails that lead to self certification identity example: previousOwner: ef38f94347e94562b5bb8424a56397d8 newOwner: ef38f94347e94562b5bb8424a56397a3 reassignmentType: AUTOMATIC_REASSIGNMENT CertificationTask: type: object title: Certification Task properties: id: type: string description: The ID of the certification task. example: 2c918086719eec070171a7e3355a360a type: type: string description: The type of the certification task. More values may be added in the future. enum: - REASSIGN - ADMIN_REASSIGN - COMPLETE_CERTIFICATION - FINISH_CERTIFICATION - COMPLETE_CAMPAIGN - ACTIVATE_CAMPAIGN - CAMPAIGN_CREATE - CAMPAIGN_DELETE example: ADMIN_REASSIGN targetType: type: string description: The type of item that is being operated on by this task whose ID is stored in the targetId field. enum: - CERTIFICATION - CAMPAIGN example: CAMPAIGN targetId: type: string description: The ID of the item being operated on by this task. example: 2c918086719eec070171a7e3355a834c status: type: string description: The status of the task. enum: - QUEUED - IN_PROGRESS - SUCCESS - ERROR example: QUEUED errors: $ref: '#/components/schemas/ErrorMessageDtoList' description: A list of errors that have been encountered by the task. reassignmentTrailDTOs: $ref: '#/components/schemas/ReassignmentTrailDTOList' description: Reassignment trails that lead to self certification identity created: type: string description: The date and time on which this task was created. format: date-time example: '2020-09-24T18:10:47.693Z' ActivateCampaignOptions: type: object title: Activate Campaign Options properties: timeZone: type: string description: The timezone must be in a valid ISO 8601 format. Timezones in ISO 8601 are represented as UTC (represented as 'Z') or as an offset from UTC. The offset format can be +/-hh:mm, +/-hhmm, or +/-hh. default: Z example: '-05:00' CampaignCompleteOptions: type: object title: Campaign Complete Options properties: autoCompleteAction: description: Determines whether to auto-approve(APPROVE) or auto-revoke(REVOKE) upon campaign completion. type: string enum: - APPROVE - REVOKE default: APPROVE example: REVOKE CampaignsDeleteRequest: type: object title: Campaigns Delete Request properties: ids: description: The ids of the campaigns to delete type: array items: type: string example: - 2c9180887335cee10173490db1776c26 - 2c9180836a712436016a7125a90c0021 SodReportResultDto: type: object title: Sod Report Result Dto description: SOD policy violation report result. properties: type: type: string description: SOD policy violation report result DTO type. enum: - REPORT_RESULT example: REPORT_RESULT id: type: string description: SOD policy violation report result ID. example: 2c9180835d191a86015d28455b4b232a name: type: string description: Human-readable name of the SOD policy violation report result. example: SOD Policy 1 Violation ReportResultReference: allOf: - $ref: '#/components/schemas/SodReportResultDto' - type: object properties: status: type: string description: Status of a SOD policy violation report. enum: - SUCCESS - WARNING - ERROR - TERMINATED - TEMP_ERROR - PENDING example: PENDING ReportType: type: string description: type of a Report enum: - CAMPAIGN_COMPOSITION_REPORT - CAMPAIGN_REMEDIATION_STATUS_REPORT - CAMPAIGN_STATUS_REPORT - CERTIFICATION_SIGNOFF_REPORT example: CAMPAIGN_COMPOSITION_REPORT CampaignReport: type: object title: Campaign Report required: - reportType allOf: - $ref: '#/components/schemas/ReportResultReference' - type: object properties: reportType: $ref: '#/components/schemas/ReportType' lastRunAt: type: string readOnly: true format: date-time description: The most recent date and time this report was run example: type: REPORT_RESULT id: 2c91808568c529c60168cca6f90c1313 name: Campaign Composition Report status: SUCCESS reportType: CAMPAIGN_COMPOSITION_REPORT lastRunAt: '2019-12-19T13:49:37.385Z' CampaignReportsConfig: type: object title: Campaign Reports Configuration properties: identityAttributeColumns: type: array nullable: true description: list of identity attribute columns items: type: string example: - firstname - lastname CriteriaType: type: string enum: - COMPOSITE - ROLE - IDENTITY - IDENTITY_ATTRIBUTE - ENTITLEMENT - ACCESS_PROFILE - SOURCE - ACCOUNT - AGGREGATED_ENTITLEMENT - INVALID_CERTIFIABLE_ENTITY - INVALID_CERTIFIABLE_BUNDLE description: Type of the criteria in the filter. The `COMPOSITE` filter can contain multiple filters in an AND/OR relationship. example: IDENTITY_ATTRIBUTE Operation: type: string enum: - EQUALS - NOT_EQUALS - CONTAINS - STARTS_WITH - ENDS_WITH - AND - OR - null description: Operation on a specific criteria example: EQUALS nullable: true CampaignFilterDetails: type: object title: Campaign Filter Details description: Campaign Filter Details properties: id: type: string description: The unique ID of the campaign filter example: 5ec18cef39020d6fd7a60ad3970aba61 name: type: string description: Campaign filter name. example: Identity Attribute Campaign Filter description: type: string description: Campaign filter description. example: Campaign filter to certify data based on an identity attribute's specified property. owner: type: string description: Owner of the filter. This field automatically populates at creation time with the current user. example: SailPoint Support nullable: true mode: type: string description: Mode/type of filter, either the INCLUSION or EXCLUSION type. The INCLUSION type includes the data in generated campaigns as per specified in the criteria, whereas the EXCLUSION type excludes the data in generated campaigns as per specified in criteria. enum: - INCLUSION - EXCLUSION example: INCLUSION criteriaList: type: array description: List of criteria. items: type: object properties: type: $ref: '#/components/schemas/CriteriaType' operation: $ref: '#/components/schemas/Operation' property: type: string description: Specified key from the type of criteria. example: displayName nullable: true value: type: string description: Value for the specified key from the type of criteria. example: Allie nullable: true negateResult: type: boolean description: If true, the filter will negate the result of the criteria. example: false default: false shortCircuit: type: boolean description: If true, the filter will short circuit the evaluation of the criteria. example: false default: false recordChildMatches: type: boolean description: If true, the filter will record child matches for the criteria. example: false default: false id: type: string description: The unique ID of the criteria. example: 5ec18cef39020d6fd7a60ad3970aba61 nullable: true suppressMatchedItems: type: boolean description: | If this value is true, then matched items will not only be excluded from the campaign, they will also not have archived certification items created. Such items will not appear in the exclusion report. example: false default: false children: type: array description: List of child criteria. items: type: object required: - type - property - value example: - type: IDENTITY_ATTRIBUTE property: displayName value: support operation: CONTAINS negateResult: false shortCircuit: false recordChildMatches: false id: null suppressMatchedItems: false children: null isSystemFilter: type: boolean default: false description: If true, the filter is created by the system. If false, the filter is created by a user. example: false required: - id - name - owner - mode - isSystemFilter CampaignTemplate: type: object title: Campaign Template description: Campaign Template properties: id: type: string description: Id of the campaign template example: 2c9079b270a266a60170a277bb960008 name: type: string description: This template's name. Has no bearing on generated campaigns' names. example: Manager Campaign Template description: type: string description: This template's description. Has no bearing on generated campaigns' descriptions. example: Template for the annual manager campaign. created: type: string description: Creation date of Campaign Template readOnly: true format: date-time example: '2020-03-05T22:44:00.364Z' modified: type: string nullable: true description: Modification date of Campaign Template readOnly: true format: date-time example: '2020-03-05T22:52:09.969Z' scheduled: type: boolean readOnly: true description: Indicates if this campaign template has been scheduled. example: false default: false ownerRef: type: object readOnly: true description: The owner of this template, and the owner of campaigns generated from this template via a schedule. This field is automatically populated at creation time with the current user. properties: id: type: string description: Id of the owner example: 2c918086676d3e0601677611dbde220f type: type: string enum: - IDENTITY description: Type of the owner example: IDENTITY name: type: string description: Name of the owner example: Mister Manager email: type: string description: Email of the owner example: mr.manager@example.com deadlineDuration: type: string description: The time period during which the campaign should be completed, formatted as an ISO-8601 Duration. When this template generates a campaign, the campaign's deadline will be the current date plus this duration. For example, if generation occurred on 2020-01-01 and this field was "P2W" (two weeks), the resulting campaign's deadline would be 2020-01-15 (the current date plus 14 days). example: P2W campaign: $ref: '#/components/schemas/Campaign-2' required: - name - description - created - modified - campaign Schedule-2: type: object title: Schedule properties: type: type: string description: Determines the overall schedule cadence. In general, all time period fields smaller than the chosen type can be configured. For example, a DAILY schedule can have 'hours' set, but not 'days'; a WEEKLY schedule can have both 'hours' and 'days' set. enum: - WEEKLY - MONTHLY - ANNUALLY - CALENDAR example: WEEKLY months: type: object nullable: true description: | Specifies which months of a schedule are active. Only valid for ANNUALLY schedule types. Examples: On February and March: * type LIST * values "2", "3" Every 3 months, starting in January (quarterly): * type LIST * values "1" * interval 3 Every two months between July and December: * type RANGE * values "7", "12" * interval 2 properties: type: type: string description: Enum type to specify months value enum: - LIST - RANGE example: LIST values: type: array description: Values of the months based on the enum type mentioned above items: type: string example: - '1' interval: type: integer example: 2 format: int64 description: Interval between the cert generations required: - type - values days: type: object description: | Specifies which day(s) a schedule is active for. This is required for all schedule types. The "values" field holds different data depending on the type of schedule: * WEEKLY: days of the week (1-7) * MONTHLY: days of the month (1-31, L, L-1...) * ANNUALLY: if the "months" field is also set: days of the month (1-31, L, L-1...); otherwise: ISO-8601 dates without year ("--12-31") * CALENDAR: ISO-8601 dates ("2020-12-31") Note that CALENDAR only supports the LIST type, and ANNUALLY does not support the RANGE type when provided with ISO-8601 dates without year. Examples: On Sundays: * type LIST * values "1" The second to last day of the month: * type LIST * values "L-1" From the 20th to the last day of the month: * type RANGE * values "20", "L" Every March 2nd: * type LIST * values "--03-02" On March 2nd, 2021: * type: LIST * values "2021-03-02" properties: type: type: string description: Enum type to specify days value enum: - LIST - RANGE example: LIST values: type: array description: Values of the days based on the enum type mentioned above items: type: string example: - '1' interval: type: integer example: 2 format: int64 description: Interval between the cert generations nullable: true required: - type - values hours: type: object description: | Specifies which hour(s) a schedule is active for. Examples: Every three hours starting from 8AM, inclusive: * type LIST * values "8" * interval 3 During business hours: * type RANGE * values "9", "5" At 5AM, noon, and 5PM: * type LIST * values "5", "12", "17" properties: type: type: string description: Enum type to specify hours value enum: - LIST - RANGE example: LIST values: type: array description: Values of the days based on the enum type mentioned above items: type: string example: - '1' interval: type: integer format: int64 example: 2 description: Interval between the cert generations nullable: true required: - type - values expiration: type: string format: date-time description: Specifies the time after which this schedule will no longer occur. example: '2022-09-19 13:55:26' nullable: true timeZoneId: type: string description: The time zone to use when running the schedule. For instance, if the schedule is scheduled to run at 1AM, and this field is set to "CST", the schedule will run at 1AM CST. example: CST required: - type - hours CampaignReference: type: object title: Campaign Reference required: - id - name - type - campaignType - description - correlatedStatus - mandatoryCommentRequirement properties: id: type: string description: The unique ID of the campaign. example: ef38f94347e94562b5bb8424a56397d8 name: type: string description: The name of the campaign. example: Campaign Name type: type: string enum: - CAMPAIGN description: The type of object that is being referenced. example: CAMPAIGN campaignType: type: string enum: - MANAGER - SOURCE_OWNER - SEARCH description: The type of the campaign. example: MANAGER description: type: string description: The description of the campaign set by the admin who created it. nullable: true example: A description of the campaign correlatedStatus: type: string description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). enum: - CORRELATED - UNCORRELATED example: CORRELATED mandatoryCommentRequirement: type: string description: Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions. enum: - ALL_DECISIONS - REVOKE_ONLY_DECISIONS - NO_DECISIONS example: NO_DECISIONS CertificationPhase: type: string description: | The current phase of the campaign. * `STAGED`: The campaign is waiting to be activated. * `ACTIVE`: The campaign is active. * `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete. enum: - STAGED - ACTIVE - SIGNED example: ACTIVE IdentityCertificationDto: type: object title: Identity Certification Dto properties: id: example: 2c9180835d2e5168015d32f890ca1581 type: string description: id of the certification name: example: Source Owner Access Review for Employees [source] type: string description: name of the certification campaign: $ref: '#/components/schemas/CampaignReference' completed: type: boolean description: Have all decisions been made? example: true identitiesCompleted: type: integer description: The number of identities for whom all decisions have been made and are complete. example: 5 format: int32 identitiesTotal: type: integer description: The total number of identities in the Certification, both complete and incomplete. example: 10 format: int32 created: example: '2018-06-25T20:22:28.104Z' format: date-time type: string description: created date modified: example: '2018-06-25T20:22:28.104Z' format: date-time type: string description: modified date decisionsMade: type: integer description: The number of approve/revoke/acknowledge decisions that have been made. example: 20 format: int32 decisionsTotal: type: integer description: The total number of approve/revoke/acknowledge decisions. example: 40 format: int32 due: type: string format: date-time description: The due date of the certification. example: '2018-10-19T13:49:37.385Z' nullable: true signed: type: string format: date-time nullable: true description: The date the reviewer signed off on the Certification. example: '2018-10-19T13:49:37.385Z' reviewer: $ref: '#/components/schemas/Reviewer' reassignment: $ref: '#/components/schemas/Reassignment' hasErrors: description: Identifies if the certification has an error type: boolean example: false errorMessage: description: Description of the certification error nullable: true type: string example: The certification has an error phase: $ref: '#/components/schemas/CertificationPhase' DataAccess: type: object title: Data Access description: DAS data for the entitlement nullable: true properties: policies: type: array description: List of classification policies that apply to resources the entitlement \ groups has access to items: type: object properties: value: type: string description: Value of the policy example: GDPR-20 categories: type: array description: List of classification categories that apply to resources the entitlement \ groups has access to items: type: object properties: value: type: string description: Value of the category example: email-7 matchCount: type: integer description: Number of matched for each category example: 10 impactScore: type: object properties: value: type: string description: Impact Score for this data example: Medium ActivityInsights: type: object title: Activity Insights description: Insights into account activity properties: accountID: type: string description: UUID of the account example: c4ddd5421d8549f0abd309162cafd3b1 usageDays: type: integer format: int32 minimum: 0 maximum: 90 description: The number of days of activity example: 45 usageDaysState: type: string enum: - COMPLETE - UNKNOWN description: Status indicating if the activity is complete or unknown example: COMPLETE ReviewableEntitlement: type: object nullable: true properties: id: type: string description: The id for the entitlement example: 2c918085718230600171993742c63558 name: type: string description: The name of the entitlement example: CN=entitlement.bbb7c650 description: nullable: true type: string description: Information about the entitlement example: Gives read/write access to the company database privileged: type: boolean example: false default: false description: Indicates if the entitlement is a privileged entitlement owner: $ref: '#/components/schemas/IdentityReferenceWithNameAndEmail' attributeName: type: string description: The name of the attribute on the source example: memberOf attributeValue: type: string description: The value of the attribute on the source example: CN=entitlement.bbb7c650 sourceSchemaObjectType: type: string description: The schema object type on the source used to represent the entitlement and its attributes example: groups sourceName: type: string description: The name of the source for which this entitlement belongs example: ODS-AD-Source sourceType: type: string description: The type of the source for which the entitlement belongs example: Active Directory - Direct sourceId: type: string description: The ID of the source for which the entitlement belongs example: 78ca6be511cb41fbb86dba2fcca7780c hasPermissions: type: boolean default: false description: Indicates if the entitlement has permissions example: false isPermission: type: boolean default: false description: Indicates if the entitlement is a representation of an account permission example: false revocable: type: boolean default: false description: Indicates whether the entitlement can be revoked example: true cloudGoverned: type: boolean default: false description: True if the entitlement is cloud governed example: false containsDataAccess: type: boolean description: True if the entitlement has DAS data default: false example: true dataAccess: $ref: '#/components/schemas/DataAccess' account: type: object nullable: true description: Information about the status of the entitlement properties: nativeIdentity: type: string description: The native identity for this account example: CN=Alison Ferguso disabled: type: boolean default: false example: false description: Indicates whether this account is currently disabled locked: type: boolean default: false example: false description: Indicates whether this account is currently locked type: $ref: '#/components/schemas/DtoType' id: nullable: true type: string description: The id associated with the account example: 2c9180857182305e0171993737eb29e6 name: nullable: true type: string description: The account name example: Alison Ferguso created: nullable: true type: string format: date-time description: When the account was created example: '2020-04-20T20:11:05.067Z' modified: nullable: true type: string format: date-time description: When the account was last modified example: '2020-05-20T18:57:16.987Z' activityInsights: $ref: '#/components/schemas/ActivityInsights' description: nullable: true type: string description: Information about the account example: Account for Read/write to the company database governanceGroupId: nullable: true type: string description: The id associated with the machine Account Governance Group example: 2c9180857182305e0171993737eb29e6 owner: type: object nullable: true description: Information about the machine account owner properties: id: nullable: true type: string description: The id associated with the machine account owner example: 2c9180857182305e0171993737eb29e8 type: type: string enum: - IDENTITY description: An enumeration of the types of Owner supported within the IdentityNow infrastructure. example: IDENTITY displayName: nullable: true type: string description: The machine account owner's display name example: Alison Ferguson ReviewableAccessProfile: type: object properties: id: type: string description: The id of the Access Profile example: 2c91808a7190d06e01719938fcd20792 name: type: string description: Name of the Access Profile example: Employee-database-read-write description: type: string description: Information about the Access Profile example: Collection of entitlements to read/write the employee database privileged: type: boolean description: Indicates if the entitlement is a privileged entitlement example: false cloudGoverned: type: boolean description: True if the entitlement is cloud governed example: false endDate: nullable: true type: string format: date-time description: The date at which a user's access expires example: '2021-12-25T00:00:00.000Z' owner: $ref: '#/components/schemas/IdentityReferenceWithNameAndEmail' description: Owner of the Access Profile entitlements: type: array description: A list of entitlements associated with this Access Profile items: $ref: '#/components/schemas/ReviewableEntitlement' created: type: string description: Date the Access Profile was created. format: date-time example: '2021-01-01T22:32:58.104Z' modified: type: string description: Date the Access Profile was last modified. format: date-time example: '2021-02-01T22:32:58.104Z' ReviewableRole: type: object nullable: true properties: id: type: string description: The id for the Role example: 2c91808a7190d06e0171993907fd0794 name: type: string description: The name of the Role example: Accounting-Employees description: type: string description: Information about the Role example: Role for members of the accounting department with the necessary Access Profiles privileged: type: boolean description: Indicates if the entitlement is a privileged entitlement example: false owner: $ref: '#/components/schemas/IdentityReferenceWithNameAndEmail' revocable: type: boolean description: Indicates whether the Role can be revoked or requested example: false endDate: type: string format: date-time description: The date when a user's access expires. example: '2021-12-25T00:00:00.000Z' accessProfiles: type: array description: The list of Access Profiles associated with this Role items: $ref: '#/components/schemas/ReviewableAccessProfile' entitlements: type: array description: The list of entitlements associated with this Role items: $ref: '#/components/schemas/ReviewableEntitlement' AccessSummary: type: object title: Access Summary description: An object holding the access that is being reviewed properties: access: type: object properties: type: description: The type of item being certified $ref: '#/components/schemas/DtoType' id: type: string description: The ID of the item being certified example: 2c9180867160846801719932c5153fb7 name: type: string description: The name of the item being certified example: Entitlement for Company Database entitlement: $ref: '#/components/schemas/ReviewableEntitlement' accessProfile: $ref: '#/components/schemas/ReviewableAccessProfile' role: $ref: '#/components/schemas/ReviewableRole' CertificationIdentitySummary: type: object title: Certification Identity Summary properties: id: type: string description: The ID of the identity summary example: 2c91808772a504f50172a9540e501ba7 name: type: string description: Name of the linked identity example: Alison Ferguso identityId: type: string description: The ID of the identity being certified example: 2c9180857182306001719937377a33de completed: type: boolean description: Indicates whether the review items for the linked identity's certification have been completed example: true CertificationDecision: type: string description: The decision to approve or revoke the review item enum: - APPROVE - REVOKE example: APPROVE AccessReviewItem: type: object title: Access Review Item properties: accessSummary: $ref: '#/components/schemas/AccessSummary' identitySummary: $ref: '#/components/schemas/CertificationIdentitySummary' id: type: string description: The review item's id example: ef38f94347e94562b5bb8424a56397d8 completed: type: boolean description: Whether the review item is complete example: false newAccess: type: boolean description: Indicates whether the review item is for new access to a source example: false decision: $ref: '#/components/schemas/CertificationDecision' comments: nullable: true type: string description: Comments for this review item example: This user still needs access to this source ReviewRecommendation: type: object title: Review Recommendation properties: recommendation: type: string description: The recommendation from IAI at the time of the decision. This field will be null if no recommendation was made. example: null nullable: true reasons: type: array items: type: string description: A list of reasons for the recommendation. example: - Reason 1 - Reason 2 timestamp: type: string format: date-time description: The time at which the recommendation was recorded. example: '2020-06-01T13:49:37.385Z' ReviewDecision: type: object title: Review Decision properties: id: type: string description: The id of the review decision example: ef38f94347e94562b5bb8424a56397d8 decision: $ref: '#/components/schemas/CertificationDecision' proposedEndDate: type: string format: date-time example: '2017-07-11T18:45:37.098Z' description: The date at which a user's access should be taken away. Should only be set for `REVOKE` decisions. bulk: type: boolean description: Indicates whether decision should be marked as part of a larger bulk decision example: true recommendation: nullable: true $ref: '#/components/schemas/ReviewRecommendation' comments: type: string description: Comments recorded when the decision was made example: This user no longer needs access to this source required: - id - decision - bulk ReassignReference: type: object title: Reassign Reference properties: id: type: string description: The ID of item or identity being reassigned. example: ef38f94347e94562b5bb8424a56397d8 type: type: string description: The type of item or identity being reassigned. enum: - TARGET_SUMMARY - ITEM - IDENTITY_SUMMARY example: ITEM required: - id - type ReviewReassign: type: object title: Review Reassign properties: reassign: type: array items: $ref: '#/components/schemas/ReassignReference' reassignTo: type: string description: The ID of the identity to which the certification is reassigned example: ef38f94347e94562b5bb8424a56397d8 reason: type: string description: The reason comment for why the reassign was made example: reassigned for some reason required: - reassign - reassignTo - reason IdentityCertDecisionSummary: type: object title: Identity Cert Decision Summary properties: entitlementDecisionsMade: type: integer description: Number of entitlement decisions that have been made example: 3 format: int32 accessProfileDecisionsMade: type: integer description: Number of access profile decisions that have been made example: 5 format: int32 roleDecisionsMade: type: integer description: Number of role decisions that have been made example: 2 format: int32 accountDecisionsMade: type: integer description: Number of account decisions that have been made example: 4 format: int32 entitlementDecisionsTotal: type: integer description: The total number of entitlement decisions on the certification, both complete and incomplete example: 6 format: int32 accessProfileDecisionsTotal: type: integer description: The total number of access profile decisions on the certification, both complete and incomplete example: 10 format: int32 roleDecisionsTotal: type: integer description: The total number of role decisions on the certification, both complete and incomplete example: 4 format: int32 accountDecisionsTotal: type: integer description: The total number of account decisions on the certification, both complete and incomplete example: 8 format: int32 entitlementsApproved: type: integer description: The number of entitlement decisions that have been made which were approved example: 2 format: int32 entitlementsRevoked: type: integer description: The number of entitlement decisions that have been made which were revoked example: 1 format: int32 accessProfilesApproved: type: integer description: The number of access profile decisions that have been made which were approved example: 3 format: int32 accessProfilesRevoked: type: integer description: The number of access profile decisions that have been made which were revoked example: 2 format: int32 rolesApproved: type: integer description: The number of role decisions that have been made which were approved example: 2 format: int32 rolesRevoked: type: integer description: The number of role decisions that have been made which were revoked example: 0 format: int32 accountsApproved: type: integer description: The number of account decisions that have been made which were approved example: 1 format: int32 accountsRevoked: type: integer description: The number of account decisions that have been made which were revoked example: 3 format: int32 ObjectMappingResponse: type: object title: Object Mapping Response properties: objectMappingId: type: string description: Id of the object mapping example: 3d6e0144-963f-4bd6-8d8d-d77b4e507ce4 objectType: type: string description: Type of the object the mapping value applies to example: IDENTITY enum: - ACCESS_PROFILE - ACCESS_REQUEST_CONFIG - ATTR_SYNC_SOURCE_CONFIG - AUTH_ORG - CAMPAIGN_FILTER - ENTITLEMENT - FORM_DEFINITION - GOVERNANCE_GROUP - IDENTITY - IDENTITY_OBJECT_CONFIG - IDENTITY_PROFILE - LIFECYCLE_STATE - NOTIFICATION_TEMPLATE - PASSWORD_POLICY - PASSWORD_SYNC_GROUP - PUBLIC_IDENTITIES_CONFIG - ROLE - RULE - SEGMENT - SERVICE_DESK_INTEGRATION - SOD_POLICY - SOURCE - TAG - TRANSFORM - TRIGGER_SUBSCRIPTION - WORKFLOW jsonPath: type: string description: JSONPath expression denoting the path within the object where the mapping value should be applied example: $.name sourceValue: type: string description: Original value at the jsonPath location within the object example: My Governance Group Name targetValue: type: string description: Value to be assigned at the jsonPath location within the object example: My New Governance Group Name enabled: type: boolean description: Whether or not this object mapping is enabled default: false example: false created: type: string description: Object mapping creation timestamp example: '2024-03-19T23:18:53.732Z' modified: type: string description: Object mapping latest update timestamp example: '2024-03-19T23:18:53.732Z' ObjectMappingRequest: type: object title: Object Mapping Request required: - objectType - jsonPath - sourceValue - targetValue properties: objectType: type: string description: Type of the object the mapping value applies to, must be one from enum example: IDENTITY enum: - ACCESS_PROFILE - ACCESS_REQUEST_CONFIG - ATTR_SYNC_SOURCE_CONFIG - AUTH_ORG - CAMPAIGN_FILTER - ENTITLEMENT - FORM_DEFINITION - GOVERNANCE_GROUP - IDENTITY - IDENTITY_OBJECT_CONFIG - IDENTITY_PROFILE - LIFECYCLE_STATE - NOTIFICATION_TEMPLATE - PASSWORD_POLICY - PASSWORD_SYNC_GROUP - PUBLIC_IDENTITIES_CONFIG - ROLE - RULE - SEGMENT - SERVICE_DESK_INTEGRATION - SOD_POLICY - SOURCE - TAG - TRANSFORM - TRIGGER_SUBSCRIPTION - WORKFLOW jsonPath: type: string description: JSONPath expression denoting the path within the object where the mapping value should be applied example: $.name sourceValue: type: string description: Original value at the jsonPath location within the object example: My Governance Group Name targetValue: type: string description: Value to be assigned at the jsonPath location within the object example: My New Governance Group Name enabled: type: boolean description: Whether or not this object mapping is enabled default: false example: false ObjectMappingBulkCreateRequest: type: object title: Bulk Create Object Mapping Request required: - newObjectsMappings properties: newObjectsMappings: type: array items: $ref: '#/components/schemas/ObjectMappingRequest' ObjectMappingBulkCreateResponse: type: object title: Bulk Create Object Mapping Response properties: addedObjects: type: array items: $ref: '#/components/schemas/ObjectMappingResponse' ObjectMappingBulkPatchRequest: type: object title: Bulk Update Object Mapping Request required: - patches properties: patches: description: Map of id of the object mapping to a JsonPatchOperation describing what to patch on that object mapping. type: object additionalProperties: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: 603b1a61-d03d-4ed1-864f-a508fbd1995d: - op: replace path: /enabled value: true 00bece34-f50d-4227-8878-76f620b5a971: - op: replace path: /targetValue value: New Target Value ObjectMappingBulkPatchResponse: type: object title: Bulk Update Object Mapping Response properties: patchedObjects: type: array items: $ref: '#/components/schemas/ObjectMappingResponse' ObjectExportImportNames: type: object properties: includedNames: description: Object names to be included in a backup. type: array items: type: string example: Test Object name BackupOptions: type: object nullable: true description: Backup options control what will be included in the backup. properties: includeTypes: type: array description: Object type names to be included in a Configuration Hub backup command. items: type: string enum: - ACCESS_PROFILE - ACCESS_REQUEST_CONFIG - ATTR_SYNC_SOURCE_CONFIG - AUTH_ORG - CAMPAIGN_FILTER - FORM_DEFINITION - GOVERNANCE_GROUP - IDENTITY_OBJECT_CONFIG - IDENTITY_PROFILE - LIFECYCLE_STATE - NOTIFICATION_TEMPLATE - PASSWORD_POLICY - PASSWORD_SYNC_GROUP - PUBLIC_IDENTITIES_CONFIG - ROLE - RULE - SEGMENT - SERVICE_DESK_INTEGRATION - SOD_POLICY - SOURCE - TAG - TRANSFORM - TRIGGER_SUBSCRIPTION - WORKFLOW example: TRIGGER_SUBSCRIPTION objectOptions: description: Additional options targeting specific objects related to each item in the includeTypes field. type: object additionalProperties: $ref: '#/components/schemas/ObjectExportImportNames' example: TRIGGER_SUBSCRIPTION: includedNames: - Trigger Subscription name BackupResponse: type: object properties: jobId: type: string description: Unique id assigned to this backup. example: 3469b87d-48ca-439a-868f-2160001da8c1 status: type: string description: Status of the backup. enum: - NOT_STARTED - IN_PROGRESS - COMPLETE - CANCELLED - FAILED example: COMPLETE type: type: string description: Type of the job, will always be BACKUP for this type of job. enum: - BACKUP example: BACKUP tenant: type: string description: The name of the tenant performing the upload example: tenant-name requesterName: type: string description: The name of the requester. example: Requester Name fileExists: type: boolean default: true description: Whether or not a file was created and stored for this backup. example: true created: type: string format: date-time description: The time the job was started. example: '2021-05-11T22:23:16Z' modified: type: string format: date-time description: The time of the last update to the job. example: '2021-05-11T22:23:16Z' completed: type: string format: date-time description: The time the job was completed. example: '2021-05-11T22:23:16Z' name: type: string description: The name assigned to the upload file in the request body. example: Backup Name userCanDelete: type: boolean default: true description: Whether this backup can be deleted by a regular user. example: false isPartial: type: boolean default: false description: Whether this backup contains all supported object types or only some of them. example: false backupType: type: string description: |- Denotes how this backup was created. - MANUAL - The backup was created by a user. - AUTOMATED - The backup was created by devops. - AUTOMATED_DRAFT - The backup was created during a draft process. - UPLOADED - The backup was created by uploading an existing configuration file. enum: - UPLOADED - AUTOMATED - MANUAL example: MANUAL options: $ref: '#/components/schemas/BackupOptions' hydrationStatus: type: string description: Whether the object details of this backup are ready. enum: - HYDRATED - NOT_HYDRATED example: NOT_HYDRATED totalObjectCount: type: integer format: int64 description: Number of objects contained in this backup. example: 10 cloudStorageStatus: type: string description: Whether this backup has been transferred to a customer storage location. enum: - SYNCED - NOT_SYNCED - SYNC_FAILED example: SYNCED ConnectorDetail: type: object title: Connector Detail properties: name: type: string description: The connector name example: name type: type: string description: The connector type example: ServiceNow className: type: string description: The connector class name example: class name scriptName: type: string description: The connector script name example: servicenow applicationXml: type: string description: The connector application xml example: | correlationConfigXml: type: string description: The connector correlation config xml example: "\n\n\n\n\n\n\t\n\t\t\n\t\t\n\t\t\n\t\n\n" sourceConfigXml: type: string description: The connector source config xml example: |-
sourceConfig: type: string description: The connector source config example: |-
sourceConfigFrom: type: string description: The connector source config origin example: sp-connect s3Location: type: string description: storage path key for this connector example: custom-connector/scriptname uploadedFiles: type: array description: The list of uploaded files supported by the connector. If there was any executable files uploaded to thee connector. Typically this be empty as the executable be uploaded at source creation. nullable: true items: type: string example: - pod/org/connectorFiles/testconnector/test1.jar fileUpload: type: boolean description: true if the source is file upload example: true default: false directConnect: type: boolean description: true if the source is a direct connect source example: true default: false translationProperties: type: object description: A map containing translation attributes by loacale key additionalProperties: true example: de: |- # Copyright (C) 2024 SailPoint Technologies, Inc. All rights reserved. # DO NOT EDIT. This file is generated by "sailpointTranslate" command. menuLabel_ConnectionSettings=Verbindungseinstellungen menuLabel_AggregationSettings=Aggregationseinstellungen sectionLabel_AuthenticationSettings=Verbindungseinstellungen sectionLabel_AggregationSettings=Aggregationseinstellungen sectionInfo_AuthenticationSettings=Konfigurieren Sie eine direkte Verbindung zwischen der Quelle Delinea Secret Server On-Premise und IdentityNow.

Geben Sie bei Zeit\u00fcberschreitung bei Verbindung die maximal erlaubte Zeitdauer (in Minuten) f\u00fcr die Verbindung von IdentityNow mit der Quelle ein.

Geben Sie die Host-URL der Delinea-SCIM-Serverquelle ein.

Geben Sie den API-Token der Quelle zur Authentifizierung ein. sectionInfo_AggregationSettings=Geben Sie die Einstellungen f\u00fcr Ihre Aggregation an.

Geben Sie in das Feld Seitengr\u00f6\u00dfe die Anzahl an Kontoeintr\u00e4gen ein, die auf einer einzelnen Seite aggregiert werden sollen, wenn gro\u00dfe Datens\u00e4tze durchlaufen werden.
\n
Geben Sie im Kontofilter die Bedingungen f\u00fcr den Kontofilter an. Beispiel: userName sw "S"

Geben Sie im Gruppenfilter die Gruppenfilterbedingungen an. Beispiel: displayName sw "S". placeHolder_accAggregation=userName sw "S" placeHolder_grpAggregation=displayName sw "S" placeHolder_host=https://{Delinea_SCIM_Server_host}/v2 docLinkLabel_AuthenticationSettings=Mehr \u00fcber Verbindungseinstellungen docLinkLabel_Filters=Mehr \u00fcber Konto- und Gruppenfilter HostURL=Host-URL ConnectionTimeout=Zeit\u00fcberschreitung bei Verbindung API_TOKEN=API-Token JSONPathMapping=JSON-Path-Attribut-Mapping FilterConditionForAccounts=Kontofilter FilterConditionForGroups=Gruppenfilter Page_Size=Seitengr\u00f6\u00dfe SchemaAttribute=Schema-Attribut JSONpath=JSON-Pfad ShortDesc=Das Integrationsmodul IdentityNow f\u00fcr Delinea Secret Server On-Premise bietet die M\u00f6glichkeit einer tiefen Governance f\u00fcr Konten und Gruppen. Es unterst\u00fctzt au\u00dferdem das End-to-End-Lebenszyklus-Management. connectorMetadata: type: object description: A map containing metadata pertinent to the UI to be used additionalProperties: true example: supportedUI: EXTJS platform: ccg shortDesc: connector description status: type: string enum: - DEPRECATED - DEVELOPMENT - DEMO - RELEASED description: The connector status example: RELEASED V3ConnectorDto: title: custom connector response object type: object properties: name: type: string description: The connector name example: name type: type: string description: The connector type example: ServiceNow scriptName: type: string description: The connector script name example: servicenow className: type: string nullable: true description: The connector class name. example: sailpoint.connector.OpenConnectorAdapter features: type: array description: The list of features supported by the connector nullable: true items: type: string example: - PROVISIONING - SYNC_PROVISIONING - SEARCH - UNSTRUCTURED_TARGETS directConnect: type: boolean description: true if the source is a direct connect source example: true default: false connectorMetadata: type: object additionalProperties: true description: A map containing metadata pertinent to the connector example: supportedUI: ANGULAR platform: ccg shortDesc: connector description status: type: string enum: - DEPRECATED - DEVELOPMENT - DEMO - RELEASED description: The connector status example: RELEASED V3CreateConnectorDto: title: custom connector create request type: object required: - name - className properties: name: type: string description: The connector name. Need to be unique per tenant. The name will able be used to derive a url friendly unique scriptname that will be in response. Script name can then be used for all update endpoints example: custom connector type: type: string description: The connector type. If not specified will be defaulted to 'custom '+name example: custom connector type className: type: string description: The connector class name. If you are implementing openconnector standard (what is recommended), then this need to be set to sailpoint.connector.OpenConnectorAdapter example: sailpoint.connector.OpenConnectorAdapter directConnect: type: boolean description: true if the source is a direct connect source default: true example: true status: type: string enum: - DEVELOPMENT - DEMO - RELEASED description: The connector status example: RELEASED UpdateDetail: type: object title: Update Detail properties: message: type: string description: The detailed message for an update. Typically the relevent error message when status is error. example: unsupported xsd version, please ensure latest xsd version http://www.sailpoint.com/xsd/sailpoint_form_2_0.xsd is used for source config scriptName: type: string description: The connector script name example: servicenow updatedFiles: type: array description: The list of updated files supported by the connector nullable: true items: type: string example: - pod/org/connectorFiles/testconnector/test1.jar status: type: string enum: - ERROR - UPDATED - UNCHANGED - SKIPPED description: The connector update status example: ERROR EmailNotificationOption: type: object title: Email Notification Option description: This is used for representing email configuration for a lifecycle state properties: notifyManagers: type: boolean default: false example: true description: If true, then the manager is notified of the lifecycle state change. notifyAllAdmins: type: boolean default: false example: true description: If true, then all the admins are notified of the lifecycle state change. notifySpecificUsers: type: boolean default: false example: true description: If true, then the users specified in "emailAddressList" below are notified of lifecycle state change. emailAddressList: type: array example: - test@test.com - test2@test.com items: type: string description: List of user email addresses. If "notifySpecificUsers" option is true, then these users are notified of lifecycle state change. AccountAction: type: object title: Account Action description: Object for specifying Actions to be performed on a specified list of sources' account. properties: action: example: ENABLE type: string description: Describes if action will be enable, disable or delete. enum: - ENABLE - DISABLE - DELETE sourceIds: type: array items: type: string uniqueItems: true example: - 2c918084660f45d6016617daa9210584 - 2c918084660f45d6016617daa9210500 description: List of unique source IDs. The sources must have the ENABLE feature or flat file source. See "/sources" endpoint for source features. LifecycleState: allOf: - $ref: '#/components/schemas/BaseCommonDto' - type: object required: - technicalName properties: enabled: type: boolean default: false example: true description: Indicates whether the lifecycle state is enabled or disabled. technicalName: type: string example: Technical Name description: The lifecycle state's technical name. This is for internal use. description: type: string example: Lifecycle description description: Lifecycle state's description. identityCount: type: integer format: int32 example: 42 readOnly: true description: Number of identities that have the lifecycle state. emailNotificationOption: $ref: '#/components/schemas/EmailNotificationOption' accountActions: type: array items: $ref: '#/components/schemas/AccountAction' accessProfileIds: type: array items: type: string uniqueItems: true example: - 2c918084660f45d6016617daa9210584 - 2c918084660f45d6016617daa9210500 description: List of unique access-profile IDs that are associated with the lifecycle state. identityState: type: string nullable: true example: null description: The lifecycle state's associated identity state. This field is generally 'null'. LifecyclestateDeleted: type: object title: Lifecyclestate Deleted description: Deleted lifecycle state. properties: type: type: string description: Deleted lifecycle state's DTO type. enum: - LIFECYCLE_STATE - TASK_RESULT example: LIFECYCLE_STATE id: type: string description: Deleted lifecycle state ID. example: 12345 name: type: string description: Deleted lifecycle state's display name. example: Contractor Lifecycle TransformDefinition: type: object title: Transform Definition properties: type: type: string description: Transform definition type. example: accountAttribute attributes: type: object additionalProperties: true description: Arbitrary key-value pairs to store any metadata for the object example: attributeName: e-mail sourceName: MySource sourceId: 2c9180877a826e68017a8c0b03da1a53 IdentityAttributeTransform: type: object title: Identity Attribute Transform description: Transform definition for an identity attribute. properties: identityAttributeName: type: string description: Identity attribute's name. example: email transformDefinition: $ref: '#/components/schemas/TransformDefinition' description: Seaspray transform definition. IdentityAttributeConfig: type: object title: Identity Attribute Config description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process. properties: enabled: description: Backend will only promote values if the profile/mapping is enabled. type: boolean default: false example: true attributeTransforms: type: array items: $ref: '#/components/schemas/IdentityAttributeTransform' IdentityExceptionReportReference: type: object title: Identity Exception Report Reference nullable: true properties: taskResultId: type: string format: uuid description: Task result ID. example: 2b838de9-db9b-abcf-e646-d4f274ad4238 reportName: type: string example: My annual report description: Report name. IdentityProfileBulkDelete: description: List of Identity Profile IDs to delete. type: array items: type: string example: - 2c9180867b2a34e0017b3078d60b0699 - 2c9180867b2a34e0017b3078d60b0698 TaskResultSimplified: type: object title: Task Result Simplified properties: id: type: string description: Task identifier example: ff8081814d977c21014da056804a0af3 name: type: string description: Task name example: Background Object Terminator c8f030f2-b1a6-4e33-99e8-6935bc18735d description: type: string description: Task description example: Generic task for terminating data in the overlay, used by the TerminationService. launcher: type: string description: User or process who launched the task example: support completed: type: string format: date-time description: Date time of completion example: Mon Aug 21 14:57:39 CDT 2023 launched: type: string format: date-time description: Date time when the task was launched example: Mon Aug 21 14:55:39 CDT 2023 completionStatus: type: string enum: - Success - Warning - Error - Terminated - TempError description: Task result status example: Success IdentityProfileExportedObject: type: object title: Identity Profile Exported Object description: Identity profile exported object. properties: version: type: integer example: 1 description: Version or object from the target service. format: int32 self: type: object description: Self block for exported object. properties: type: type: string description: Exported object's DTO type. enum: - ACCESS_PROFILE - ACCESS_REQUEST_CONFIG - ATTR_SYNC_SOURCE_CONFIG - AUTH_ORG - CAMPAIGN_FILTER - FORM_DEFINITION - GOVERNANCE_GROUP - IDENTITY_OBJECT_CONFIG - IDENTITY_PROFILE - LIFECYCLE_STATE - NOTIFICATION_TEMPLATE - PASSWORD_POLICY - PASSWORD_SYNC_GROUP - PUBLIC_IDENTITIES_CONFIG - ROLE - RULE - SEGMENT - SERVICE_DESK_INTEGRATION - SOD_POLICY - SOURCE - TAG - TRANSFORM - TRIGGER_SUBSCRIPTION - WORKFLOW example: SOURCE id: type: string description: Exported object's ID. example: 2c9180835d191a86015d28455b4b232a name: type: string description: Exported object's display name. example: HR Active Directory object: $ref: '#/components/schemas/IdentityProfile' SpConfigMessage: type: object title: Config Import/Export Message description: Message model for Config Import/Export. properties: key: type: string description: Message key. example: UNKNOWN_REFERENCE_RESOLVER text: type: string description: Message text. example: 'Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]' details: type: object description: Message details if any, in key:value pairs. additionalProperties: true example: details: message details required: - key - text - details ImportObject: type: object title: Import Object description: Object created or updated by import. properties: type: type: string description: DTO type of object created or updated by import. enum: - CONNECTOR_RULE - IDENTITY_OBJECT_CONFIG - IDENTITY_PROFILE - RULE - SOURCE - TRANSFORM - TRIGGER_SUBSCRIPTION example: SOURCE id: type: string description: ID of object created or updated by import. example: 2c9180835d191a86015d28455b4b232a name: type: string description: Display name of object created or updated by import. example: HR Active Directory ObjectImportResult: type: object title: Import Object Response Body description: Response model for import of a single object. properties: infos: description: Informational messages returned from the target service on import. type: array items: $ref: '#/components/schemas/SpConfigMessage' warnings: description: Warning messages returned from the target service on import. type: array items: $ref: '#/components/schemas/SpConfigMessage' errors: description: Error messages returned from the target service on import. type: array items: $ref: '#/components/schemas/SpConfigMessage' importedObjects: description: References to objects that were created or updated by the import. type: array items: $ref: '#/components/schemas/ImportObject' required: - infos - warnings - errors - importedObjects IdentityPreviewRequest: type: object title: Identity Preview Request properties: identityId: type: string format: uuid example: 2c9180857893f12901789445619b0366 description: The Identity id identityAttributeConfig: $ref: '#/components/schemas/IdentityAttributeConfig' IdentityAttributePreview: type: object title: Identity Attribute Preview properties: name: type: string description: Name of the attribute that is being previewed. example: email value: type: string description: Value that was derived during the preview. example: email@mail.com previousValue: type: string description: The value of the attribute before the preview. example: oldEmail@mail.com errorMessages: $ref: '#/components/schemas/ErrorMessageDtoList' description: A list of errors that may have been encountered. IdentityPreviewResponse: type: object title: Identity Preview Response properties: identity: type: object description: Identity's basic details. properties: type: type: string description: Identity's DTO type. enum: - IDENTITY example: IDENTITY id: type: string description: Identity ID. example: 2c7180a46faadee4016fb4e018c20642 name: type: string description: Identity's display name. example: Michael Michaels previewAttributes: type: array items: $ref: '#/components/schemas/IdentityAttributePreview' ManagedClient: description: Managed Client type: object title: Managed Client required: - clientId - clusterId - description - type properties: id: description: ManagedClient ID readOnly: true nullable: true type: string example: 2c9180878eaf4204018eb019c3570003 alertKey: description: ManagedClient alert key readOnly: true nullable: true type: string example: CLIENT_STATUS_NOT_CONFIGURED apiGatewayBaseUrl: nullable: true type: string cookbook: nullable: true type: string ccId: description: Previous CC ID to be used in data migration. (This field will be deleted after CC migration!) nullable: true type: integer format: int64 example: 2248 clientId: description: The client ID used in API management type: string example: 00be54a2-bb6d-402f-9159-beb2d5319347 clusterId: description: Cluster ID that the ManagedClient is linked to type: string example: e1ff7bb24c934240bbf55e1aa39e41c5 description: description: ManagedClient description type: string default: '' example: A short description of the ManagedClient ipAddress: description: The public IP address of the ManagedClient readOnly: true nullable: true type: string example: 123.456.78.90 lastSeen: description: When the ManagedClient was last seen by the server readOnly: true nullable: true type: string format: date-time example: '2020-01-01T00:00:00.000000Z' name: description: ManagedClient name nullable: true type: string default: VA-$clientId example: aName sinceLastSeen: description: Milliseconds since the ManagedClient has polled the server readOnly: true nullable: true type: string example: 15000 status: description: Status of the ManagedClient readOnly: true nullable: true type: string enum: - NORMAL - UNDEFINED - NOT_CONFIGURED - CONFIGURING - WARNING - ERROR - FAILED - null example: NORMAL type: description: Type of the ManagedClient (VA, CCG) type: string example: VA clusterType: description: Cluster Type of the ManagedClient readOnly: true nullable: true type: string enum: - null - idn - iai - spConnectCluster - sqsCluster - das-rc - das-pc - das-dc example: idn vaDownloadUrl: description: ManagedClient VA download URL readOnly: true nullable: true type: string example: aUrl vaVersion: description: Version that the ManagedClient's VA is running readOnly: true nullable: true type: string example: va-megapod-useast1-610-1621372012 secret: description: Client's apiKey nullable: true type: string example: ef878e15eaa8c8d3e2fa52f41125e2a0eeadadc6a14f931a33ad3e1b62d56381 createdAt: description: The date/time this ManagedClient was created example: '2023-08-04T20:48:01.865Z' nullable: true type: string format: date-time updatedAt: description: The date/time this ManagedClient was last updated example: '2023-08-04T20:48:01.865Z' nullable: true type: string format: date-time provisionStatus: description: The provisioning status of the ManagedClient readOnly: true nullable: true type: string enum: - null - PROVISIONED - DRAFT example: PROVISIONED ManagedClientRequest: description: Managed Client Request type: object title: Managed Client Request required: - clusterId properties: clusterId: description: Cluster ID that the ManagedClient is linked to type: string example: aClusterId description: description: description for the ManagedClient to create type: string nullable: true example: A short description of the ManagedClient name: description: name for the ManagedClient to create type: string nullable: true example: aName type: description: Type of the ManagedClient (VA, CCG) to create type: string nullable: true example: VA ManagedClientType: description: Managed Client type type: string example: CCG nullable: true enum: - CCG - VA - INTERNAL - IIQ_HARVESTER - null ManagedClientStatusCode: type: string description: Status of a Managed Client enum: - NORMAL - UNDEFINED - NOT_CONFIGURED - CONFIGURING - WARNING - ERROR - FAILED example: NORMAL ManagedClientStatus: description: Managed Client Status type: object title: Managed Client Status required: - body - status - type - timestamp properties: body: description: ManagedClientStatus body information type: object example: alertKey: '' id: '5678' clusterId: '1234' ccg_etag: ccg_etag123xyz456 ccg_pin: NONE cookbook_etag: 20210420125956-20210511144538 hostname: megapod-useast1-secret-hostname.sailpoint.com internal_ip: 127.0.0.1 lastSeen: '1620843964604' sinceSeen: '14708' sinceSeenMillis: '14708' localDev: false stacktrace: '' state: null status: NORMAL uuid: null product: idn va_version: null platform_version: '2' os_version: 2345.3.1 os_type: flatcar hypervisor: unknown status: description: status of the Managed Client $ref: '#/components/schemas/ManagedClientStatusCode' example: NORMAL type: description: type of the Managed Client $ref: '#/components/schemas/ManagedClientType' example: CCG timestamp: description: timestamp on the Client Status update type: string format: date-time example: '2020-01-01T00:00:00.000000Z' ManagedClusterTypes: type: string description: | The Type of Cluster: * `idn` - IDN VA type * `iai` - IAI harvester VA * `spConnectCluster` - Saas 2.0 connector cluster (this should be one per org) * `sqsCluster` - This should be unused * `das-rc` - Data Access Security Resources Collector * `das-pc` - Data Access Security Permissions Collector * `das-dc` - Data Access Security Data Classification Collector * `pag` - Privilege Action Gateway VA * `das-am` - Data Access Security Activity Monitor * `standard` - Standard Cluster type for running multiple products example: idn enum: - idn - iai - spConnectCluster - sqsCluster - das-rc - das-pc - das-dc - pag - das-am - standard ManagedClusterKeyPair: description: Managed Cluster key pair for Cluster type: object title: Managed Cluster Key Pair properties: publicKey: nullable: true description: ManagedCluster publicKey type: string example: '-----BEGIN PUBLIC KEY-----******-----END PUBLIC KEY-----' publicKeyThumbprint: nullable: true description: ManagedCluster publicKeyThumbprint type: string example: 6CMlaJIV44-xJxcB3CJBjDUUn54 publicKeyCertificate: nullable: true description: ManagedCluster publicKeyCertificate type: string example: '-----BEGIN CERTIFICATE-----****-----END CERTIFICATE-----' ManagedClusterQueue: description: Managed Cluster key pair for Cluster type: object title: Managed Cluster Queue properties: name: description: ManagedCluster queue name type: string example: megapod-useast1-denali-lwt-cluster-1533 region: description: ManagedCluster queue aws region type: string example: us-east-1 ManagedClusterAttributes: description: Managed Cluster Attributes for Cluster Configuration. Supported Cluster Types [sqsCluster, spConnectCluster] type: object title: Managed Cluster Attributes properties: queue: description: ManagedCluster keystore for sqsCluster type $ref: '#/components/schemas/ManagedClusterQueue' keystore: nullable: true description: ManagedCluster keystore for spConnectCluster type type: string example: /u3+7QAAAAIAAAABAAAAAQAvL3Byb3h5LWNsdXN0ZXIvMmM5MTgwODc3Yjg3MW ManagedClusterRedis: description: Managed Cluster Redis Configuration type: object title: Managed Cluster Redis properties: redisHost: description: ManagedCluster redisHost type: string example: megapod-useast1-shared-redis.cloud.sailpoint.com redisPort: description: ManagedCluster redisPort type: integer format: int32 example: 6379 StandardLevel: description: Standard Log4j log level type: string example: INFO enum: - 'OFF' - FATAL - ERROR - WARN - INFO - DEBUG - TRACE LogLevelSpec: description: Mapping of identifiers to Standard Log Level values type: object title: Log Level Spec example: INFO additionalProperties: default: INFO example: TRACE $ref: '#/components/schemas/StandardLevel' ClientLogConfiguration: description: Client Runtime Logging Configuration nullable: true type: object title: Client Log Configuration required: - rootLevel properties: clientId: description: Log configuration's client ID type: string example: 3a38a51992e8445ab51a549c0a70ee66 durationMinutes: description: Duration in minutes for log configuration to remain in effect before resetting to defaults. type: integer format: int32 example: 120 default: 240 minimum: 5 maximum: 1440 expiration: description: Expiration date-time of the log configuration request. Can be no greater than 24 hours from current date-time. example: '2024-11-06T01:31:08.013164Z' type: string format: date-time rootLevel: description: Root log level to apply, the default level for all logs. For more information about logging levels, refer to the "Logging Levels" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107). default: INFO example: INFO $ref: '#/components/schemas/StandardLevel' logLevels: description: Map of log level by key. The keys are logging classes, and the values are logging levels. To see the available connectors and their logging classes, refer to the "Logging Classes" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107). example: sailpoint.connector.ADLDAPConnector: TRACE sailpoint.connector.JDBCConnector: DEBUG $ref: '#/components/schemas/LogLevelSpec' ManagedClusterEncryptionConfig: type: object title: Managed Cluster Encryption Configuration description: Defines the encryption settings for a managed cluster, including the format used for storing and processing encrypted data. properties: format: type: string description: Specifies the format used for encrypted data, such as secrets. The format determines how the encrypted data is structured and processed. example: V3 enum: - V2 - V3 ManagedCluster: description: Managed Cluster type: object title: Managed Cluster required: - id - clientType - ccgVersion properties: id: description: ManagedCluster ID type: string example: e1ff7bb24c934240bbf55e1aa39e41c5 name: description: ManagedCluster name type: string example: Managed Cluster Name pod: description: ManagedCluster pod type: string example: megapod-useast1 org: description: ManagedCluster org type: string example: denali type: description: The Type of Cluster example: idn nullable: false default: idn $ref: '#/components/schemas/ManagedClusterTypes' configuration: description: ManagedProcess configuration map type: object additionalProperties: type: string nullable: true example: clusterExternalId: e1ff7bb24c934240bbf55e1aa39e41c5 clusterType: sqsCluster gmtOffset: '-5' keyPair: description: key pair for the ManagedCluster $ref: '#/components/schemas/ManagedClusterKeyPair' attributes: description: Specific Attributes for Configuring a ManagedCluster by Type $ref: '#/components/schemas/ManagedClusterAttributes' description: description: ManagedCluster description type: string default: q example: A short description of the managed cluster. redis: description: Redis configuration for the ManagedCluster $ref: '#/components/schemas/ManagedClusterRedis' clientType: description: type of client for the ManagedCluster $ref: '#/components/schemas/ManagedClientType' ccgVersion: description: CCG version used by the ManagedCluster type: string example: v01 pinnedConfig: description: boolean flag indicating whether or not the cluster configuration is pinned type: boolean default: false example: false logConfiguration: description: client log configuration for the cluster example: rootLevel: WARN logLevels: foobar: WARN $ref: '#/components/schemas/ClientLogConfiguration' operational: description: Whether or not the cluster is operational or not type: boolean default: false example: false status: description: Cluster status type: string enum: - CONFIGURING - FAILED - NO_CLIENTS - NORMAL - WARNING example: NORMAL publicKeyCertificate: nullable: true description: Public key certificate type: string example: '-----BEGIN CERTIFICATE-----TCCAb2gAwIBAgIBADANBgkqhkiG9w0BAQsFADAuMQ0wCwYDVQQD-----END CERTIFICATE-----' publicKeyThumbprint: nullable: true description: Public key thumbprint type: string example: obc6pLiulGbtZ publicKey: nullable: true description: Public key type: string example: '-----BEGIN PUBLIC KEY-----jANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3WgnsxP52MDgBTfHR+5n4-----END PUBLIC KEY-----' encryptionConfiguration: $ref: '#/components/schemas/ManagedClusterEncryptionConfig' alertKey: description: Key describing any immediate cluster alerts type: string example: LIMITED_RESOURCES clientIds: type: array description: List of clients in a cluster items: type: string example: - '1244' - '1245' serviceCount: description: Number of services bound to a cluster type: integer format: int32 default: 0 example: 6 ccId: description: CC ID only used in calling CC, will be removed without notice when Migration to CEGS is finished type: string default: '0' example: '1533' createdAt: description: The date/time this cluster was created example: '2023-08-04T20:48:01.865Z' nullable: true type: string format: date-time updatedAt: description: The date/time this cluster was last updated example: '2023-08-04T20:48:01.865Z' nullable: true type: string format: date-time lastReleaseNotifiedAt: description: The date/time this cluster was notified for the last release type: string format: date-time nullable: true example: '2025-03-11T07:00:13.729721Z' updatePreferences: description: The preference for applying updates for the cluster type: object properties: processGroups: description: The processGroups for updatePreferences type: string nullable: true example: processGroup1 updateState: description: The current updateState for the cluster type: string nullable: true enum: - null - AUTO - DISABLED example: DISABLED notificationEmail: description: The mail id to which new releases will be notified type: string format: email nullable: true example: test@mail.com currentInstalledReleaseVersion: description: The current installed release on the Managed cluster type: string nullable: true example: '123.1' updatePackage: description: New available updates for the Managed cluster type: string nullable: true example: 123.1.2 isOutOfDateNotifiedAt: description: The time at which out of date notification was sent for the Managed cluster type: string format: date-time nullable: true example: '2025-03-11T07:00:13.734393Z' consolidatedHealthIndicatorsStatus: description: The consolidated Health Status for the Managed cluster type: string nullable: true enum: - null - NORMAL - WARNING - ERROR example: ERROR ManagedClusterRequest: description: Request to create Managed Cluster type: object title: Managed Cluster Request required: - name properties: name: description: ManagedCluster name type: string nullable: false example: Managed Cluster Name type: description: The Type of Cluster example: idn $ref: '#/components/schemas/ManagedClusterTypes' configuration: description: ManagedProcess configuration map type: object additionalProperties: type: string example: clusterExternalId: externalId ccgVersion: 77.0.0 description: description: ManagedCluster description type: string nullable: true example: A short description of the managed cluster. ClientLogConfigurationDurationMinutes: description: Client Runtime Logging Configuration title: Set Duration Minutes nullable: true type: object required: - rootLevel properties: clientId: description: Log configuration's client ID type: string example: 3a38a51992e8445ab51a549c0a70ee66 durationMinutes: description: Duration in minutes for log configuration to remain in effect before resetting to defaults. type: integer format: int32 example: 120 default: 240 minimum: 5 maximum: 1440 rootLevel: description: Root log level to apply, the default level for all logs. For more information about logging levels, refer to the "Logging Levels" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107). default: INFO example: INFO $ref: '#/components/schemas/StandardLevel' logLevels: description: Map of log level by key. The keys are logging classes, and the values are logging levels. To see the available connectors and their logging classes, refer to the "Logging Classes" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107). example: sailpoint.connector.ADLDAPConnector: TRACE sailpoint.connector.JDBCConnector: DEBUG $ref: '#/components/schemas/LogLevelSpec' ClientLogConfigurationExpiration: description: Client Runtime Logging Configuration title: Set Expiration Date nullable: true type: object required: - rootLevel properties: clientId: description: Log configuration's client ID type: string example: 3a38a51992e8445ab51a549c0a70ee66 expiration: description: Expiration date-time of the log configuration request. Can be no greater than 24 hours from current date-time. example: '2024-11-06T01:31:08.013164Z' type: string format: date-time rootLevel: description: Root log level to apply, the default level for all logs. For more information about logging levels, refer to the "Logging Levels" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107). default: INFO example: INFO $ref: '#/components/schemas/StandardLevel' logLevels: description: Map of log level by key. The keys are logging classes, and the values are logging levels. To see the available connectors and their logging classes, refer to the "Logging Classes" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107). example: sailpoint.connector.ADLDAPConnector: TRACE sailpoint.connector.JDBCConnector: DEBUG $ref: '#/components/schemas/LogLevelSpec' MfaOktaConfig: type: object title: Mfa Okta Config properties: mfaMethod: type: string nullable: true description: Mfa method name example: okta-verify enabled: type: boolean description: If MFA method is enabled. default: false example: true host: type: string nullable: true description: The server host name or IP address of the MFA provider. example: example.com accessKey: type: string nullable: true description: The secret key for authenticating requests to the MFA provider. example: qw123Y3QlA5UqocYpdU3rEkzrK2D497y identityAttribute: type: string nullable: true description: Optional. The name of the attribute for mapping IdentityNow identity to the MFA provider. example: email MfaDuoConfig: type: object title: Mfa Duo Config properties: mfaMethod: type: string nullable: true description: Mfa method name example: duo-web enabled: type: boolean description: If MFA method is enabled. default: false example: true host: type: string nullable: true description: The server host name or IP address of the MFA provider. example: example.com accessKey: type: string nullable: true description: The secret key for authenticating requests to the MFA provider. example: qw123Y3QlA5UqocYpdU3rEkzrK2D497y identityAttribute: type: string nullable: true description: Optional. The name of the attribute for mapping IdentityNow identity to the MFA provider. example: email configProperties: description: A map with additional config properties for the given MFA method - duo-web. type: object nullable: true additionalProperties: true example: skey: qwERttyZx1CdlQye2Vwtbsjr3HKddy4BAiCXjc5x ikey: Q123WE45R6TY7890ZXCV KbaQuestion: description: KBA Configuration type: object title: Kba Question properties: id: type: string nullable: false description: KBA Question Id example: 143cfd3b-c23f-426b-ae5f-d3db06fa5919 text: type: string nullable: false description: KBA Question description example: '[{"text":"Nouvelle question MFA -1 ?","locale":"fr"},{"text":"MFA new question -1 ?","locale":""}]' hasAnswer: type: boolean nullable: false description: Denotes whether the KBA question has an answer configured for any user in the tenant example: true numAnswers: type: integer format: int32 nullable: false description: Denotes the number of KBA configurations for this question example: 5 required: - id - text - hasAnswer - numAnswers KbaAnswerRequestItem: type: object title: Kba Answer Request Item properties: id: type: string nullable: false description: Question Id example: c54fee53-2d63-4fc5-9259-3e93b9994135 answer: type: string nullable: false description: An answer for the KBA question example: Your answer required: - id - answer KbaAnswerResponseItem: type: object title: Kba Answer Response Item properties: id: type: string nullable: false description: Question Id example: c54fee53-2d63-4fc5-9259-3e93b9994135 question: type: string nullable: false description: Question description example: '[{"text":"Nouvelle question MFA -1 ?","locale":"fr"},{"text":"MFA new question -1 ?","locale":""}]' hasAnswer: type: boolean nullable: false description: Denotes whether the KBA question has an answer configured for the current user example: true required: - id - question - hasAnswer MfaConfigTestResponse: description: Response model for configuration test of a given MFA method type: object title: Mfa Config Test Response properties: state: type: string enum: - SUCCESS - FAILED description: The configuration test result. example: SUCCESS readOnly: true error: type: string example: MFA Method is disabled. description: The error message to indicate the failure of configuration test. readOnly: true OktaVerificationRequest: type: object title: Okta Verification Request properties: userId: type: string nullable: false description: User identifier for Verification request. The value of the user's attribute. example: example@mail.com required: - userId VerificationResponse: type: object title: Verification Response properties: requestId: type: string nullable: true description: The verificationPollRequest request ID example: 089899f13a8f4da7824996191587bab9 status: type: string enum: - PENDING - SUCCESS - FAILED - LOCKOUT - NOT_ENOUGH_DATA description: MFA Authentication status example: SUCCESS error: type: string nullable: true description: Error messages from MFA verification request example: Unable to connect DUO Service during verification DuoVerificationRequest: type: object title: Duo Verification Request properties: userId: type: string nullable: false description: User id for Verification request. example: 2c9180947f0ef465017f215cbcfd004b signedResponse: type: string nullable: false description: User id for Verification request. example: AUTH|d2lsbC5hbGJpbnxESTZNMFpHSThKQVRWTVpZN0M5VXwxNzAxMjUzMDg5|f1f5f8ced5b340f3d303b05d0efa0e43b6a8f970:APP|d2lsbC5hbGJpbnxESTZNMFpHSThKQVRWTVpZN0M5VXwxNzAxMjU2NjE5|cb44cf44353f5127edcae31b1da0355f87357db2 required: - userId - signedResponse VerificationPollRequest: type: object title: Verification Poll Request properties: requestId: type: string nullable: false description: Verification request Id example: 089899f13a8f4da7824996191587bab9 required: - requestId KbaAuthResponseItem: type: object title: Kba Auth Response Item properties: questionId: type: string nullable: true description: The KBA question id example: 089899f13a8f4da7824996191587bab9 isVerified: type: boolean nullable: true default: null description: Return true if verified example: true KbaAuthResponse: type: object title: Kba Auth Response properties: kbaAuthResponseItems: type: array example: - questionId: 089899f13a8f4da7824996191587bab9 isVerified: false items: $ref: '#/components/schemas/KbaAuthResponseItem' status: type: string enum: - PENDING - SUCCESS - FAILED - LOCKOUT - NOT_ENOUGH_DATA description: MFA Authentication status example: PENDING TokenAuthRequest: type: object title: Token Auth Request properties: token: nullable: false type: string description: Token value example: '12345' userAlias: nullable: false type: string description: User alias from table spt_identity field named 'name' example: will.albin deliveryType: nullable: false type: string enum: - SMS_PERSONAL - VOICE_PERSONAL - SMS_WORK - VOICE_WORK - EMAIL_WORK - EMAIL_PERSONAL description: Token delivery type example: EMAIL_WORK required: - token - userAlias - deliveryType TokenAuthResponse: type: object title: Token Auth Response properties: status: type: string enum: - PENDING - SUCCESS - FAILED - LOCKOUT - NOT_ENOUGH_DATA description: MFA Authentication status example: PENDING SendTokenRequest: type: object title: Send Token Request properties: userAlias: nullable: false type: string description: User alias from table spt_identity field named 'name' example: will.albin deliveryType: nullable: false type: string enum: - SMS_PERSONAL - VOICE_PERSONAL - SMS_WORK - VOICE_WORK - EMAIL_WORK - EMAIL_PERSONAL description: Token delivery type example: EMAIL_WORK required: - userAlias - deliveryType SendTokenResponse: type: object title: Send Token Response properties: requestId: type: string nullable: true description: The token request ID example: 089899f13a8f4da7824996191587bab9 status: type: string enum: - SUCCESS - FAILED description: Status of sending token example: SUCCESS errorMessage: type: string nullable: true description: Error messages from token send request example: Unable to sent text message NonEmployeeRecord: type: object properties: id: type: string format: UUID description: Non-Employee record id. example: ef38f94347e94562b5bb8424a56397d8 accountName: type: string description: Requested identity account name. example: Abby.Smith firstName: type: string description: Non-Employee's first name. example: William lastName: type: string description: Non-Employee's last name. example: Smith email: type: string description: Non-Employee's email. example: william.smith@example.com phone: type: string description: Non-Employee's phone. example: '5125555555' manager: type: string description: The account ID of a valid identity to serve as this non-employee's manager. example: jane.doe sourceId: type: string description: Non-Employee's source id. example: 2c91808568c529c60168cca6f90c1313 data: type: object additionalProperties: type: string description: Additional attributes for a non-employee. Up to 10 custom attributes can be added. example: description: Auditing startDate: type: string format: date-time description: Non-Employee employment start date. example: '2019-08-23T18:52:59.162Z' endDate: type: string format: date-time description: Non-Employee employment end date. example: '2020-08-23T18:52:59.162Z' modified: type: string format: date-time description: When the request was last modified. example: '2019-08-23T18:52:59.162Z' created: type: string format: date-time description: When the request was created. example: '2019-08-23T18:40:35.772Z' NonEmployeeRequestBody: type: object properties: accountName: type: string description: Requested identity account name. example: william.smith firstName: type: string description: Non-Employee's first name. example: William lastName: type: string description: Non-Employee's last name. example: Smith email: type: string description: Non-Employee's email. example: william.smith@example.com phone: type: string description: Non-Employee's phone. example: '5125555555' manager: type: string description: The account ID of a valid identity to serve as this non-employee's manager. example: jane.doe sourceId: type: string description: Non-Employee's source id. example: 2c91808568c529c60168cca6f90c1313 data: type: object additionalProperties: type: string description: Additional attributes for a non-employee. Up to 10 custom attributes can be added. example: description: Auditing startDate: type: string format: date-time description: Non-Employee employment start date. example: '2020-03-24T00:00:00-05:00' endDate: type: string format: date-time description: Non-Employee employment end date. example: '2021-03-25T00:00:00-05:00' required: - accountName - firstName - lastName - email - phone - manager - sourceId - startDate - endDate NonEmployeeSourceLite: type: object properties: id: type: string format: UUID description: Non-Employee source id. example: a0303682-5e4a-44f7-bdc2-6ce6112549c1 sourceId: type: string description: Source Id associated with this non-employee source. example: 2c91808568c529c60168cca6f90c1313 name: type: string description: Source name associated with this non-employee source. example: Retail description: type: string description: Source description associated with this non-employee source. example: Source description NonEmployeeIdentityDtoType: type: string enum: - GOVERNANCE_GROUP - IDENTITY example: IDENTITY description: Identifies if the identity is a normal identity or a governance group NonEmployeeIdentityReferenceWithId: type: object properties: type: $ref: '#/components/schemas/NonEmployeeIdentityDtoType' id: type: string description: Identity id example: 5168015d32f890ca15812c9180835d2e ApprovalStatus: type: string enum: - APPROVED - REJECTED - PENDING - NOT_READY - CANCELLED description: Enum representing the non-employee request approval status example: APPROVED NonEmployeeApprovalItemBase: type: object properties: id: type: string format: UUID description: Non-Employee approval item id example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c approver: $ref: '#/components/schemas/NonEmployeeIdentityReferenceWithId' description: Reference to the associated Identity accountName: type: string description: Requested identity account name example: test.account approvalStatus: $ref: '#/components/schemas/ApprovalStatus' approvalOrder: type: number description: Approval order example: 1 format: float comment: type: string description: comment of approver example: I approve modified: type: string format: date-time description: When the request was last modified. example: '2019-08-23T18:52:59.162Z' created: type: string format: date-time description: When the request was created. example: '2019-08-23T18:40:35.772Z' NonEmployeeRequest: allOf: - $ref: '#/components/schemas/NonEmployeeSourceLite' - type: object properties: accountName: type: string description: Requested identity account name. example: william.smith firstName: type: string description: Non-Employee's first name. example: William lastName: type: string description: Non-Employee's last name. example: Smith email: type: string description: Non-Employee's email. example: william.smith@example.com phone: type: string description: Non-Employee's phone. example: '5125555555' manager: type: string description: The account ID of a valid identity to serve as this non-employee's manager. example: jane.doe nonEmployeeSource: $ref: '#/components/schemas/NonEmployeeSourceLite' data: type: object additionalProperties: type: string description: Additional attributes for a non-employee. Up to 10 custom attributes can be added. example: description: Auditing approvalItems: description: List of approval item for the request type: array items: $ref: '#/components/schemas/NonEmployeeApprovalItemBase' approvalStatus: $ref: '#/components/schemas/ApprovalStatus' comment: type: string description: Comment of requester example: approved completionDate: type: string format: date-time description: When the request was completely approved. example: '2020-03-24T11:11:41.139-05:00' startDate: type: string format: date-time description: Non-Employee employment start date. example: '2020-03-24T00:00:00-05:00' endDate: type: string format: date-time description: Non-Employee employment end date. example: '2021-03-25T00:00:00-05:00' modified: type: string format: date-time description: When the request was last modified. example: '2020-03-24T11:11:41.139-05:00' created: type: string format: date-time description: When the request was created. example: '2020-03-24T11:11:41.139-05:00' NonEmployeeRequestSummary: type: object properties: approved: type: integer description: The number of approved non-employee requests on all sources that *requested-for* user manages. example: 2 format: int32 rejected: type: integer description: The number of rejected non-employee requests on all sources that *requested-for* user manages. example: 2 format: int32 pending: type: integer description: The number of pending non-employee requests on all sources that *requested-for* user manages. example: 2 format: int32 nonEmployeeCount: type: integer description: The number of non-employee records on all sources that *requested-for* user manages. example: 2 format: int32 NonEmployeeSource: allOf: - $ref: '#/components/schemas/NonEmployeeSourceLite' - type: object properties: approvers: description: List of approvers type: array items: $ref: '#/components/schemas/NonEmployeeIdentityReferenceWithId' accountManagers: description: List of account managers type: array items: $ref: '#/components/schemas/NonEmployeeIdentityReferenceWithId' modified: type: string format: date-time description: When the request was last modified. example: '2019-08-23T18:52:59.162Z' created: type: string format: date-time description: When the request was created. example: '2019-08-23T18:40:35.772Z' NonEmployeeSourceWithNECount: allOf: - $ref: '#/components/schemas/NonEmployeeSource' - type: object properties: nonEmployeeCount: type: integer description: Number of non-employee records associated with this source. This value is 'NULL' by default. To get the non-employee count, you must set the `non-employee-count` flag in your request to 'true'. format: int32 example: 120 nullable: true NonEmployeeIdnUserRequest: type: object properties: id: type: string format: UUID description: Identity id. example: 2c91808570313110017040b06f344ec9 required: - id NonEmployeeSourceRequestBody: type: object properties: name: type: string description: Name of non-employee source. example: Retail description: type: string description: Description of non-employee source. example: Source description owner: description: Owner of non-employee source. $ref: '#/components/schemas/NonEmployeeIdnUserRequest' managementWorkgroup: type: string description: The ID for the management workgroup that contains source sub-admins example: '123299' approvers: description: List of approvers. type: array items: $ref: '#/components/schemas/NonEmployeeIdnUserRequest' maxItems: 3 accountManagers: description: List of account managers. type: array items: $ref: '#/components/schemas/NonEmployeeIdnUserRequest' maxItems: 10 required: - owner - name - description NonEmployeeSourceWithCloudExternalId: allOf: - $ref: '#/components/schemas/NonEmployeeSource' - type: object properties: cloudExternalId: type: string description: Legacy ID used for sources from the V1 API. This attribute will be removed from a future version of the API and will not be considered a breaking change. No clients should rely on this ID always being present. example: '99999' NonEmployeeBulkUploadJob: type: object properties: id: type: string description: The bulk upload job's ID. (UUID) example: 2c91808568c529c60168cca6f90cffff sourceId: type: string description: The ID of the source to bulk-upload non-employees to. (UUID) example: 2c91808568c529c60168cca6f90c1313 created: type: string format: date-time description: The date-time the job was submitted. example: '2019-08-23T18:52:59.162Z' modified: type: string format: date-time description: The date-time that the job was last updated. example: '2019-08-23T18:52:59.162Z' status: type: string enum: - PENDING - IN_PROGRESS - COMPLETED - ERROR description: | Returns the following values indicating the progress or result of the bulk upload job. "PENDING" means the job is queued and waiting to be processed. "IN_PROGRESS" means the job is currently being processed. "COMPLETED" means the job has been completed without any errors. "ERROR" means the job failed to process with errors. example: PENDING NonEmployeeBulkUploadStatus: type: object properties: status: type: string enum: - PENDING - IN_PROGRESS - COMPLETED - ERROR description: | Returns the following values indicating the progress or result of the bulk upload job. "PENDING" means the job is queued and waiting to be processed. "IN_PROGRESS" means the job is currently being processed. "COMPLETED" means the job has been completed without any errors. "ERROR" means the job failed to process with errors. null means job has been submitted to the source. example: PENDING NonEmployeeRequestLite: type: object properties: id: type: string format: UUID description: Non-Employee request id. example: ac110005-7156-1150-8171-5b292e3e0084 requester: $ref: '#/components/schemas/NonEmployeeIdentityReferenceWithId' example: type: IDENTITY id: 2c9180866166b5b0016167c32ef31a66 name: William Smith NonEmployeeApprovalItem: allOf: - $ref: '#/components/schemas/NonEmployeeApprovalItemBase' - type: object properties: nonEmployeeRequest: $ref: '#/components/schemas/NonEmployeeRequestLite' NonEmployeeSchemaAttributeType: type: string enum: - TEXT - DATE - IDENTITY description: Enum representing the type of data a schema attribute accepts. example: TEXT NonEmployeeSchemaAttribute: type: object properties: id: type: string format: UUID example: ac110005-7156-1150-8171-5b292e3e0084 description: Schema Attribute Id system: type: boolean description: True if this schema attribute is mandatory on all non-employees sources. example: true default: false modified: type: string format: date-time description: When the schema attribute was last modified. example: '2019-08-23T18:52:59.162Z' created: type: string format: date-time description: When the schema attribute was created. example: '2019-08-23T18:40:35.772Z' type: $ref: '#/components/schemas/NonEmployeeSchemaAttributeType' label: type: string description: Label displayed on the UI for this schema attribute. example: Account Name technicalName: type: string description: The technical name of the attribute. Must be unique per source. example: account.name helpText: type: string description: help text displayed by UI. example: The unique identifier for the account placeholder: type: string description: Hint text that fills UI box. example: Enter a unique user name for this account. required: type: boolean description: If true, the schema attribute is required for all non-employees in the source example: true default: false required: - type - technicalName - label NonEmployeeSourceLiteWithSchemaAttributes: allOf: - $ref: '#/components/schemas/NonEmployeeSourceLite' - type: object properties: schemaAttributes: description: List of schema attributes associated with this non-employee source. type: array items: $ref: '#/components/schemas/NonEmployeeSchemaAttribute' NonEmployeeRequestWithoutApprovalItem: allOf: - $ref: '#/components/schemas/NonEmployeeRequestLite' - type: object properties: accountName: type: string description: Requested identity account name. example: william.smith firstName: type: string description: Non-Employee's first name. example: William lastName: type: string description: Non-Employee's last name. example: Smith email: type: string description: Non-Employee's email. example: william.smith@example.com phone: type: string description: Non-Employee's phone. example: '5125555555' manager: type: string description: The account ID of a valid identity to serve as this non-employee's manager. example: jane.doe nonEmployeeSource: $ref: '#/components/schemas/NonEmployeeSourceLiteWithSchemaAttributes' data: type: object additionalProperties: type: string description: Additional attributes for a non-employee. Up to 10 custom attributes can be added. example: description: Auditing approvalStatus: $ref: '#/components/schemas/ApprovalStatus' comment: type: string description: Comment of requester example: approved completionDate: type: string format: date-time description: When the request was completely approved. example: '2020-03-24T11:11:41.139-05:00' startDate: type: string format: date description: Non-Employee employment start date. example: '2020-03-24' endDate: type: string format: date description: Non-Employee employment end date. example: '2021-03-25' modified: type: string format: date-time description: When the request was last modified. example: '2020-03-24T11:11:41.139-05:00' created: type: string format: date-time description: When the request was created. example: '2020-03-24T11:11:41.139-05:00' NonEmployeeApprovalItemDetail: allOf: - $ref: '#/components/schemas/NonEmployeeApprovalItemBase' - type: object properties: nonEmployeeRequest: $ref: '#/components/schemas/NonEmployeeRequestWithoutApprovalItem' description: Non-Employee request associated to this approval NonEmployeeApprovalDecision: type: object properties: comment: type: string description: Comment on the approval item. maxLength: 4000 example: Approved by manager NonEmployeeRejectApprovalDecision: type: object properties: comment: type: string description: Comment on the approval item. maxLength: 4000 example: approved required: - comment NonEmployeeApprovalSummary: type: object properties: approved: type: integer description: The number of approved non-employee approval requests. format: int32 example: 2 pending: type: integer description: The number of pending non-employee approval requests. format: int32 example: 2 rejected: type: integer description: The number of rejected non-employee approval requests. format: int32 example: 2 NonEmployeeSchemaAttributeBody: type: object properties: type: type: string description: Type of the attribute. Only type 'TEXT' is supported for custom attributes. example: TEXT label: type: string description: Label displayed on the UI for this schema attribute. example: Account Name technicalName: type: string description: The technical name of the attribute. Must be unique per source. example: account.name helpText: type: string description: help text displayed by UI. example: The unique identifier for the account placeholder: type: string description: Hint text that fills UI box. example: Enter a unique user name for this account. required: type: boolean description: If true, the schema attribute is required for all non-employees in the source example: true required: - type - technicalName - label GrantType: description: OAuth2 Grant Type type: string example: CLIENT_CREDENTIALS enum: - CLIENT_CREDENTIALS - AUTHORIZATION_CODE - REFRESH_TOKEN AccessType: type: string enum: - ONLINE - OFFLINE description: Access type of API Client indicating online or offline use example: OFFLINE ClientType: type: string enum: - CONFIDENTIAL - PUBLIC description: Type of an API Client indicating public or confidentials use example: CONFIDENTIAL GetOAuthClientResponse: type: object title: Get O Auth Client Response properties: id: type: string description: ID of the OAuth client example: 2c9180835d2e5168015d32f890ca1581 businessName: type: string nullable: true description: The name of the business the API Client should belong to example: Acme-Solar homepageUrl: type: string nullable: true description: The homepage URL associated with the owner of the API Client example: http://localhost:12345 name: type: string description: A human-readable name for the API Client example: Demo API Client description: type: string nullable: true description: A description of the API Client example: An API client used for the authorization_code, refresh_token, and client_credentials flows accessTokenValiditySeconds: type: integer format: int32 description: The number of seconds an access token generated for this API Client is valid for example: 750 refreshTokenValiditySeconds: type: integer format: int32 description: The number of seconds a refresh token generated for this API Client is valid for example: 86400 redirectUris: type: array nullable: true items: type: string description: A list of the approved redirect URIs used with the authorization_code flow example: - http://localhost:12345 grantTypes: type: array items: $ref: '#/components/schemas/GrantType' description: A list of OAuth 2.0 grant types this API Client can be used with example: - AUTHORIZATION_CODE - CLIENT_CREDENTIALS - REFRESH_TOKEN accessType: $ref: '#/components/schemas/AccessType' description: The access type (online or offline) of this API Client example: OFFLINE type: $ref: '#/components/schemas/ClientType' description: The type of the API Client (public or confidential) example: CONFIDENTIAL internal: type: boolean description: An indicator of whether the API Client can be used for requests internal to IDN example: false enabled: type: boolean description: An indicator of whether the API Client is enabled for use example: true strongAuthSupported: type: boolean description: An indicator of whether the API Client supports strong authentication example: false claimsSupported: type: boolean description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow example: false created: type: string format: date-time description: The date and time, down to the millisecond, when the API Client was created example: '2017-07-11T18:45:37.098Z' modified: type: string format: date-time description: The date and time, down to the millisecond, when the API Client was last updated example: '2018-06-25T20:22:28.104Z' secret: type: string nullable: true metadata: type: string nullable: true lastUsed: type: string nullable: true format: date-time description: The date and time, down to the millisecond, when this API Client was last used to generate an access token. This timestamp does not get updated on every API Client usage, but only once a day. This property can be useful for identifying which API Clients are no longer actively used and can be removed. example: '2017-07-11T18:45:37.098Z' scope: type: array nullable: true items: type: string default: sp:scopes:all description: Scopes of the API Client. example: - demo:api-client-scope:first - demo:api-client-scope:second required: - id - businessName - homepageUrl - name - description - accessTokenValiditySeconds - refreshTokenValiditySeconds - redirectUris - grantTypes - accessType - type - internal - enabled - strongAuthSupported - claimsSupported - created - modified - scope CreateOAuthClientRequest: type: object title: Create O Auth Client Request properties: businessName: type: string nullable: true description: The name of the business the API Client should belong to example: Acme-Solar homepageUrl: type: string nullable: true description: The homepage URL associated with the owner of the API Client example: http://localhost:12345 name: type: string nullable: true description: A human-readable name for the API Client example: Demo API Client description: type: string nullable: true description: A description of the API Client example: An API client used for the authorization_code, refresh_token, and client_credentials flows accessTokenValiditySeconds: description: The number of seconds an access token generated for this API Client is valid for type: integer format: int32 example: 750 refreshTokenValiditySeconds: description: The number of seconds a refresh token generated for this API Client is valid for example: 86400 type: integer format: int32 redirectUris: type: array nullable: true items: type: string description: A list of the approved redirect URIs. Provide one or more URIs when assigning the AUTHORIZATION_CODE grant type to a new OAuth Client. example: - http://localhost:12345 grantTypes: type: array nullable: true items: $ref: '#/components/schemas/GrantType' description: A list of OAuth 2.0 grant types this API Client can be used with example: - AUTHORIZATION_CODE - CLIENT_CREDENTIALS - REFRESH_TOKEN accessType: $ref: '#/components/schemas/AccessType' description: The access type (online or offline) of this API Client example: OFFLINE type: $ref: '#/components/schemas/ClientType' description: The type of the API Client (public or confidential) example: CONFIDENTIAL internal: type: boolean description: An indicator of whether the API Client can be used for requests internal within the product. example: false enabled: type: boolean description: An indicator of whether the API Client is enabled for use example: true strongAuthSupported: type: boolean description: An indicator of whether the API Client supports strong authentication example: false claimsSupported: type: boolean description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow example: false scope: type: array nullable: true items: type: string default: sp:scopes:all description: Scopes of the API Client. If no scope is specified, the client will be created with the default scope "sp:scopes:all". This means the API Client will have all the rights of the owner who created it. example: - demo:api-client-scope:first - demo:api-client-scope:second required: - name - description - accessTokenValiditySeconds - grantTypes - accessType - enabled CreateOAuthClientResponse: type: object title: Create O Auth Client Response properties: id: type: string description: ID of the OAuth client example: 2c9180835d2e5168015d32f890ca1581 secret: type: string description: Secret of the OAuth client (This field is only returned on the intial create call.) example: 5c32dd9b21adb51c77794d46e71de117a1d0ddb36a7ff941fa28014ab7de2cf3 businessName: type: string description: The name of the business the API Client should belong to example: Acme-Solar homepageUrl: type: string description: The homepage URL associated with the owner of the API Client example: http://localhost:12345 name: type: string description: A human-readable name for the API Client example: Demo API Client description: type: string description: A description of the API Client example: An API client used for the authorization_code, refresh_token, and client_credentials flows accessTokenValiditySeconds: description: The number of seconds an access token generated for this API Client is valid for example: 750 type: integer format: int32 refreshTokenValiditySeconds: description: The number of seconds a refresh token generated for this API Client is valid for example: 86400 type: integer format: int32 redirectUris: type: array items: type: string description: A list of the approved redirect URIs used with the authorization_code flow example: - http://localhost:12345 grantTypes: type: array items: $ref: '#/components/schemas/GrantType' description: A list of OAuth 2.0 grant types this API Client can be used with example: - AUTHORIZATION_CODE - CLIENT_CREDENTIALS - REFRESH_TOKEN accessType: $ref: '#/components/schemas/AccessType' description: The access type (online or offline) of this API Client example: OFFLINE type: $ref: '#/components/schemas/ClientType' description: The type of the API Client (public or confidential) example: CONFIDENTIAL internal: type: boolean description: An indicator of whether the API Client can be used for requests internal to IDN example: false enabled: type: boolean description: An indicator of whether the API Client is enabled for use example: true strongAuthSupported: type: boolean description: An indicator of whether the API Client supports strong authentication example: false claimsSupported: type: boolean description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow example: false created: type: string format: date-time description: The date and time, down to the millisecond, when the API Client was created example: '2017-07-11T18:45:37.098Z' modified: type: string format: date-time description: The date and time, down to the millisecond, when the API Client was last updated example: '2018-06-25T20:22:28.104Z' scope: type: array nullable: true items: type: string default: sp:scopes:all description: Scopes of the API Client. example: - demo:api-client-scope:first - demo:api-client-scope:second required: - id - secret - businessName - homepageUrl - name - description - accessTokenValiditySeconds - refreshTokenValiditySeconds - redirectUris - grantTypes - accessType - type - internal - enabled - strongAuthSupported - claimsSupported - created - modified - scope PasswordSyncGroup: type: object title: Password Sync Group properties: id: type: string description: ID of the sync group example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd name: description: Name of the sync group type: string example: Password Sync Group 1 passwordPolicyId: type: string description: ID of the password policy example: 2c91808d744ba0ce01746f93b6204501 sourceIds: type: array description: List of password managed sources IDs items: type: string example: - 2c918084660f45d6016617daa9210584 - 2c918084660f45d6016617daa9210500 created: type: string description: The date and time this sync group was created format: date-time example: '2023-03-16T04:00:00Z' nullable: true modified: type: string description: The date and time this sync group was last modified format: date-time example: '2023-03-16T04:00:00Z' nullable: true PasswordPolicyV3Dto: type: object title: Password Policy V 3 Dto properties: id: type: string description: The password policy Id. example: 2c91808e7d976f3b017d9f5ceae440c8 description: type: string nullable: true description: Description for current password policy. example: Information about the Password Policy name: type: string description: The name of the password policy. example: PasswordPolicy Example dateCreated: type: string format: date-time description: Date the Password Policy was created. example: 1639056206564 lastUpdated: type: string nullable: true format: date-time description: Date the Password Policy was updated. example: 1939056206564 firstExpirationReminder: type: integer format: int64 description: The number of days before expiration remaninder. example: 45 accountIdMinWordLength: type: integer format: int64 description: The minimun length of account Id. By default is equals to -1. example: 4 accountNameMinWordLength: type: integer format: int64 description: The minimun length of account name. By default is equals to -1. example: 6 minAlpha: type: integer format: int64 description: Maximum alpha. By default is equals to 0. example: 5 minCharacterTypes: type: integer format: int64 description: MinCharacterTypes. By default is equals to -1. example: 5 maxLength: type: integer format: int64 description: Maximum length of the password. example: 25 minLength: type: integer format: int64 description: Minimum length of the password. By default is equals to 0. example: 8 maxRepeatedChars: type: integer format: int64 description: Maximum repetition of the same character in the password. By default is equals to -1. example: 3 minLower: type: integer format: int64 description: Minimum amount of lower case character in the password. By default is equals to 0. example: 8 minNumeric: type: integer format: int64 description: Minimum amount of numeric characters in the password. By default is equals to 0. example: 8 minSpecial: type: integer format: int64 description: Minimum amount of special symbols in the password. By default is equals to 0. example: 8 minUpper: type: integer format: int64 description: Minimum amount of upper case symbols in the password. By default is equals to 0. example: 8 passwordExpiration: type: integer format: int64 description: Number of days before current password expires. By default is equals to 90. example: 8 defaultPolicy: type: boolean description: Defines whether this policy is default or not. Default policy is created automatically when an org is setup. This field is false by default. example: true default: false enablePasswdExpiration: type: boolean description: Defines whether this policy is enabled to expire or not. This field is false by default. example: true default: false requireStrongAuthn: type: boolean description: Defines whether this policy require strong Auth or not. This field is false by default. example: true default: false requireStrongAuthOffNetwork: type: boolean description: Defines whether this policy require strong Auth of network or not. This field is false by default. example: true default: false requireStrongAuthUntrustedGeographies: type: boolean description: Defines whether this policy require strong Auth for untrusted geographies. This field is false by default. example: true default: false useAccountAttributes: type: boolean description: Defines whether this policy uses account attributes or not. This field is false by default. example: false default: false useDictionary: type: boolean description: Defines whether this policy uses dictionary or not. This field is false by default. example: false default: false useIdentityAttributes: type: boolean description: Defines whether this policy uses identity attributes or not. This field is false by default. example: false default: false validateAgainstAccountId: type: boolean description: Defines whether this policy validate against account id or not. This field is false by default. example: false default: false validateAgainstAccountName: type: boolean description: Defines whether this policy validate against account name or not. This field is false by default. example: true default: false created: type: string nullable: true modified: type: string nullable: true sourceIds: type: array description: List of sources IDs managed by this password policy. items: type: string example: - 2c91808382ffee0b01830de154f14034 - 2f98808382ffee0b01830de154f12134 PatOwner: type: object title: Pat Owner description: Personal access token owner's identity. properties: type: type: string description: Personal access token owner's DTO type. enum: - IDENTITY example: IDENTITY id: type: string description: Personal access token owner's identity ID. example: 2c9180a46faadee4016fb4e018c20639 name: type: string description: Personal access token owner's human-readable display name. example: Support GetPersonalAccessTokenResponse: type: object title: Get Personal Access Token Response properties: id: type: string description: The ID of the personal access token (to be used as the username for Basic Auth). example: 86f1dc6fe8f54414950454cbb11278fa name: type: string description: The name of the personal access token. Cannot be the same as other personal access tokens owned by a user. example: NodeJS Integration scope: type: array nullable: true items: type: string default: sp:scopes:all description: Scopes of the personal access token. example: - demo:personal-access-token-scope:first - demo:personal-access-token-scope:second owner: $ref: '#/components/schemas/PatOwner' created: type: string format: date-time description: The date and time, down to the millisecond, when this personal access token was created. example: '2017-07-11T18:45:37.098Z' lastUsed: type: string nullable: true format: date-time description: The date and time, down to the millisecond, when this personal access token was last used to generate an access token. This timestamp does not get updated on every PAT usage, but only once a day. This property can be useful for identifying which PATs are no longer actively used and can be removed. example: '2017-07-11T18:45:37.098Z' managed: type: boolean default: false example: false description: If true, this token is managed by the SailPoint platform, and is not visible in the user interface. For example, Workflows will create managed personal access tokens for users who create workflows. accessTokenValiditySeconds: type: integer format: int32 default: 43200 example: 36900 description: Number of seconds an access token is valid when generated using this Personal Access Token. If no value is specified, the token will be created with the default value of 43200. expirationDate: type: string format: date-time default: 6 Months from created date example: '2018-01-11T18:45:37.098Z' description: Date and time, down to the millisecond, when this personal access token will expire. If not provided, the token will expire 6 months after its creation date. The value must be a valid date-time string between the current date and 6 months from the creation date. required: - id - name - scope - owner - created CreatePersonalAccessTokenRequest: type: object title: Create Personal Access Token Request description: Object for specifying the name of a personal access token to create properties: name: type: string description: The name of the personal access token (PAT) to be created. Cannot be the same as another PAT owned by the user for whom this PAT is being created. example: NodeJS Integration scope: type: array nullable: true items: type: string default: sp:scopes:all description: Scopes of the personal access token. If no scope is specified, the token will be created with the default scope "sp:scopes:all". This means the personal access token will have all the rights of the owner who created it. example: - demo:personal-access-token-scope:first - demo:personal-access-token-scope:second accessTokenValiditySeconds: type: integer nullable: true format: int32 minimum: 15 maximum: 43200 items: type: integer format: int32 default: 43200 description: Number of seconds an access token is valid when generated using this Personal Access Token. If no value is specified, the token will be created with the default value of 43200. example: 36900 expirationDate: type: string nullable: true format: date-time items: type: string format: date-time default: 6 Months from created date description: Date and time, down to the millisecond, when this personal access token will expire. If not provided, the token will expire 6 months after its creation date. The value must be a valid date-time string between the current date and 6 months from the creation date. example: '2018-01-11T18:45:37.098Z' required: - name CreatePersonalAccessTokenResponse: type: object title: Create Personal Access Token Response properties: id: type: string description: The ID of the personal access token (to be used as the username for Basic Auth). example: 86f1dc6fe8f54414950454cbb11278fa secret: type: string description: The secret of the personal access token (to be used as the password for Basic Auth). example: 1d1bef2b9f426383447f64f69349fc7cac176042578d205c256ba3f37c59adb9 scope: type: array nullable: true items: type: string default: sp:scopes:all description: Scopes of the personal access token. example: - demo:personal-access-token-scope:first - demo:personal-access-token-scope:second name: type: string description: The name of the personal access token. Cannot be the same as other personal access tokens owned by a user. example: NodeJS Integration owner: $ref: '#/components/schemas/PatOwner' created: type: string format: date-time description: The date and time, down to the millisecond, when this personal access token was created. example: '2017-07-11T18:45:37.098Z' accessTokenValiditySeconds: type: integer format: int32 items: type: integer format: int32 default: 43200 description: Number of seconds an access token is valid when generated using this Personal Access Token. If no value is specified, the token will be created with the default value of 43200. example: 36900 expirationDate: type: string format: date-time items: type: string format: date-time default: 6 Months from created date description: Date and time, down to the millisecond, when this personal access token will expire. If not provided, the token will expire 6 months after its creation date. The value must be a valid date-time string between the current date and 6 months from the creation date. example: '2018-01-11T18:45:37.098Z' required: - id - secret - scope - name - owner - created - accessTokenValiditySeconds - expirationDate IdentityReference: type: object title: Identity Reference nullable: true description: The manager for the identity. properties: type: $ref: '#/components/schemas/DtoType' example: IDENTITY id: type: string description: Identity id example: 2c9180a46faadee4016fb4e018c20639 name: type: string description: Human-readable display name of identity. example: Thomas Edison PublicIdentity: type: object title: Public Identity description: Details about a public identity properties: id: type: string description: Identity id example: 2c9180857182305e0171993735622948 name: type: string description: Human-readable display name of identity. example: Alison Ferguso alias: type: string description: Alternate unique identifier for the identity. example: alison.ferguso email: nullable: true type: string description: Email address of identity. example: alison.ferguso@acme-solar.com status: nullable: true type: string description: The lifecycle status for the identity example: Active identityState: nullable: true type: string enum: - ACTIVE - INACTIVE_SHORT_TERM - INACTIVE_LONG_TERM - null example: ACTIVE description: | The current state of the identity, which determines how Identity Security Cloud interacts with the identity. An identity that is Active will be included identity picklists in Request Center, identity processing, and more. Identities that are Inactive will be excluded from these features. manager: $ref: '#/components/schemas/IdentityReference' description: An identity reference to the manager of this identity attributes: type: array description: The public identity attributes of the identity items: type: object properties: key: type: string description: The attribute key example: country name: type: string description: Human-readable display name of the attribute example: Country value: type: string description: The attribute value example: US nullable: true PublicIdentityAttributeConfig: type: object title: Public Identity Attribute Config description: Used to map an attribute key for an Identity to its display name. properties: key: type: string description: The attribute key example: country name: type: string description: The attribute display name example: Country PublicIdentityConfig: type: object title: Public Identity Config description: Details of up to 5 Identity attributes that will be publicly accessible for all Identities to anyone in the org. properties: attributes: type: array description: Up to 5 identity attributes that will be available to everyone in the org for all users in the org. items: $ref: '#/components/schemas/PublicIdentityAttributeConfig' modified: nullable: true type: string description: When this configuration was last modified. format: date-time example: '2018-06-25T20:22:28.104Z' modifiedBy: description: The identity who last modified this configuration. $ref: '#/components/schemas/IdentityReference' AccessProfileRef: type: object properties: id: type: string description: ID of the Access Profile example: ff808081751e6e129f1518161919ecca type: type: string description: Type of requested object. This field must be either left null or set to 'ACCESS_PROFILE' when creating an Access Profile, otherwise a 400 Bad Request error will result. enum: - ACCESS_PROFILE example: ACCESS_PROFILE name: type: string description: Human-readable display name of the Access Profile. This field is ignored on input. example: Access Profile 2567 RoleMembershipSelectorType: type: string enum: - STANDARD - IDENTITY_LIST description: |- This enum characterizes the type of a Role's membership selector. Only the following two are fully supported: STANDARD: Indicates that Role membership is defined in terms of a criteria expression IDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed example: IDENTITY_LIST RoleCriteriaOperation: type: string enum: - EQUALS - NOT_EQUALS - CONTAINS - STARTS_WITH - ENDS_WITH - AND - OR description: An operation example: EQUALS RoleCriteriaKeyType: type: string enum: - IDENTITY - ACCOUNT - ENTITLEMENT description: Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively. example: ACCOUNT RoleCriteriaKey: type: object nullable: true description: Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria properties: type: $ref: '#/components/schemas/RoleCriteriaKeyType' property: type: string description: The name of the attribute or entitlement to which the associated criteria applies. example: attribute.email sourceId: type: string nullable: true description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT example: 2c9180867427f3a301745aec18211519 required: - type - property RoleCriteriaLevel3: type: object description: Defines STANDARD type Role membership properties: operation: $ref: '#/components/schemas/RoleCriteriaOperation' key: $ref: '#/components/schemas/RoleCriteriaKey' stringValue: type: string description: String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error. example: carlee.cert1c9f9b6fd@mailinator.com RoleCriteriaLevel2: type: object nullable: true description: Defines STANDARD type Role membership properties: operation: $ref: '#/components/schemas/RoleCriteriaOperation' key: $ref: '#/components/schemas/RoleCriteriaKey' stringValue: type: string nullable: true description: String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error. example: carlee.cert1c9f9b6fd@mailinator.com children: type: array items: $ref: '#/components/schemas/RoleCriteriaLevel3' nullable: true description: Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa. RoleCriteriaLevel1: type: object nullable: true description: Defines STANDARD type Role membership properties: operation: $ref: '#/components/schemas/RoleCriteriaOperation' key: $ref: '#/components/schemas/RoleCriteriaKey' stringValue: type: string nullable: true description: String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error. example: carlee.cert1c9f9b6fd@mailinator.com children: type: array items: $ref: '#/components/schemas/RoleCriteriaLevel2' nullable: true description: Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa. RoleMembershipIdentity: type: object description: A reference to an Identity in an IDENTITY_LIST role membership criteria. properties: type: $ref: '#/components/schemas/DtoType' nullable: true example: IDENTITY id: type: string description: Identity id example: 2c9180a46faadee4016fb4e018c20639 name: type: string nullable: true description: Human-readable display name of the Identity. example: Thomas Edison aliasName: type: string nullable: true description: User name of the Identity example: t.edison RoleMembershipSelector: type: object nullable: true description: When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities. properties: type: $ref: '#/components/schemas/RoleMembershipSelectorType' criteria: $ref: '#/components/schemas/RoleCriteriaLevel1' nullable: true identities: type: array items: $ref: '#/components/schemas/RoleMembershipIdentity' nullable: true description: Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST. ApprovalSchemeForRole: type: object properties: approverType: type: string enum: - OWNER - MANAGER - GOVERNANCE_GROUP - WORKFLOW description: |- Describes the individual or group that is responsible for an approval step. Values are as follows. **OWNER**: Owner of the associated Role **MANAGER**: Manager of the Identity making the request **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field **WORKFLOW**: A Workflow, the ID of which is specified by the **approverId** field. Workflow is exclusive to other types of approvals and License required. example: GOVERNANCE_GROUP approverId: type: string nullable: true description: Id of the specific approver, used when approverType is GOVERNANCE_GROUP or WORKFLOW. example: 46c79819-a69f-49a2-becb-12c971ae66c6 RequestabilityForRole: type: object properties: commentsRequired: type: boolean description: Whether the requester of the containing object must provide comments justifying the request example: true nullable: true default: false denialCommentsRequired: type: boolean description: Whether an approver must provide comments when denying the request example: true nullable: true default: false reauthorizationRequired: type: boolean description: Indicates whether reauthorization is required for the request. example: true nullable: true default: false requireEndDate: type: boolean description: Indicates whether the requester of the containing object must provide access end date. example: true default: false maxPermittedAccessDuration: $ref: '#/components/schemas/AccessDuration' nullable: true approvalSchemes: type: array description: List describing the steps in approving the request items: $ref: '#/components/schemas/ApprovalSchemeForRole' RevocabilityForRole: type: object properties: commentsRequired: type: boolean description: Whether the requester of the containing object must provide comments justifying the request example: false nullable: true default: false denialCommentsRequired: type: boolean description: Whether an approver must provide comments when denying the request example: false nullable: true default: false approvalSchemes: type: array description: List describing the steps in approving the revocation request items: $ref: '#/components/schemas/ApprovalSchemeForRole' DimensionRef: type: object properties: type: type: string enum: - DIMENSION description: The type of the object to which this reference applies example: DIMENSION id: type: string description: ID of the object to which this reference applies example: 2c91808568c529c60168cca6f90c1313 name: type: string description: Human-readable display name of the object to which this reference applies example: Role 2 Role: type: object description: A Role properties: id: type: string description: The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result. example: 2c918086749d78830174a1a40e121518 name: type: string description: The human-readable display name of the Role maxLength: 128 example: Role 2567 created: type: string description: Date the Role was created format: date-time example: '2021-03-01T22:32:58.104Z' readOnly: true modified: type: string description: Date the Role was last modified. format: date-time example: '2021-03-02T20:22:28.104Z' readOnly: true description: type: string nullable: true description: A human-readable description of the Role example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor. owner: $ref: '#/components/schemas/OwnerReference' accessProfiles: type: array items: $ref: '#/components/schemas/AccessProfileRef' nullable: true entitlements: type: array items: $ref: '#/components/schemas/EntitlementRef' membership: $ref: '#/components/schemas/RoleMembershipSelector' nullable: true legacyMembershipInfo: type: object nullable: true description: This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration. example: type: IDENTITY_LIST additionalProperties: true enabled: type: boolean description: Whether the Role is enabled or not. example: true default: false requestable: type: boolean description: Whether the Role can be the target of access requests. example: true default: false accessRequestConfig: $ref: '#/components/schemas/RequestabilityForRole' nullable: true description: Access request configuration for this object revocationRequestConfig: $ref: '#/components/schemas/RevocabilityForRole' nullable: true default: null description: Revocation request configuration for this object. segments: type: array items: type: string nullable: true description: List of IDs of segments, if any, to which this Role is assigned. example: - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 - 29cb6c06-1da8-43ea-8be4-b3125f248f2a dimensional: description: Whether the Role is dimensional. type: boolean nullable: true default: false dimensionRefs: type: array items: $ref: '#/components/schemas/DimensionRef' nullable: true description: List of references to dimensions to which this Role is assigned. This field is only relevant if the Role is dimensional. accessModelMetadata: $ref: '#/components/schemas/AttributeDTOList' example: - key: iscFederalClassifications name: Federal Classifications multiselect: true status: active type: governance objectTypes: - general description: Classification used by government organizations to specify the level of confidentiality for an access item. values: - value: secret name: Secret status: active required: - name - owner RoleBulkDeleteRequest: type: object properties: roleIds: description: List of IDs of Roles to be deleted. type: array items: type: string example: - 2c9180847812e0b1017817051919ecca - 2c9180887812e0b201781e129f151816 required: - roleIds TaskResultDto: type: object title: Task Result Dto description: Task result. properties: type: type: string description: Task result DTO type. enum: - TASK_RESULT example: TASK_RESULT id: type: string description: Task result ID. example: 464ae7bf791e49fdb74606a2e4a89635 name: type: string description: Task result display name. nullable: true example: null RoleAssignmentSourceType: type: string enum: - ACCESS_REQUEST - ROLE_MEMBERSHIP description: Type which indicates how a particular Identity obtained a particular Role example: ACCESS_REQUEST RoleIdentity: type: object description: A subset of the fields of an Identity which is a member of a Role. properties: id: type: string description: The ID of the Identity example: 2c9180a46faadee4016fb4e018c20639 aliasName: type: string description: The alias / username of the Identity example: t.edison name: type: string description: The human-readable display name of the Identity example: Thomas Edison email: type: string description: Email address of the Identity example: t.edison@identitynow.com roleAssignmentSource: $ref: '#/components/schemas/RoleAssignmentSourceType' TypedReference: type: object description: | A typed reference to the object. properties: type: $ref: '#/components/schemas/DtoType' id: description: | The id of the object. type: string example: 2c91808568c529c60168cca6f90c1313 required: - type - id SavedSearchName: type: object properties: name: description: | The name of the saved search. type: string example: Disabled accounts description: description: | The description of the saved search. type: string nullable: true example: Disabled accounts DateTime: type: string nullable: true format: date-time example: '2018-06-25T20:22:28.104Z' description: A date-time in ISO-8601 format Index: description: |- Enum representing the currently supported indices. Additional values may be added in the future without notice. type: string enum: - accessprofiles - accountactivities - entitlements - events - identities - roles - '*' example: identities Column: type: object properties: field: description: | The name of the field. type: string example: email header: description: | The value of the header. type: string example: Work Email required: - field FilterType: description: |- Enum representing the currently supported filter types. Additional values may be added in the future without notice. type: string enum: - EXISTS - RANGE - TERMS example: RANGE Bound: type: object required: - value properties: value: description: The value of the range's endpoint. type: string example: '1' inclusive: description: Indicates if the endpoint is included in the range. type: boolean default: false example: false Range: type: object description: The range of values to be filtered. properties: lower: description: The lower bound of the range. $ref: '#/components/schemas/Bound' upper: description: The upper bound of the range. $ref: '#/components/schemas/Bound' Filter: type: object properties: type: $ref: '#/components/schemas/FilterType' range: $ref: '#/components/schemas/Range' terms: description: The terms to be filtered. type: array items: type: string example: account_count exclude: description: Indicates if the filter excludes results. type: boolean default: false example: false SavedSearchDetail: type: object properties: created: description: | The date the saved search was initially created. $ref: '#/components/schemas/DateTime' modified: description: | The last date the saved search was modified. $ref: '#/components/schemas/DateTime' indices: description: | The names of the Elasticsearch indices in which to search. type: array items: $ref: '#/components/schemas/Index' example: - identities columns: description: | The columns to be returned (specifies the order in which they will be presented) for each document type. The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_. type: object additionalProperties: type: array items: $ref: '#/components/schemas/Column' example: identity: - field: displayName header: Display Name - field: e-mail header: Work Email query: description: | The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL. type: string example: '@accounts(disabled:true)' fields: description: | The fields to be searched against in a multi-field query. type: array nullable: true items: type: string example: - disabled orderBy: description: | Sort by index. This takes precedence over the `sort` property. type: object additionalProperties: type: array items: type: string nullable: true example: identity: - lastName - firstName role: - name sort: description: | The fields to be used to sort the search results. type: array items: type: string example: - displayName nullable: true filters: nullable: true allOf: - type: object description: The filters to be applied for each filtered field name. example: attributes.cloudAuthoritativeSource: type: EXISTS exclude: true accessCount: type: RANGE range: lower: value: '3' created: type: RANGE range: lower: value: '2019-12-01' inclusive: true upper: value: '2020-01-01' source.name: type: TERMS terms: - HR Employees - Corporate Active Directory exclude: true protected: type: TERMS terms: - 'true' - $ref: '#/components/schemas/Filter' required: - indices - query SearchArguments: type: object properties: scheduleId: description: | The ID of the scheduled search that triggered the saved search execution. type: string example: 7a724640-0c17-4ce9-a8c3-4a89738459c8 owner: description: | The owner of the scheduled search being tested. allOf: - $ref: '#/components/schemas/TypedReference' recipients: description: | The email recipients of the scheduled search being tested. type: array items: $ref: '#/components/schemas/TypedReference' ScheduledSearchName: type: object properties: name: description: | The name of the scheduled search. type: string example: Daily disabled accounts nullable: true description: description: | The description of the scheduled search. type: string nullable: true example: Daily disabled accounts ScheduleType: description: | Enum representing the currently supported schedule types. Additional values may be added in the future without notice. type: string enum: - DAILY - WEEKLY - MONTHLY - CALENDAR - ANNUALLY example: WEEKLY SelectorType: description: | Enum representing the currently supported selector types. LIST - the *values* array contains one or more distinct values. RANGE - the *values* array contains two values: the start and end of the range, inclusive. Additional values may be added in the future without notice. type: string enum: - LIST - RANGE example: LIST Selector: type: object properties: type: $ref: '#/components/schemas/SelectorType' values: description: | The selected values. type: array items: type: string example: - MON - WED interval: nullable: true description: | The selected interval for RANGE selectors. type: integer format: int32 example: 3 required: - type - values SearchSchedule: type: object properties: savedSearchId: description: The ID of the saved search that will be executed. type: string example: 554f1511-f0a1-4744-ab14-599514d3e57c created: allOf: - $ref: '#/components/schemas/DateTime' description: The date the scheduled search was initially created. readOnly: true modified: allOf: - $ref: '#/components/schemas/DateTime' description: The last date the scheduled search was modified. readOnly: true schedule: $ref: '#/components/schemas/Schedule' recipients: description: A list of identities that should receive the scheduled search report via email. type: array items: type: object properties: type: type: string description: The type of object being referenced enum: - IDENTITY example: IDENTITY id: type: string description: The ID of the referenced object example: 2c9180867624cbd7017642d8c8c81f67 required: - type - id enabled: description: | Indicates if the scheduled search is enabled. type: boolean default: false example: false emailEmptyResults: description: | Indicates if email generation should occur when search returns no results. type: boolean default: false example: false displayQueryDetails: description: | Indicates if the generated email should include the query and search results preview (which could include PII). type: boolean default: false example: false required: - savedSearchId - schedule - recipients QueryType: description: |- The type of query to use. By default, the `SAILPOINT` query type is used, which requires the `query` object to be defined in the request body. To use the `queryDsl` or `typeAheadQuery` objects in the request, you must set the type to `DSL` or `TYPEAHEAD` accordingly. Additional values may be added in the future without notice. type: string enum: - DSL - SAILPOINT - TEXT - TYPEAHEAD default: SAILPOINT example: SAILPOINT ElasticVersion: description: The current Elasticserver version. type: string default: '5.2' example: '5.2' InnerHit: type: object description: Inner Hit query object that will cause the specified nested type to be returned as the result matching the supplied query. required: - query - type properties: query: description: The search query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries. type: string example: source.name:\"Active Directory\" type: description: The nested type to use in the inner hits query. The nested type [Nested Type](https://www.elastic.co/guide/en/elasticsearch/reference/current/nested.html) refers to a document "nested" within another document. For example, an identity can have nested documents for access, accounts, and apps. type: string example: access Query: type: object description: Query parameters used to construct an Elasticsearch query object. properties: query: description: The query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries. type: string example: name:a* fields: description: |- The fields the query will be applied to. Fields provide you with a simple way to add additional fields to search, without making the query too complicated. For example, you can use the fields to specify that you want your query of "a*" to be applied to "name", "firstName", and the "source.name". The response will include all results matching the "a*" query found in those three fields. A field's availability depends on the indices being searched. For example, if you are searching "identities", you can apply your search to the "firstName" field, but you couldn't use "firstName" with a search on "access profiles". Refer to the response schema for the respective lists of available fields. type: string example: - firstName,lastName,email timeZone: description: The time zone to be applied to any range query related to dates. type: string example: America/Chicago innerHit: description: The innerHit query object returns a flattened list of results for the specified nested type. $ref: '#/components/schemas/InnerHit' TextQuery: type: object description: Query parameters used to construct an Elasticsearch text query object. required: - terms - fields properties: terms: description: Words or characters that specify a particular thing to be searched for. type: array items: type: string example: - The quick brown fox - '3141592' - '7' fields: description: The fields to be searched. type: array items: type: string example: - displayName - employeeNumber - roleCount matchAny: description: Indicates that at least one of the terms must be found in the specified fields; otherwise, all terms must be found. type: boolean default: false example: false contains: description: Indicates that the terms can be located anywhere in the specified fields; otherwise, the fields must begin with the terms. type: boolean default: false example: true TypeAheadQuery: type: object description: 'Query parameters used to construct an Elasticsearch type ahead query object. The typeAheadQuery performs a search for top values beginning with the typed values. For example, typing "Jo" results in top hits matching "Jo." Typing "Job" results in top hits matching "Job." ' required: - query - field properties: query: description: The type ahead query string used to construct a phrase prefix match query. type: string example: Work field: description: The field on which to perform the type ahead search. type: string example: source.name nestedType: description: The nested type. type: string example: access maxExpansions: description: |- The number of suffixes the last term will be expanded into. Influences the performance of the query and the number results returned. Valid values: 1 to 1000. type: integer format: int32 minimum: 1 maximum: 1000 default: 10 example: 10 size: description: The max amount of records the search will return. type: integer format: int32 minimum: 1 default: 100 example: 100 sort: description: The sort order of the returned records. type: string default: desc example: asc sortByValue: description: The flag that defines the sort type, by count or value. type: boolean default: false example: true QueryResultFilter: type: object description: Allows the query results to be filtered by specifying a list of fields to include and/or exclude from the result documents. properties: includes: description: The list of field names to include in the result documents. type: array items: type: string example: - name - displayName excludes: description: The list of field names to exclude from the result documents. type: array items: type: string example: - stacktrace AggregationType: description: | Enum representing the currently available query languages for aggregations, which are used to perform calculations or groupings on search results. Additional values may be added in the future without notice. type: string enum: - DSL - SAILPOINT default: DSL example: DSL NestedAggregation: type: object description: The nested aggregation object. required: - name - type properties: name: description: The name of the nested aggregate to be included in the result. type: string example: id type: description: The type of the nested object. type: string example: access MetricType: description: |- Enum representing the currently supported metric aggregation types. Additional values may be added in the future without notice. type: string enum: - COUNT - UNIQUE_COUNT - AVG - SUM - MEDIAN - MIN - MAX default: UNIQUE_COUNT example: COUNT MetricAggregation: type: object description: The calculation done on the results of the query required: - name - field properties: name: description: |- The name of the metric aggregate to be included in the result. If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results. type: string example: Access Name Count type: $ref: '#/components/schemas/MetricType' field: description: | The field the calculation is performed on. Prefix the field name with '@' to reference a nested object. type: string example: '@access.name' SearchFilterType: description: |- Enum representing the currently supported filter aggregation types. Additional values may be added in the future without notice. type: string enum: - TERM default: TERM example: TERM FilterAggregation: type: object description: An additional filter to constrain the results of the search query. required: - name - field - value properties: name: description: The name of the filter aggregate to be included in the result. type: string example: Entitlements type: $ref: '#/components/schemas/SearchFilterType' field: description: | The search field to apply the filter to. Prefix the field name with '@' to reference a nested object. type: string example: access.type value: description: The value to filter on. type: string example: ENTITLEMENT BucketType: description: |- Enum representing the currently supported bucket aggregation types. Additional values may be added in the future without notice. type: string enum: - TERMS default: TERMS example: TERMS BucketAggregation: type: object description: The bucket to group the results of the aggregation query by. required: - name - field properties: name: description: The name of the bucket aggregate to be included in the result. type: string example: Identity Locations type: $ref: '#/components/schemas/BucketType' field: description: |- The field to bucket on. Prefix the field name with '@' to reference a nested object. type: string example: attributes.city size: description: Maximum number of buckets to include. type: integer format: int32 example: 100 minDocCount: description: Minimum number of documents a bucket should have. type: integer format: int32 example: 2 Aggregations: type: object properties: nested: $ref: '#/components/schemas/NestedAggregation' metric: $ref: '#/components/schemas/MetricAggregation' filter: $ref: '#/components/schemas/FilterAggregation' bucket: $ref: '#/components/schemas/BucketAggregation' SubSearchAggregationSpecification: allOf: - $ref: '#/components/schemas/Aggregations' - type: object properties: subAggregation: description: Aggregation to be performed on the result of the parent bucket aggregation. $ref: '#/components/schemas/Aggregations' SearchAggregationSpecification: allOf: - $ref: '#/components/schemas/Aggregations' - type: object properties: subAggregation: description: Aggregation to be performed on the result of the parent bucket aggregation. $ref: '#/components/schemas/SubSearchAggregationSpecification' Search: type: object properties: indices: description: The names of the Elasticsearch indices in which to search. If none are provided, then all indices will be searched. externalDocs: description: Learn more about search indices here. url: https://documentation.sailpoint.com/saas/help/search/searchable-fields.html type: array items: $ref: '#/components/schemas/Index' example: - identities queryType: $ref: '#/components/schemas/QueryType' queryVersion: allOf: - $ref: '#/components/schemas/ElasticVersion' - type: string description: |- The version of the query object. This version number will map to the version of Elasticsearch for the query strings and objects being used. query: $ref: '#/components/schemas/Query' queryDsl: description: The search query using the Elasticsearch [Query DSL](https://www.elastic.co/guide/en/elasticsearch/reference/7.10/query-dsl.html) syntax. type: object example: match: name: john.doe textQuery: $ref: '#/components/schemas/TextQuery' typeAheadQuery: $ref: '#/components/schemas/TypeAheadQuery' includeNested: description: Indicates whether nested objects from returned search results should be included. type: boolean default: true example: true queryResultFilter: $ref: '#/components/schemas/QueryResultFilter' aggregationType: $ref: '#/components/schemas/AggregationType' aggregationsVersion: allOf: - $ref: '#/components/schemas/ElasticVersion' - type: string description: |- The version of the language being used for aggregation queries. This version number will map to the version of Elasticsearch for the aggregation query object. aggregationsDsl: description: The aggregation search query using Elasticsearch [Aggregations](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/search-aggregations.html) syntax. type: object example: {} aggregations: description: | The aggregation’s specifications, such as the groupings and calculations to be performed. $ref: '#/components/schemas/SearchAggregationSpecification' sort: description: The fields to be used to sort the search results. Use + or - to specify the sort direction. type: array items: type: string example: - displayName - +id searchAfter: description: |- Used to begin the search window at the values specified. This parameter consists of the last values of the sorted fields in the current record set. This is used to expand the Elasticsearch limit of 10K records by shifting the 10K window to begin at this value. It is recommended that you always include the ID of the object in addition to any other fields on this parameter in order to ensure you don't get duplicate results while paging. For example, when searching for identities, if you are sorting by displayName you will also want to include ID, for example ["displayName", "id"]. If the last identity ID in the search result is 2c91808375d8e80a0175e1f88a575221 and the last displayName is "John Doe", then using that displayName and ID will start a new search after this identity. The searchAfter value will look like ["John Doe","2c91808375d8e80a0175e1f88a575221"] type: array items: type: string example: - John Doe - 2c91808375d8e80a0175e1f88a575221 filters: description: The filters to be applied for each filtered field name. type: object additionalProperties: $ref: '#/components/schemas/Filter' example: {} BaseAccess: type: object properties: description: type: string description: Access item's description. example: Admin access created: type: string description: ISO-8601 date-time referring to the time when the object was created. nullable: true format: date-time example: '2018-06-25T20:22:28.104Z' modified: type: string description: ISO-8601 date-time referring to the time when the object was last modified. nullable: true format: date-time example: '2018-06-25T20:22:28.104Z' synced: type: string description: |- ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API. This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database. There may be some delay between the `synced` time and the time when the updated data is actually available in the search API. nullable: true format: date-time example: '2018-06-25T20:22:33.104Z' enabled: type: boolean description: Indicates whether the access item is currently enabled. default: false example: true requestable: type: boolean description: Indicates whether the access item can be requested. default: true example: true requestCommentsRequired: type: boolean description: Indicates whether comments are required for requests to access the item. default: false example: false owner: type: object description: Owner's identity. properties: type: type: string description: Owner's DTO type. enum: - IDENTITY example: IDENTITY id: type: string description: Owner's identity ID. example: 2c9180a46faadee4016fb4e018c20639 name: type: string description: Owner's display name. example: Support email: type: string description: Owner's email. example: cloud-support@sailpoint.com BaseEntitlement: type: object properties: hasPermissions: type: boolean description: Indicates whether the entitlement has permissions. default: false example: false description: type: string description: Entitlement's description. nullable: true example: Cloud engineering attribute: type: string description: Entitlement attribute's name. example: memberOf value: type: string description: Entitlement's value. example: CN=Cloud Engineering,DC=sailpoint,DC=COM schema: type: string description: Entitlement's schema. example: group privileged: type: boolean description: Indicates whether the entitlement is privileged. default: false example: false id: type: string description: Entitlement's ID. example: 2c918084575812550157589064f33b89 name: type: string description: Entitlement's name. example: CN=Cloud Engineering,DC=sailpoint,DC=COM BaseSegment: type: object properties: id: type: string example: b009b6e3-b56d-41d9-8735-cb532ea0b017 description: Segment's unique ID. name: type: string example: Test Segment description: Segment's display name. Tags: type: array description: Tags that have been applied to the object. items: type: string example: - TAG_1 - TAG_2 AccessApps: type: object properties: id: type: string example: 2c91808568c529c60168cca6f90c1313 description: The unique ID of the referenced object. name: type: string description: Name of application example: Travel and Expense description: description: Description of application. type: string example: Travel and Expense Application owner: type: object description: Owner's identity. properties: type: type: string description: Owner's DTO type. enum: - IDENTITY example: IDENTITY id: type: string description: Owner's identity ID. example: 2c9180a46faadee4016fb4e018c20639 name: type: string description: Owner's display name. example: John Doe email: type: string description: Owner's email. example: john.doe@sailpoint.com DocumentType: description: |- Enum representing the currently supported document types. Additional values may be added in the future without notice. type: string enum: - accessprofile - accountactivity - entitlement - event - identity - role example: identity DocumentFields: type: object properties: pod: type: string example: pod01-useast1 description: Name of the pod. org: type: string example: org-name description: Name of the tenant. _type: $ref: '#/components/schemas/DocumentType' type: $ref: '#/components/schemas/DocumentType' _version: type: string example: v2 description: Version number. AccessProfileDocuments: type: object allOf: - $ref: '#/components/schemas/AccessProfileDocument' - $ref: '#/components/schemas/DocumentFields' Reference: type: object properties: id: type: string example: 2c91808568c529c60168cca6f90c1313 description: The unique ID of the referenced object. name: type: string example: John Doe description: The human readable name of the referenced object. ActivityIdentity: allOf: - $ref: '#/components/schemas/Reference' - type: object properties: type: type: string example: Identity description: Type of object ApprovalComment: type: object properties: comment: type: string description: The comment text example: This request was autoapproved by our automated ETS subscriber. commenter: type: string description: The name of the commenter example: Automated AR Approval date: $ref: '#/components/schemas/DateTime' AttributeRequest: type: object properties: name: type: string description: Attribute name. example: groups op: type: string description: Operation to perform on attribute. example: Add value: oneOf: - type: string example: '3203537556531076' - type: array items: type: string example: - '3203537556531076' - '1263537556831096' description: Value of attribute. AccountSource: allOf: - $ref: '#/components/schemas/Reference' - type: object properties: type: type: string example: Delimited File description: Type of source returned. Approval: type: object properties: comments: type: array items: $ref: '#/components/schemas/ApprovalComment' modified: $ref: '#/components/schemas/DateTime' owner: $ref: '#/components/schemas/ActivityIdentity' result: type: string description: The result of the approval example: Finished attributeRequest: $ref: '#/components/schemas/AttributeRequest' source: $ref: '#/components/schemas/AccountSource' Result: type: object properties: status: type: string description: Request result status example: Manual Task Created OriginalRequest: type: object properties: accountId: type: string description: Account ID. example: CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com result: $ref: '#/components/schemas/Result' attributeRequests: type: array description: Attribute changes requested for account. items: $ref: '#/components/schemas/AttributeRequest' op: type: string description: Operation used. example: add source: description: Account's source. $ref: '#/components/schemas/AccountSource' ExpansionItem: type: object properties: accountId: type: string description: The ID of the account example: 2c91808981f58ea601821c3e93482e6f cause: type: string example: Role description: Cause of the expansion item. name: type: string description: The name of the item example: smartsheet-role attributeRequest: $ref: '#/components/schemas/AttributeRequest' source: $ref: '#/components/schemas/AccountSource' id: type: string description: ID of the expansion item example: ac2887ffe0e7435a8c18c73f7ae94c7b state: type: string description: State of the expansion item example: EXECUTING AccountRequest: type: object properties: accountId: type: string description: Unique ID of the account example: John.Doe attributeRequests: type: array items: $ref: '#/components/schemas/AttributeRequest' op: type: string example: Modify description: The operation that was performed provisioningTarget: $ref: '#/components/schemas/AccountSource' result: type: object properties: errors: type: array items: type: string example: |- [ConnectorError] [ { "code": "unrecognized_keys", "keys": [ "groups" ], "path": [], "message": "Unrecognized key(s) in object: 'groups'" } ] (requestId: 5e9d6df5-9b1b-47d9-9bf1-dc3a2893299e) description: Error message. status: type: string description: The status of the account request example: failed ticketId: type: string nullable: true example: null description: ID of associated ticket. source: $ref: '#/components/schemas/AccountSource' AccountActivityDocument: description: AccountActivity type: object properties: id: type: string example: 2c91808375d8e80a0175e1f88a575222 description: ID of account activity. action: type: string description: Type of action performed in the activity. externalDocs: description: Learn more about account activity action types url: https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data example: Identity Refresh. created: type: string description: ISO-8601 date-time referring to the time when the object was created. nullable: true format: date-time example: '2018-06-25T20:22:28.104Z' modified: type: string description: ISO-8601 date-time referring to the time when the object was last modified. nullable: true format: date-time example: '2018-06-25T20:22:28.104Z' synced: type: string description: |- ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API. This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database. There may be some delay between the `synced` time and the time when the updated data is actually available in the search API. example: '2018-06-25T20:22:28.104Z' stage: type: string description: Activity's current stage. example: Completed status: type: string description: Activity's current status. example: Complete requester: $ref: '#/components/schemas/ActivityIdentity' recipient: $ref: '#/components/schemas/ActivityIdentity' trackingNumber: type: string description: Account activity's tracking number. example: 61aad0c9e8134eca89e76a35e0cabe3f errors: type: array description: Errors provided by the source while completing account actions. items: type: string nullable: true example: null warnings: type: array description: Warnings provided by the source while completing account actions. items: type: string nullable: true example: null approvals: type: array description: Approvals performed on an item during activity. items: $ref: '#/components/schemas/Approval' originalRequests: type: array description: Original actions that triggered all individual source actions related to the account action. items: $ref: '#/components/schemas/OriginalRequest' expansionItems: type: array description: Controls that translated the attribute requests into actual provisioning actions on the source. items: $ref: '#/components/schemas/ExpansionItem' accountRequests: type: array description: Account data for each individual source action triggered by the original requests. items: $ref: '#/components/schemas/AccountRequest' sources: type: string description: Sources involved in the account activity. example: smartsheet-test, airtable-v4, IdentityNow AccountActivityDocuments: type: object allOf: - $ref: '#/components/schemas/AccountActivityDocument' - $ref: '#/components/schemas/DocumentFields' BaseDocument: type: object required: - id - name properties: id: type: string example: 2c91808375d8e80a0175e1f88a575222 description: ID of the referenced object. name: type: string example: john.doe description: The human readable name of the referenced object. EntitlementDocuments: type: object allOf: - $ref: '#/components/schemas/EntitlementDocument' - $ref: '#/components/schemas/DocumentFields' EventDocument: type: object description: Event properties: id: type: string example: 2c91808375d8e80a0175e1f88a575222 description: ID of the entitlement. name: type: string example: Add Entitlement Passed description: Name of the entitlement. created: type: string description: ISO-8601 date-time referring to the time when the object was created. nullable: true format: date-time example: '2018-06-25T20:22:28.104Z' synced: type: string description: |- ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API. This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database. There may be some delay between the `synced` time and the time when the updated data is actually available in the search API. example: '2018-06-25T20:22:28.104Z' action: type: string description: Name of the event as it's displayed in audit reports. example: AddEntitlement type: type: string description: Event type. Refer to [Event Types](https://documentation.sailpoint.com/saas/help/search/index.html#event-types) for a list of event types and their meanings. example: ACCESS_ITEM actor: type: object properties: name: type: string description: Name of the actor that generated the event. example: System target: type: object properties: name: type: string description: Name of the target, or recipient, of the event. example: Carol.Adams stack: type: string description: The event's stack. example: tpe trackingNumber: type: string description: ID of the group of events. example: 63f891e0735f4cc8bf1968144a1e7440 ipAddress: type: string description: Target system's IP address. example: 52.52.97.85 details: type: string description: ID of event's details. example: 73b65dfbed1842548c207432a18c84b0 attributes: type: object description: Attributes involved in the event. additionalProperties: true example: pod: stg03-useast1 org: acme sourceName: SailPoint objects: type: array description: Objects the event is happening to. items: type: string example: AUTHENTICATION operation: type: string description: Operation, or action, performed during the event. example: ADD status: type: string description: Event status. Refer to [Event Statuses](https://documentation.sailpoint.com/saas/help/search/index.html#event-statuses) for a list of event statuses and their meanings. example: PASSED technicalName: type: string description: Event's normalized name. This normalized name always follows the pattern of 'objects_operation_status'. example: ENTITLEMENT_ADD_PASSED EventDocuments: type: object allOf: - $ref: '#/components/schemas/EventDocument' - properties: pod: type: string example: pod01-useast1 org: type: string example: org-name _type: $ref: '#/components/schemas/DocumentType' _version: type: string example: v2 DisplayReference: allOf: - $ref: '#/components/schemas/Reference' - type: object properties: displayName: type: string example: John Q. Doe ProcessingDetails: type: object properties: date: $ref: '#/components/schemas/DateTime' stage: type: string example: In Process retryCount: type: integer example: 0 format: int32 stackTrace: type: string example: message: type: string example: BaseAccount: allOf: - $ref: '#/components/schemas/Reference' - type: object properties: accountId: type: string description: Account ID. example: John.Doe source: $ref: '#/components/schemas/AccountSource' disabled: type: boolean description: Indicates whether the account is disabled. default: false example: false locked: type: boolean description: Indicates whether the account is locked. default: false example: false privileged: type: boolean description: Indicates whether the account is privileged. default: false example: false manuallyCorrelated: type: boolean description: Indicates whether the account has been manually correlated to an identity. default: false example: false passwordLastSet: $ref: '#/components/schemas/DateTime' entitlementAttributes: type: object nullable: true description: Map or dictionary of key/value pairs. additionalProperties: true example: moderator: true admin: true trust_level: '4' created: type: string description: ISO-8601 date-time referring to the time when the object was created. nullable: true format: date-time example: '2018-06-25T20:22:28.104Z' supportsPasswordChange: type: boolean description: Indicates whether the account supports password change. default: false example: false accountAttributes: type: object nullable: true description: Map or dictionary of key/value pairs. additionalProperties: true example: type: global admin: true trust_level: '4' App: allOf: - $ref: '#/components/schemas/Reference' - type: object properties: source: $ref: '#/components/schemas/Reference' account: type: object properties: id: type: string description: The SailPoint generated unique ID example: 2c9180837dfe6949017e21f3d8cd6d49 accountId: type: string description: The account ID generated by the source example: CN=Carol Adams,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=sailpointdemo,DC=com Access: allOf: - $ref: '#/components/schemas/DisplayReference' - type: object properties: description: description: Description of access item. type: string nullable: true example: null AccessProfileEntitlement: description: EntitlementReference allOf: - $ref: '#/components/schemas/Access' - type: object properties: source: $ref: '#/components/schemas/Reference' type: type: string description: Type of the access item. example: ENTITLEMENT privileged: type: boolean example: false attribute: type: string example: memberOf value: type: string example: CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: type: boolean example: false AccessProfileRole: description: Role allOf: - $ref: '#/components/schemas/Access' - type: object properties: type: type: string description: Type of the access item. example: ROLE owner: $ref: '#/components/schemas/DisplayReference' disabled: type: boolean revocable: type: boolean IdentityAccess: discriminator: propertyName: type mapping: ACCESS_PROFILE: '#/components/schemas/AccessProfileSummary' ENTITLEMENT: '#/components/schemas/AccessProfileEntitlement' ROLE: '#/components/schemas/AccessProfileRole' oneOf: - $ref: '#/components/schemas/AccessProfileSummary' - $ref: '#/components/schemas/AccessProfileEntitlement' - $ref: '#/components/schemas/AccessProfileRole' Owns: type: object properties: sources: type: array items: $ref: '#/components/schemas/Reference' entitlements: type: array items: $ref: '#/components/schemas/Reference' accessProfiles: type: array items: $ref: '#/components/schemas/Reference' roles: type: array items: $ref: '#/components/schemas/Reference' apps: type: array items: $ref: '#/components/schemas/Reference' governanceGroups: type: array items: $ref: '#/components/schemas/Reference' fallbackApprover: type: boolean example: false IdentityDocuments: type: object allOf: - $ref: '#/components/schemas/IdentityDocument' - $ref: '#/components/schemas/DocumentFields' BaseAccessProfile: type: object properties: id: type: string example: 2c91809c6faade77016fb4f0b63407ae description: Access profile's unique ID. name: type: string example: Admin Access description: Access profile's display name. RoleDocuments: type: object allOf: - $ref: '#/components/schemas/RoleDocument' - $ref: '#/components/schemas/DocumentFields' SearchDocuments: type: object oneOf: - $ref: '#/components/schemas/AccessProfileDocuments' - $ref: '#/components/schemas/AccountActivityDocuments' - $ref: '#/components/schemas/EntitlementDocuments' - $ref: '#/components/schemas/EventDocuments' - $ref: '#/components/schemas/IdentityDocuments' - $ref: '#/components/schemas/RoleDocuments' AggregationResult: type: object properties: aggregations: type: object description: | The document containing the results of the aggregation. This document is controlled by Elasticsearch and depends on the type of aggregation query that is run. See Elasticsearch [Aggregations](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/search-aggregations.html) documentation for information. example: Identity Locations: buckets: - key: Austin doc_count: 109 - key: London doc_count: 64 - key: San Jose doc_count: 27 - key: Brussels doc_count: 26 - key: Sao Paulo doc_count: 24 - key: Munich doc_count: 23 - key: Singapore doc_count: 22 - key: Tokyo doc_count: 20 - key: Taipei doc_count: 16 hits: description: | The results of the aggregation search query. type: array items: $ref: '#/components/schemas/SearchDocuments' AggregationResult-csv: description: | If the *Accept:text/csv* header is specified and the *aggregationType* parameter in the request body is *SAILPOINT*, the aggregation result will be returned as a CSV document. type: string example: - Identity Locations,Count - Munich,23 - Brussels,26 - Singapore,22 - Tokyo,20 - Taipei,16 - London,64 - Austin,109 - Sao Paulo,24 - San Jose,27 OwnerReferenceSegments: type: object nullable: true description: The owner of this object. properties: type: type: string enum: - IDENTITY description: Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result. example: IDENTITY id: type: string description: Identity id example: 2c9180a46faadee4016fb4e018c20639 name: type: string description: Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result. example: support Value: type: object title: Value nullable: true properties: type: type: string description: The type of attribute value example: STRING value: type: string description: The attribute value example: Austin Expression: type: object title: Expression properties: operator: type: string description: Operator for the expression enum: - AND - EQUALS example: EQUALS attribute: type: string description: Name for the attribute example: location nullable: true value: $ref: '#/components/schemas/Value' children: type: array nullable: true description: List of expressions items: type: object properties: operator: type: string description: Operator for the expression enum: - AND - EQUALS example: EQUALS attribute: type: string description: Name for the attribute example: location nullable: true value: $ref: '#/components/schemas/Value' children: type: string nullable: true description: There cannot be anymore nested children. This will always be null. example: null example: [] VisibilityCriteria: type: object title: Visibility Criteria properties: expression: $ref: '#/components/schemas/Expression' Segment: type: object title: Segment properties: id: type: string description: The segment's ID. example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde name: type: string description: The segment's business name. example: segment-xyz created: type: string format: date-time description: The time when the segment is created. example: '2020-01-01T00:00:00.000000Z' modified: type: string format: date-time description: The time when the segment is modified. example: '2020-01-01T00:00:00.000000Z' description: type: string description: The segment's optional description. example: This segment represents xyz owner: $ref: '#/components/schemas/OwnerReferenceSegments' visibilityCriteria: allOf: - $ref: '#/components/schemas/VisibilityCriteria' - nullable: true active: type: boolean description: This boolean indicates whether the segment is currently active. Inactive segments have no effect. default: false example: true SourceClusterDto: type: object title: Source Cluster Dto description: Source cluster. properties: type: type: string description: Source cluster DTO type. enum: - CLUSTER example: CLUSTER id: type: string description: Source cluster ID. example: 2c9180847a7fccdd017aa5896f9f4f6f name: type: string description: Source cluster display name. example: Training VA ServiceDeskSource: type: object title: Service Desk Source description: Source for Service Desk integration template. properties: type: type: string description: DTO type of source for service desk integration template. enum: - SOURCE example: SOURCE id: type: string description: ID of source for service desk integration template. example: 2c9180835d191a86015d28455b4b232a name: type: string description: Human-readable name of source for service desk integration template. example: HR Active Directory BeforeProvisioningRuleDto: type: object title: Before Provisioning Rule Dto description: Before Provisioning Rule. properties: type: type: string description: Before Provisioning Rule DTO type. enum: - RULE example: RULE id: type: string description: Before Provisioning Rule ID. example: 048eb3d55c5a4758bd07dccb87741c78 name: type: string description: Rule display name. example: Before Provisioning Airtable Rule PasswordInfoQueryDTO: type: object title: Password Info Query DTO properties: userName: type: string description: The login name of the user example: Abby.Smith sourceName: type: string description: The display name of the source example: My-AD PasswordInfoAccount: type: object title: Password Info Account properties: accountId: type: string description: Account ID of the account. This is specified per account schema in the source configuration. It is used to distinguish accounts. More info can be found here https://community.sailpoint.com/t5/IdentityNow-Connectors/How-do-I-designate-an-account-attribute-as-the-Account-ID-for-a/ta-p/80350 example: CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com accountName: type: string description: Display name of the account. This is specified per account schema in the source configuration. It is used to display name of the account. More info can be found here https://community.sailpoint.com/t5/IdentityNow-Connectors/How-do-I-designate-an-account-attribute-as-the-Account-Name-for/ta-p/74008 example: Abby.Smith PasswordInfo: type: object title: Password Info properties: identityId: type: string description: Identity ID example: 2c918085744fec4301746f9a5bce4605 sourceId: type: string description: source ID example: 2c918083746f642c01746f990884012a publicKeyId: type: string description: public key ID example: N2M1OTJiMGEtMDJlZS00ZWU3LTkyYTEtNjA5YmI5NWE3ZWVh publicKey: type: string description: User's public key with Base64 encoding example: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGFkWi2J75TztpbaPKd36bJnIB3J8gZ6UcoS9oSDYsqBzPpTsfZXYaEf4Y4BKGgJIXmE/lwhwuj7mU1itdZ2qTSNFtnXA8Fn75c3UUkk+h+wdZbkuSmqlsJo3R1OnJkwkJggcAy9Jvk9jlcrNLWorpQ1w9raUvxtvfgkSdq153KxotenQ1HciSyZ0nA/Kw0UaucLnho8xdRowZs11afXGXA9IT9H6D8T6zUdtSxm0nAyH+mluma5LdTfaM50W3l/L8q56Vrqmx2pZIiwdx/0+g3Y++jV70zom0ZBkC1MmSoLMrQYG5OICNjr72f78B2PaGXfarQHqARLjKpMVt9YIQIDAQAB accounts: type: array description: Account info related to queried identity and source items: $ref: '#/components/schemas/PasswordInfoAccount' policies: type: array description: Password constraints items: type: string example: - passwordRepeatedChar is 3 - passwordMinAlpha is 1 - passwordMinLength is 5 - passwordMinNumeric is 1 PasswordChangeRequest: type: object title: Password Change Request properties: identityId: type: string description: The identity ID that requested the password change example: 8a807d4c73c545510173c545f0a002ff encryptedPassword: type: string description: The RSA encrypted password example: XzN+YwKgr2C+InkMYFMBG3UtjMEw5ZIql/XFlXo8cJNeslmkplx6vn4kd4/43IF9STBk5RnzR6XmjpEO+FwHDoiBwYZAkAZK/Iswxk4OdybG6Y4MStJCOCiK8osKr35IMMSV/mbO4wAeltoCk7daTWzTGLiI6UaT5tf+F2EgdjJZ7YqM8W8r7aUWsm3p2Xt01Y46ZRx0QaM91QruiIx2rECFT2pUO0wr+7oQ77jypATyGWRtADsu3YcvCk/6U5MqCnXMzKBcRas7NnZdSL/d5H1GglVGz3VLPMaivG4/oL4chOMmFCRl/zVsGxZ9RhN8rxsRGFFKn+rhExTi+bax3A== publicKeyId: type: string description: The encryption key ID example: YWQ2NjQ4MTItZjY0NC00MWExLWFjMjktOGNmMzU3Y2VlNjk2 accountId: type: string description: Account ID of the account This is specified per account schema in the source configuration. It is used to distinguish accounts. More info can be found here https://community.sailpoint.com/t5/IdentityNow-Connectors/How-do-I-designate-an-account-attribute-as-the-Account-ID-for-a/ta-p/80350 example: CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com sourceId: type: string description: The ID of the source for which identity is requesting the password change example: 8a807d4c73c545510173c545d4b60246 PasswordChangeResponse: type: object title: Password Change Response properties: requestId: type: string nullable: true description: The password change request ID example: 089899f13a8f4da7824996191587bab9 state: type: string enum: - IN_PROGRESS - FINISHED - FAILED description: Password change state example: IN_PROGRESS PasswordStatus: type: object title: Password Status properties: requestId: type: string nullable: true description: The password change request ID example: 089899f13a8f4da7824996191587bab9 state: type: string enum: - IN_PROGRESS - FINISHED - FAILED description: Password change state example: IN_PROGRESS errors: type: array items: type: string description: The errors during the password change request example: - The password change payload is invalid sourceIds: type: array items: type: string description: List of source IDs in the password change request example: - 2c918083746f642c01746f990884012a PasswordOrgConfig: type: object title: Password Org Config properties: customInstructionsEnabled: type: boolean description: Indicator whether custom password instructions feature is enabled. The default value is false. default: false example: true digitTokenEnabled: type: boolean description: Indicator whether "digit token" feature is enabled. The default value is false. default: false example: true digitTokenDurationMinutes: type: integer format: int32 description: The duration of "digit token" in minutes. The default value is 5. minimum: 1 maximum: 60 default: 5 example: 10 digitTokenLength: type: integer format: int32 description: The length of "digit token". The default value is 6. minimum: 6 maximum: 18 default: 6 example: 9 ReportResults: type: object description: Details about report result or current state. properties: reportType: type: string enum: - ACCOUNTS - IDENTITIES_DETAILS - IDENTITIES - IDENTITY_PROFILE_IDENTITY_ERROR - ORPHAN_IDENTITIES - SEARCH_EXPORT - UNCORRELATED_ACCOUNTS description: Use this property to define what report should be processed in the RDE service. example: IDENTITIES_DETAILS taskDefName: type: string description: Name of the task definition which is started to process requesting report. Usually the same as report name example: Identities Details Report id: type: string description: Unique task definition identifier. example: a248c16fe22222b2bd49615481311111 created: type: string description: Report processing start date format: date-time example: '2020-09-07T42:14:00.364Z' status: type: string enum: - SUCCESS - FAILURE - WARNING - TERMINATED description: Report current state or result status. example: SUCCESS duration: type: integer format: int64 description: Report processing time in ms. example: 342 rows: type: integer format: int64 description: Report size in rows. example: 37 availableFormats: type: array items: type: string enum: - CSV - PDF description: Output report file formats. This are formats for calling get endpoint as a query parameter 'fileFormat'. In case report won't have this argument there will be ['CSV', 'PDF'] as default. example: - CSV accounts-export-report-arguments: title: ACCOUNTS type: object description: Arguments for Account Export report (ACCOUNTS) required: - application - sourceName properties: application: type: string description: Source ID. example: 2c9180897eSourceIde781782f705b9 sourceName: type: string description: Source name. example: Active Directory identities-details-report-arguments: title: IDENTITIES_DETAILS type: object description: Arguments for Identities Details report (IDENTITIES_DETAILS) required: - correlatedOnly properties: correlatedOnly: type: boolean description: Flag to specify if only correlated identities are included in report. default: false example: true identities-report-arguments: title: IDENTITIES type: object description: Arguments for Identities report (IDENTITIES) properties: correlatedOnly: type: boolean description: Flag to specify if only correlated identities are included in report. default: false example: true identity-profile-identity-error-report-arguments: title: IDENTITY_PROFILE_IDENTITY_ERROR type: object description: Arguments for Identity Profile Identity Error report (IDENTITY_PROFILE_IDENTITY_ERROR) required: - authoritativeSource properties: authoritativeSource: type: string description: Source ID. example: 1234sourceId5678902 orphan-identities-report-arguments: title: ORPHAN_IDENTITIES type: object description: Arguments for Orphan Identities report (ORPHAN_IDENTITIES) properties: selectedFormats: type: array items: type: string enum: - CSV - PDF description: Output report file formats. These are formats for calling GET endpoint as query parameter 'fileFormat'. In case report won't have this argument there will be ['CSV', 'PDF'] as default. example: - CSV search-export-report-arguments: title: SEARCH_EXPORT type: object description: | Arguments for Search Export report (SEARCH_EXPORT) The report file generated will be a zip file containing csv files of the search results. required: - query properties: indices: description: The names of the Elasticsearch indices in which to search. If none are provided, then all indices will be searched. externalDocs: description: Learn more about search indices here. url: https://documentation.sailpoint.com/saas/help/search/searchable-fields.html type: array items: $ref: '#/components/schemas/Index' example: - entitlements query: description: The query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries. type: string example: name:a* columns: description: | Comma separated string consisting of technical attribute names of fields to include in report. Use `access.spread`, `apps.spread`, `accounts.spread` to include respective identity access details. Use `accessProfiles.spread` to unclude access profile details. Use `entitlements.spread` to include entitlement details. type: string example: displayName,firstName,lastName,email,created,attributes.cloudLifecycleState sort: description: The fields to be used to sort the search results. Use + or - to specify the sort direction. type: array items: type: string example: - displayName - +id uncorrelated-accounts-report-arguments: title: UNCORRELATED_ACCOUNTS type: object description: Arguments for Uncorrelated Accounts report (UNCORRELATED_ACCOUNTS) properties: selectedFormats: type: array items: type: string enum: - CSV - PDF description: Output report file formats. These are formats for calling GET endpoint as query parameter 'fileFormat'. In case report won't have this argument there will be ['CSV', 'PDF'] as default. example: - CSV ReportDetails: type: object description: Details about report to be processed. properties: reportType: type: string enum: - ACCOUNTS - IDENTITIES_DETAILS - IDENTITIES - IDENTITY_PROFILE_IDENTITY_ERROR - ORPHAN_IDENTITIES - SEARCH_EXPORT - UNCORRELATED_ACCOUNTS description: Use this property to define what report should be processed in the RDE service. example: ACCOUNTS arguments: anyOf: - $ref: '#/components/schemas/accounts-export-report-arguments' - $ref: '#/components/schemas/identities-details-report-arguments' - $ref: '#/components/schemas/identities-report-arguments' - $ref: '#/components/schemas/identity-profile-identity-error-report-arguments' - $ref: '#/components/schemas/orphan-identities-report-arguments' - $ref: '#/components/schemas/search-export-report-arguments' - $ref: '#/components/schemas/uncorrelated-accounts-report-arguments' example: application: 2c9180897e7742b2017e781782f705b9 sourceName: Active Directory description: The string-object map(dictionary) with the arguments needed for report processing. TaskResultDetails: type: object description: Details about job or task type, state and lifecycle. properties: type: type: string enum: - QUARTZ - QPOC - MENTOS - QUEUED_TASK description: Type of the job or task underlying in the report processing. It could be a quartz task, QPOC or MENTOS jobs or a refresh/sync task. example: MENTOS id: type: string description: Unique task definition identifier. example: a248c16fe22222b2bd49615481311111 reportType: type: string enum: - ACCOUNTS - IDENTITIES_DETAILS - IDENTITIES - IDENTITY_PROFILE_IDENTITY_ERROR - ORPHAN_IDENTITIES - SEARCH_EXPORT - UNCORRELATED_ACCOUNTS description: Use this property to define what report should be processed in the RDE service. example: IDENTITIES_DETAILS description: type: string description: Description of the report purpose and/or contents. example: A detailed view of the identities in the system. parentName: type: string nullable: true description: Name of the parent task/report if exists. example: Audit Report launcher: type: string description: Name of the report processing initiator. example: cloudadmin created: type: string description: Report creation date format: date-time example: '2020-09-07T42:14:00.364Z' launched: type: string nullable: true format: date-time description: Report start date example: '2020-09-07T42:14:00.521Z' completed: type: string nullable: true format: date-time description: Report completion date example: '2020-09-07T42:14:01.137Z' completionStatus: type: string nullable: true enum: - SUCCESS - WARNING - ERROR - TERMINATED - TEMP_ERROR description: Report completion status. example: Success messages: type: array description: List of the messages dedicated to the report. From task definition perspective here usually should be warnings or errors. example: [] items: type: object properties: type: type: string description: Type of the message. enum: - INFO - WARN - ERROR example: WARN error: type: boolean default: false description: Flag whether message is an error. example: false warning: type: boolean default: false description: Flag whether message is a warning. example: true key: type: string description: Message string identifier. example: 'The following account(s) failed to correlate: A,B,C' localizedText: type: string description: Message context with the locale based language. example: 'The following account(s) failed to correlate: A,B,C' returns: type: array description: Task definition results, if necessary. example: [] items: type: object properties: displayLabel: type: string description: Attribute description. example: ' ' attributeName: type: string description: System or database attribute name. example: ' ' attributes: type: object description: Extra attributes map(dictionary) needed for the report. example: org: an-org progress: type: string nullable: true description: Current report state. example: Initializing... ViolationOwnerAssignmentConfig: type: object title: Violation Owner Assignment Config properties: assignmentRule: type: string enum: - MANAGER - STATIC - null description: |- Details about the violations owner. MANAGER - identity's manager STATIC - Governance Group or Identity example: MANAGER nullable: true ownerRef: type: object description: The owner of the violation assignment config. nullable: true properties: type: type: string description: Owner type. enum: - IDENTITY - GOVERNANCE_GROUP - MANAGER - null example: IDENTITY id: type: string description: Owner's ID. example: 2c9180a46faadee4016fb4e018c20639 name: type: string description: Owner's name. example: Support SodPolicy: type: object title: Sod Policy properties: id: type: string description: Policy id example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde readOnly: true name: type: string description: Policy Business Name example: policy-xyz created: type: string format: date-time description: The time when this SOD policy is created. example: '2020-01-01T00:00:00.000000Z' readOnly: true modified: type: string format: date-time description: The time when this SOD policy is modified. example: '2020-01-01T00:00:00.000000Z' readOnly: true description: type: string description: Optional description of the SOD policy example: This policy ensures compliance of xyz nullable: true ownerRef: type: object description: The owner of the SOD policy. properties: type: type: string description: Owner type. enum: - IDENTITY - GOVERNANCE_GROUP example: IDENTITY id: type: string description: Owner's ID. example: 2c9180a46faadee4016fb4e018c20639 name: type: string description: Owner's name. example: Support externalPolicyReference: type: string description: Optional External Policy Reference example: XYZ policy nullable: true policyQuery: type: string description: Search query of the SOD policy example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)' compensatingControls: type: string description: Optional compensating controls(Mitigating Controls) example: Have a manager review the transaction decisions for their "out of compliance" employee nullable: true correctionAdvice: type: string description: Optional correction advice example: Based on the role of the employee, managers should remove access that is not required for their job function. nullable: true state: type: string description: whether the policy is enforced or not enum: - ENFORCED - NOT_ENFORCED example: ENFORCED tags: type: array description: tags for this policy object example: - TAG1 - TAG2 items: type: string creatorId: type: string description: Policy's creator ID example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde readOnly: true modifierId: type: string description: Policy's modifier ID example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde nullable: true readOnly: true violationOwnerAssignmentConfig: $ref: '#/components/schemas/ViolationOwnerAssignmentConfig' nullable: true scheduled: type: boolean description: defines whether a policy has been scheduled or not example: true default: false type: type: string description: whether a policy is query based or conflicting access based default: GENERAL enum: - GENERAL - CONFLICTING_ACCESS_BASED example: GENERAL AccessCriteria: type: object title: Access Criteria properties: name: type: string description: Business name for the access construct list example: money-in criteriaList: type: array description: List of criteria. There is a min of 1 and max of 50 items in the list. minItems: 1 maxItems: 50 items: type: object properties: type: type: string enum: - ENTITLEMENT description: Type of the property to which this reference applies to example: ENTITLEMENT id: type: string description: ID of the object to which this reference applies to example: 2c91808568c529c60168cca6f90c1313 name: type: string description: Human-readable display name of the object to which this reference applies to example: Administrator example: - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a66 name: Administrator - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a67 name: Administrator ConflictingAccessCriteria: type: object title: Conflicting Access Criteria properties: leftCriteria: $ref: '#/components/schemas/AccessCriteria' rightCriteria: $ref: '#/components/schemas/AccessCriteria' SodPolicyRead: allOf: - $ref: '#/components/schemas/SodPolicy' - type: object properties: conflictingAccessCriteria: allOf: - $ref: '#/components/schemas/ConflictingAccessCriteria' - nullable: true AccessCriteriaRequest: type: object title: Access Criteria Request properties: name: type: string description: Business name for the access construct list example: money-in criteriaList: type: array description: List of criteria. There is a min of 1 and max of 50 items in the list. minItems: 1 maxItems: 50 items: type: object properties: type: type: string enum: - ENTITLEMENT description: Type of the property to which this reference applies to example: ENTITLEMENT id: type: string description: ID of the object to which this reference applies to example: 2c91808568c529c60168cca6f90c1313 example: - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a66 name: Administrator - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a67 name: Administrator ConflictingAccessCriteriaRequest: type: object title: Conflicting Access Criteria Request properties: leftCriteria: $ref: '#/components/schemas/AccessCriteriaRequest' rightCriteria: $ref: '#/components/schemas/AccessCriteriaRequest' SodPolicyRequest: allOf: - $ref: '#/components/schemas/SodPolicy' - type: object properties: conflictingAccessCriteria: allOf: - $ref: '#/components/schemas/ConflictingAccessCriteriaRequest' - nullable: true SodRecipient: type: object title: Sod Recipient description: SOD policy recipient. properties: type: type: string description: SOD policy recipient DTO type. enum: - IDENTITY example: IDENTITY id: type: string description: SOD policy recipient's identity ID. example: 2c7180a46faadee4016fb4e018c20642 name: type: string description: SOD policy recipient's display name. example: Michael Michaels SodPolicySchedule: type: object title: Sod Policy Schedule properties: name: type: string description: SOD Policy schedule name example: SCH-1584312283015 created: type: string format: date-time description: The time when this SOD policy schedule is created. example: '2020-01-01T00:00:00.000000Z' readOnly: true modified: type: string format: date-time description: The time when this SOD policy schedule is modified. example: '2020-01-01T00:00:00.000000Z' readOnly: true description: type: string description: SOD Policy schedule description example: Schedule for policy xyz schedule: $ref: '#/components/schemas/Schedule' recipients: type: array items: $ref: '#/components/schemas/SodRecipient' emailEmptyResults: type: boolean description: Indicates if empty results need to be emailed example: false default: false creatorId: type: string description: Policy's creator ID example: 0f11f2a47c944bf3a2bd742580fe3bde readOnly: true modifierId: type: string description: Policy's modifier ID example: 0f11f2a47c944bf3a2bd742580fe3bde readOnly: true IdentityWithNewAccess: description: An identity with a set of access to be added required: - identityId - accessRefs type: object properties: identityId: description: Identity id to be checked. type: string example: 2c91808568c529c60168cca6f90c1313 accessRefs: description: The list of entitlements to consider for possible violations in a preventive check. type: array items: type: object description: Entitlement including a specific set of access. properties: type: type: string description: Entitlement's DTO type. enum: - ENTITLEMENT example: ENTITLEMENT nullable: false id: type: string description: Entitlement's ID. example: 2c91809773dee32014e13e122092014e nullable: false example: - type: ENTITLEMENT id: 2c918087682f9a86016839c050861ab1 - type: ENTITLEMENT id: 2c918087682f9a86016839c0509c1ab2 SodPolicyDto-2: type: object description: SOD policy. properties: type: type: string description: SOD policy DTO type. enum: - SOD_POLICY example: SOD_POLICY id: type: string description: SOD policy ID. example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde name: type: string description: SOD policy display name. example: Business SOD Policy ExceptionCriteriaAccess: type: object properties: type: $ref: '#/components/schemas/DtoType' description: DTO type id: type: string description: ID of the object to which this reference applies example: 2c91808568c529c60168cca6f90c1313 name: type: string description: Human-readable display name of the object to which this reference applies example: CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local existing: type: boolean description: Whether the subject identity already had that access or not default: false example: true description: Access reference with addition of boolean existing flag to indicate whether the access was extant ExceptionCriteria: type: object properties: criteriaList: type: array description: List of exception criteria. There is a min of 1 and max of 50 items in the list. items: allOf: - $ref: '#/components/schemas/ExceptionCriteriaAccess' description: The types of objects supported for SOD violations properties: type: enum: - ENTITLEMENT example: ENTITLEMENT description: The type of object that is referenced example: - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a66 existing: true - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a67 existing: false ExceptionAccessCriteria: type: object properties: leftCriteria: $ref: '#/components/schemas/ExceptionCriteria' rightCriteria: $ref: '#/components/schemas/ExceptionCriteria' ViolationContext: type: object properties: policy: allOf: - $ref: '#/components/schemas/SodPolicyDto-2' - type: object properties: type: type: string example: SOD_POLICY name: type: string example: A very cool policy name description: The types of objects supported for SOD violations properties: type: enum: - ENTITLEMENT example: ENTITLEMENT description: The type of object that is referenced conflictingAccessCriteria: $ref: '#/components/schemas/ExceptionAccessCriteria' nullable: false description: The object which contains the left and right hand side of the entitlements that got violated according to the policy. ViolationPrediction: description: An object containing a listing of the SOD violation reasons detected by this check. required: - requestId type: object properties: violationContexts: type: array description: List of Violation Contexts items: $ref: '#/components/schemas/ViolationContext' SodViolationCheck: description: An object referencing an SOD violation check required: - requestId type: object title: Sod Violation Check properties: requestId: description: The id of the original request example: 089899f13a8f4da7824996191587bab9 type: string created: type: string format: date-time readOnly: true description: The date-time when this request was created. example: '2020-01-01T00:00:00.000000Z' MultiPolicyRequest: type: object title: Multi Policy Request properties: filteredPolicyList: type: array description: Multi-policy report will be run for this list of ids items: type: string example: - b868cd40-ffa4-4337-9c07-1a51846cfa94 - 63a07a7b-39a4-48aa-956d-50c827deba2a ManagerCorrelationMapping: type: object title: Manager Correlation Mapping properties: accountAttributeName: type: string description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity. example: manager identityAttributeName: type: string description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute. example: manager SourceFeature: type: array items: type: string enum: - AUTHENTICATE - COMPOSITE - DIRECT_PERMISSIONS - DISCOVER_SCHEMA - ENABLE - MANAGER_LOOKUP - NO_RANDOM_ACCESS - PROXY - SEARCH - TEMPLATE - UNLOCK - UNSTRUCTURED_TARGETS - SHAREPOINT_TARGET - PROVISIONING - GROUP_PROVISIONING - SYNC_PROVISIONING - PASSWORD - CURRENT_PASSWORD - ACCOUNT_ONLY_REQUEST - ADDITIONAL_ACCOUNT_REQUEST - NO_AGGREGATION - GROUPS_HAVE_MEMBERS - NO_PERMISSIONS_PROVISIONING - NO_GROUP_PERMISSIONS_PROVISIONING - NO_UNSTRUCTURED_TARGETS_PROVISIONING - NO_DIRECT_PERMISSIONS_PROVISIONING - PREFER_UUID - ARM_SECURITY_EXTRACT - ARM_UTILIZATION_EXTRACT - ARM_CHANGELOG_EXTRACT - USES_UUID - APPLICATION_DISCOVERY - DELETE example: AUTHENTICATE description: |- Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors. * AUTHENTICATE: The source supports pass-through authentication. * COMPOSITE: The source supports composite source creation. * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. * ENABLE The source supports reading if an account is enabled or disabled. * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. * SEARCH * TEMPLATE * UNLOCK: The source supports reading if an account is locked or unlocked. * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. * SYNC_PROVISIONING: The source can provision accounts synchronously. * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. * CURRENT_PASSWORD: Some source types support verification of the current password * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. * NO_AGGREGATION: A source that does not support aggregation. * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. * USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure. * PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning. * ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM * ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM * ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM example: - PROVISIONING - NO_PERMISSIONS_PROVISIONING - GROUPS_HAVE_MEMBERS UsageType: type: string nullable: false enum: - CREATE - UPDATE - ENABLE - DISABLE - DELETE - ASSIGN - UNASSIGN - CREATE_GROUP - UPDATE_GROUP - DELETE_GROUP - REGISTER - CREATE_IDENTITY - UPDATE_IDENTITY - EDIT_GROUP - UNLOCK - CHANGE_PASSWORD example: CREATE description: |- The type of provisioning policy usage. In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined. These are the common usage types: CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source. UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source. ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created. DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source. You can use these four usage types for all your provisioning policy needs. FieldDetailsDto: type: object title: Field Details Dto properties: name: type: string description: The name of the attribute. example: userName transform: type: object description: The transform to apply to the field example: type: rule attributes: name: Create Unique LDAP Attribute default: {} attributes: type: object description: Attributes required for the transform example: template: ${firstname}.${lastname}${uniqueCounter} cloudMaxUniqueChecks: '50' cloudMaxSize: '20' cloudRequired: 'true' isRequired: type: boolean readOnly: true description: Flag indicating whether or not the attribute is required. default: false example: false type: type: string description: | The type of the attribute. string: For text-based data. int: For whole numbers. long: For larger whole numbers. date: For date and time values. boolean: For true/false values. secret: For sensitive data like passwords, which will be masked and encrypted. enum: - string - int - long - date - boolean - secret example: string isMultiValued: type: boolean description: Flag indicating whether or not the attribute is multi-valued. default: false example: false ProvisioningPolicyDto: type: object title: Provisioning Policy Dto required: - name properties: name: nullable: true type: string description: the provisioning policy name example: example provisioning policy for inactive identities description: type: string description: the description of the provisioning policy example: this provisioning policy creates access based on an identity going inactive usageType: $ref: '#/components/schemas/UsageType' fields: type: array items: $ref: '#/components/schemas/FieldDetailsDto' AttributeDefinitionType: type: string enum: - STRING - LONG - INT - BOOLEAN - DATE description: The underlying type of the value which an AttributeDefinition represents. example: STRING AttributeDefinition: type: object title: Attribute Definition properties: name: type: string description: The name of the attribute. example: sAMAccountName nativeName: type: string nullable: true description: Attribute name in the native system. example: sAMAccountName type: $ref: '#/components/schemas/AttributeDefinitionType' description: The type of the attribute. example: STRING schema: description: A reference to the schema on the source to the attribute values map to. type: object properties: type: description: The type of object being referenced type: string enum: - CONNECTOR_SCHEMA example: CONNECTOR_SCHEMA id: type: string description: The object ID this reference applies to. example: 2c91808568c529c60168cca6f90c1313 name: type: string description: The human-readable display name of the object. example: group description: type: string description: A human-readable description of the attribute. example: SAM Account Name isMulti: type: boolean description: Flag indicating whether or not the attribute is multi-valued. example: false default: false isEntitlement: type: boolean description: Flag indicating whether or not the attribute is an entitlement. example: false default: false isGroup: type: boolean description: | Flag indicating whether or not the attribute represents a group. This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.. example: false default: false Schema: type: object title: Schema properties: id: type: string description: The id of the Schema. example: 2c9180835d191a86015d28455b4a2329 name: type: string description: The name of the Schema. example: account nativeObjectType: type: string description: The name of the object type on the native system that the schema represents. example: User identityAttribute: type: string description: The name of the attribute used to calculate the unique identifier for an object in the schema. example: sAMAccountName displayAttribute: type: string description: The name of the attribute used to calculate the display value for an object in the schema. example: distinguishedName hierarchyAttribute: type: string description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas. example: memberOf includePermissions: type: boolean description: Flag indicating whether or not the include permissions with the object data when aggregating the schema. default: false example: false features: $ref: '#/components/schemas/SourceFeature' configuration: type: object description: Holds any extra configuration data that the schema may require. example: groupMemberAttribute: member attributes: type: array description: The attribute definitions which form the schema. items: $ref: '#/components/schemas/AttributeDefinition' example: - name: sAMAccountName type: STRING isMultiValued: false isEntitlement: false isGroup: false - name: memberOf type: STRING schema: type: CONNECTOR_SCHEMA id: 2c9180887671ff8c01767b4671fc7d60 name: group description: Group membership isMultiValued: true isEntitlement: true isGroup: true created: type: string description: The date the Schema was created. format: date-time example: '2019-12-24T22:32:58.104Z' modified: type: string description: The date the Schema was last modified. format: date-time example: '2019-12-31T20:22:28.104Z' IdentityProfilesConnections: type: object title: Identity Profiles Connections properties: id: type: string description: ID of the IdentityProfile this reference applies example: 76cfddb62818416f816bc494410f46c4 name: type: string description: Human-readable display name of the IdentityProfile to which this reference applies example: ODS-Identity-Profile identityCount: type: integer format: int64 description: The Number of Identities managed by this IdentityProfile example: 100 RequiresPeriodicRefresh: type: boolean description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process example: false default: false input: type: object description: This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI. additionalProperties: true example: type: accountAttribute attributes: attributeName: first_name sourceName: Source AccountAttribute: title: accountAttribute type: object required: - sourceName - attributeName properties: sourceName: type: string description: A reference to the source to search for the account example: Workday attributeName: type: string description: The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema. example: DEPARTMENT accountSortAttribute: type: string description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries example: created default: created accountSortDescending: type: boolean description: The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order) example: false default: false accountReturnFirstLink: type: boolean description: The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false example: false default: false accountFilter: type: string description: |- This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements example: '!(nativeIdentity.startsWith("*DELETED*"))' accountPropertyFilter: type: string description: |- This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. All account attributes are available for filtering as this operation is performed in memory. example: (groups.containsAll({'Admin'}) || location == 'Austin') requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' Base64Decode: title: base64Decode type: object properties: requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' Base64Encode: title: base64Encode type: object properties: requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' Concatenation: title: concat type: object required: - values properties: values: type: array items: type: object description: An array of items to join together example: - John - ' ' - Smith requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' Conditional: title: conditional type: object required: - expression - positiveCondition - negativeCondition properties: expression: type: string description: |- A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms. The `eq` operator is the only valid comparison example: ValueA eq ValueB positiveCondition: type: string description: The output of the transform if the expression evalutes to true example: 'true' negativeCondition: type: string description: The output of the transform if the expression evalutes to false example: 'false' requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' namedConstructs: title: Named Construct type: string description: | | Construct | Date Time Pattern | Description | | --------- | ----------------- | ----------- | | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | enum: - ISO8601 - LDAP - PEOPLE_SOFT - EPOCH_TIME_JAVA - EPOCH_TIME_WIN32 example: PEOPLE_SOFT simpleDateFormat: title: Java Simple Date Format type: string description: | There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. (This table is from the SimpleDateFormat page.) | Date Time Pattern | Result | | ----------------- | ------ | | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | | `h:mm a` | 12:08 PM | | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | | `K:mm a, z` | 0:08 PM, PDT | | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | | `yyMMddHHmmssZ` | 010704120856-0700 | | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | | `YYYY-'W'ww-u` | 2001-W27-3 | example: mm/dd/yyyy DateFormat: title: dateFormat type: object properties: inputFormat: description: |- A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* oneOf: - $ref: '#/components/schemas/namedConstructs' - $ref: '#/components/schemas/simpleDateFormat' outputFormat: description: |- A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* oneOf: - $ref: '#/components/schemas/namedConstructs' - $ref: '#/components/schemas/simpleDateFormat' requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' DateCompare: title: dateCompare type: object required: - firstDate - secondDate - operator - positiveCondition - negativeCondition properties: firstDate: description: This is the first date to consider (The date that would be on the left hand side of the comparison operation). oneOf: - $ref: '#/components/schemas/AccountAttribute' - $ref: '#/components/schemas/DateFormat' secondDate: description: This is the second date to consider (The date that would be on the right hand side of the comparison operation). oneOf: - $ref: '#/components/schemas/AccountAttribute' - $ref: '#/components/schemas/DateFormat' operator: type: string description: | This is the comparison to perform. | Operation | Description | | --------- | ------- | | LT | Strictly less than: `firstDate < secondDate` | | LTE | Less than or equal to: `firstDate <= secondDate` | | GT | Strictly greater than: `firstDate > secondDate` | | GTE | Greater than or equal to: `firstDate >= secondDate` | enum: - LT - LTE - GT - GTE example: LT positiveCondition: type: string description: The output of the transform if the expression evalutes to true example: 'true' negativeCondition: type: string description: The output of the transform if the expression evalutes to false example: false requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' DateMath: title: dateMath type: object required: - expression properties: expression: type: string description: | A string value of the date and time components to operation on, along with the math operations to execute. externalDocs: description: Date Math Expressions url: https://developer.sailpoint.com/docs/extensibility/transforms/operations/date-math#transform-structure example: now+1w roundUp: type: boolean description: | A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression. If not provided, the transform will default to `false` `true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component) `false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated) example: false default: false requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' DecomposeDiacriticalMarks: title: decomposeDiacriticalMarks type: object properties: requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' E164phone: title: e164phone type: object properties: defaultRegion: type: string description: | This is an optional attribute that can be used to define the region of the phone number to format into. If defaultRegion is not provided, it will take US as the default country. The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2) example: US requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' FirstValid: title: firstValid type: object required: - values properties: values: type: array items: type: object description: An array of attributes to evaluate for existence. example: - attributes: sourceName: Active Directory attributeName: sAMAccountName type: accountAttribute - attributes: sourceName: Okta attributeName: login type: accountAttribute - attributes: sourceName: HR Source attributeName: employeeID type: accountAttribute ignoreErrors: type: boolean description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur. example: false default: false requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' TransformRule: type: object required: - name properties: name: type: string description: This is the name of the Transform rule that needs to be invoked by the transform example: Transform Calculation Rule requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' GenerateRandomString: type: object required: - name - operation - includeNumbers - includeSpecialChars - length properties: name: type: string description: This must always be set to "Cloud Services Deployment Utility" example: Cloud Services Deployment Utility operation: type: string description: The operation to perform `generateRandomString` example: generateRandomString includeNumbers: type: boolean description: This must be either "true" or "false" to indicate whether the generator logic should include numbers example: true includeSpecialChars: type: boolean description: This must be either "true" or "false" to indicate whether the generator logic should include special characters example: true length: type: string description: | This specifies how long the randomly generated string needs to be >NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters example: '10' requiresPeriodicRefresh: type: boolean description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process example: false GetReferenceIdentityAttribute: type: object required: - name - operation - uid properties: name: type: string description: This must always be set to "Cloud Services Deployment Utility" example: Cloud Services Deployment Utility operation: type: string description: The operation to perform `getReferenceIdentityAttribute` example: getReferenceIdentityAttribute uid: type: string description: | This is the SailPoint User Name (uid) value of the identity whose attribute is desired As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute. example: 2c91808570313110017040b06f344ec9 requiresPeriodicRefresh: type: boolean description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process example: false Rule: title: rule oneOf: - $ref: '#/components/schemas/TransformRule' - $ref: '#/components/schemas/GenerateRandomString' - $ref: '#/components/schemas/GetReferenceIdentityAttribute' IdentityAttribute: title: identityAttribute type: object required: - name properties: name: type: string description: The system (camel-cased) name of the identity attribute to bring in example: email requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' IndexOf: title: indexOf type: object required: - substring properties: substring: type: string description: A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring. example: admin_ requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' ISO3166: title: iso3166 type: object properties: format: type: string description: | An optional value to denote which ISO 3166 format to return. Valid values are: `alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied `alpha3` - Three-character country code (e.g., "USA") `numeric` - The numeric country code (e.g., "840") example: alpha2 requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' LeftPad: title: leftPad type: object required: - length properties: length: type: string description: An integer value for the desired length of the final output string example: '4' padding: type: string description: | A string value representing the character that the incoming data should be padded with to get to the desired length If not provided, the transform will default to a single space (" ") character for padding example: '0' requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' Lookup: title: lookup type: object required: - table properties: table: type: object additionalProperties: true description: | This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched >**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform. example: USA: Americas FRA: EMEA AUS: APAC default: Unknown Region requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' Lower: title: lower type: object properties: requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' NameNormalizer: title: nameNormalizer type: object properties: requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' RandomAlphaNumeric: title: randomAlphaNumeric type: object properties: length: type: string description: | This is an integer value specifying the size/number of characters the random string must contain * This value must be a positive number and cannot be blank * If no length is provided, the transform will default to a value of `32` * Due to identity attribute data constraints, the maximum allowable value is `450` characters example: '10' requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' RandomNumeric: title: randomNumeric type: object properties: length: type: string description: | This is an integer value specifying the size/number of characters the random string must contain * This value must be a positive number and cannot be blank * If no length is provided, the transform will default to a value of `32` * Due to identity attribute data constraints, the maximum allowable value is `450` characters example: '10' requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' Reference-2: title: reference type: object required: - id properties: id: type: string description: This ID specifies the name of the pre-existing transform which you want to use within your current transform example: Existing Transform requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' ReplaceAll: title: replaceAll type: object required: - table properties: table: type: object additionalProperties: true description: An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value. example: '-': ' ' '"': '''' ñ: 'n' requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' Replace: title: replace type: object required: - regex - replacement properties: regex: type: string description: This can be a string or a regex pattern in which you want to replace. example: '[^a-zA-Z]' externalDocs: description: Regex Builder url: https://regex101.com/ replacement: type: string description: This is the replacement string that should be substituded wherever the string or pattern is found. example: ' ' requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' RightPad: title: rightPad type: object required: - length properties: length: type: string description: An integer value for the desired length of the final output string example: '4' padding: type: string description: | A string value representing the character that the incoming data should be padded with to get to the desired length If not provided, the transform will default to a single space (" ") character for padding example: '0' requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' Split: title: split type: object required: - delimiter - index properties: delimiter: type: string description: This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data example: ',' index: type: string description: An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc. example: '5' throws: type: boolean description: | A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array) `true` - The transform should return "IndexOutOfBoundsException" `false` - The transform should return null If not provided, the transform will default to false and return a null example: true default: false requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' Static: title: static type: object required: - values properties: values: type: string description: This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language. example: string$variable externalDocs: description: Static Transform Documentation url: https://developer.sailpoint.com/docs/extensibility/transforms/operations/static requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' Substring: title: substring type: object required: - begin properties: begin: type: integer description: | The index of the first character to include in the returned substring. If `begin` is set to -1, the transform will begin at character 0 of the input data example: 1 format: int32 beginOffset: type: integer description: | This integer value is the number of characters to add to the begin attribute when returning a substring. This attribute is only used if begin is not -1. example: 3 format: int32 end: type: integer description: | The index of the first character to exclude from the returned substring. If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string. example: 6 format: int32 endOffset: type: integer description: | This integer value is the number of characters to add to the end attribute when returning a substring. This attribute is only used if end is provided and is not -1. example: 1 format: int32 requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' Trim: title: trim type: object properties: requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' Upper: title: upper type: object properties: requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' UUIDGenerator: title: uuid type: object properties: requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' TransformRead: allOf: - $ref: '#/components/schemas/Transform' - type: object required: - id - internal properties: id: type: string description: Unique ID of this transform example: 2cd78adghjkja34jh2b1hkjhasuecd internal: type: boolean description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform example: false default: false DependantAppConnections: type: object title: Dependant App Connections properties: cloudAppId: type: string description: Id of the connected Application example: 9e3cdd80edf84f119327df8bbd5bb5ac description: type: string description: Description of the connected Application example: This is a Sailpoint application enabled: type: boolean description: Is the Application enabled example: true default: true provisionRequestEnabled: type: boolean description: Is Provisioning enabled for connected Application example: true default: true accountSource: type: object description: The Account Source of the connected Application properties: useForPasswordManagement: type: boolean description: Use this Account Source for password management example: false default: false passwordPolicies: type: array description: A list of Password Policies for this Account Source items: type: object properties: type: type: string description: DTO type example: PASSWORD_POLICY id: type: string description: ID of the object to which this reference applies example: 2c91808568c529c60168cca6f90c1313 name: type: string description: Human-readable display name of the object to which this reference applies example: Policy ODS launcherCount: type: integer format: int64 description: The amount of launchers for connected Application (long type) example: 100 matchAllAccount: type: boolean description: Is Provisioning enabled for connected Application example: true default: false owner: type: array description: The owner of the connected Application items: $ref: '#/components/schemas/BaseReferenceDto' appCenterEnabled: type: boolean description: Is App Center enabled for connected Application example: false default: false DependantConnectionsMissingDto: type: object title: Dependant Connections Missing Dto properties: dependencyType: type: string enum: - identityProfiles - credentialProfiles - mappingProfiles - sourceAttributes - dependantCustomTransforms - dependantApps description: The type of dependency type that is missing in the SourceConnections example: dependantApps reason: type: string description: The reason why this dependency is missing example: If there was an error retrieving any dependencies, it would lbe listed here SourceConnectionsDto: type: object title: Source Connections Dto properties: identityProfiles: type: array description: The IdentityProfile attached to this source items: $ref: '#/components/schemas/IdentityProfilesConnections' credentialProfiles: type: array description: Name of the CredentialProfile attached to this source items: type: string example: - Profile ODS sourceAttributes: type: array description: The attributes attached to this source items: type: string example: - sAMAccountName - mail - sn - givenName - displayName - employeeNumber - manager - telephoneNumber mappingProfiles: type: array description: The profiles attached to this source example: - ODS-AD-Profile - ODS-Profile2 items: type: string dependentCustomTransforms: example: - id: 61190eae-290b-4335-aeb8-7335f1fd99cb name: Split Transform type: split attributes: delimiter: '-' index: 1 input: attributes: sourceName: Example CSV Source attributeName: last_name type: accountAttribute internal: false description: A list of custom transforms associated with this source. A transform will be considered associated with a source if any attributes of the transform specify the source as the sourceName. type: array items: $ref: '#/components/schemas/TransformRead' dependentApps: type: array items: $ref: '#/components/schemas/DependantAppConnections' missingDependents: type: array items: $ref: '#/components/schemas/DependantConnectionsMissingDto' TaggedObjectDto: type: object title: Tagged Object Dto properties: type: type: string enum: - ACCESS_PROFILE - APPLICATION - CAMPAIGN - ENTITLEMENT - IDENTITY - ROLE - SOD_POLICY - SOURCE example: IDENTITY description: DTO type id: type: string description: ID of the object this reference applies to example: 2c91808568c529c60168cca6f90c1313 name: type: string nullable: true description: Human-readable display name of the object this reference applies to example: William Wilson TaggedObject: type: object title: Tagged Object description: Tagged object. properties: objectRef: $ref: '#/components/schemas/TaggedObjectDto' tags: type: array items: type: string description: Labels to be applied to an Object example: - BU_FINANCE - PCI BulkAddTaggedObject: type: object title: Bulk Add Tagged Object properties: objectRefs: type: array items: $ref: '#/components/schemas/TaggedObjectDto' tags: type: array items: type: string description: Label to be applied to an Object example: - BU_FINANCE - PCI operation: type: string enum: - APPEND - MERGE default: APPEND description: |- If APPEND, tags are appended to the list of tags for the object. A 400 error is returned if this would add duplicate tags to the object. If MERGE, tags are merged with the existing tags. Duplicate tags are silently ignored. example: MERGE BulkTaggedObjectResponse: type: object title: Bulk Tagged Object Response properties: objectRefs: type: array items: $ref: '#/components/schemas/TaggedObjectDto' tags: type: array items: type: string description: Label to be applied to an Object example: - BU_FINANCE - PCI BulkRemoveTaggedObject: type: object title: Bulk Remove Tagged Object properties: objectRefs: type: array items: $ref: '#/components/schemas/TaggedObjectDto' tags: type: array items: type: string description: Label to be applied to an Object example: - BU_FINANCE - PCI WorkItemStateManualWorkItems: type: string enum: - Finished - Rejected - Returned - Expired - Pending - Canceled example: Finished description: The state of a work item WorkItemTypeManualWorkItems: type: string enum: - Generic - Certification - Remediation - Delegation - Approval - ViolationReview - Form - PolicyVioloation - Challenge - ImpactAnalysis - Signoff - Event - ManualAction - Test example: Generic description: The type of the work item RemediationItemDetails: type: object title: Remediation Item Details properties: id: type: string description: The ID of the certification example: 2c9180835d2e5168015d32f890ca1581 targetId: type: string description: The ID of the certification target example: 2c9180835d2e5168015d32f890ca1581 targetName: type: string description: The name of the certification target example: john.smith targetDisplayName: type: string description: The display name of the certification target example: emailAddress applicationName: type: string description: The name of the application/source example: Active Directory attributeName: type: string description: The name of the attribute being certified example: phoneNumber attributeOperation: type: string description: The operation of the certification on the attribute example: update attributeValue: type: string description: The value of the attribute being certified example: 512-555-1212 nativeIdentity: type: string description: The native identity of the target example: jason.smith2 WorkItemState: type: string nullable: true enum: - Finished - Rejected - Returned - Expired - Pending - Canceled - null example: Pending description: The state of a work item ApprovalItemDetails: type: object title: Approval Item Details properties: id: type: string description: The approval item's ID example: 2c9180835d2e5168015d32f890ca1581 account: type: string description: The account referenced by the approval item example: john.smith nullable: true application: type: string description: The name of the application/source example: Active Directory name: type: string description: The attribute's name example: emailAddress nullable: true operation: type: string description: The attribute's operation example: update value: type: string description: The attribute's value example: a@b.com nullable: true state: allOf: - $ref: '#/components/schemas/WorkItemState' - nullable: true FormItemDetails: type: object title: Form Item Details properties: name: type: string description: Name of the FormItem example: Field1 SectionDetails: type: object title: Section Details allOf: - $ref: '#/components/schemas/FormItemDetails' - type: object properties: label: type: string description: Label of the section example: Section 1 formItems: type: array items: type: object description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails example: [] FormDetails: type: object title: Form Details properties: id: type: string description: ID of the form example: 2c9180835d2e5168015d32f890ca1581 nullable: true name: type: string description: Name of the form example: AccountSelection Form nullable: true title: type: string description: The form title example: Account Selection for John.Doe subtitle: type: string description: The form subtitle. example: Please select from the following targetUser: type: string description: The name of the user that should be shown this form example: Jane.Doe sections: type: array items: $ref: '#/components/schemas/SectionDetails' description: Sections of the form WorkItemForward: type: object title: Work Item Forward required: - targetOwnerId - comment properties: targetOwnerId: type: string description: The ID of the identity to forward this work item to. example: 2c9180835d2e5168015d32f890ca1581 comment: type: string description: Comments to send to the target owner example: I'm going on vacation. sendNotifications: type: boolean description: If true, send a notification to the target owner. default: true example: true WorkflowModifiedBy: type: object properties: type: type: string enum: - IDENTITY example: IDENTITY id: type: string description: Identity ID example: 2c9180a46faadee4016fb4e018c20639 name: type: string description: Human-readable display name of identity. example: Thomas Edison WorkflowDefinition: type: object description: The map of steps that the workflow will execute. properties: start: type: string description: The name of the starting step. example: Send Email Test steps: type: object description: One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type. additionalProperties: true example: Send Email: actionId: sp:send-email attributes: body: This is a test from: sailpoint@sailpoint.com recipientId.$: $.identity.id subject: test nextStep: success selectResult: null type: ACTION success: type: success EventAttributes: title: Event Trigger Attributes type: object description: Attributes related to an IdentityNow ETS event additionalProperties: false required: - id properties: id: type: string description: The unique ID of the trigger example: idn:identity-attributes-changed nullable: true filter.$: type: string description: JSON path expression that will limit which events the trigger will fire on example: $.changes[?(@.attribute == 'manager')] nullable: true description: type: string description: Description of the event trigger example: Triggered when an identity's manager attribute changes nullable: true attributeToFilter: type: string description: The attribute to filter on example: LifecycleState nullable: true formDefinitionId: type: string description: Form definition's unique identifier. example: Admin_Access_Request_Form nullable: true ExternalAttributes: title: External Trigger Attributes type: object description: Attributes related to an external trigger additionalProperties: false properties: name: type: string description: A unique name for the external trigger example: search-and-notify nullable: true description: type: string description: Additional context about the external trigger example: Run a search and notify the results nullable: true clientId: type: string description: OAuth Client ID to authenticate with this trigger example: 87e239b2-b85b-4bde-b9a7-55bf304ddcdc nullable: true url: type: string description: URL to invoke this workflow example: https://example-tenant.api.identitynow.com/beta/workflows/execute/external/c79e0079-562c-4df5-aa73-60a9e25c916d nullable: true ScheduledAttributes: title: Scheduled Trigger Attributes type: object description: Attributes related to a scheduled trigger additionalProperties: false required: - frequency properties: frequency: type: string description: Frequency of execution example: daily enum: - daily - weekly - monthly - yearly - cronSchedule - null nullable: true timeZone: type: string description: Time zone identifier example: America/Chicago nullable: true cronString: type: string description: A valid CRON expression externalDocs: description: CRON expression editor url: https://crontab.guru/ example: 0 9 * * 1 nullable: true weeklyDays: type: array items: type: string example: Monday description: Scheduled days of the week for execution nullable: true weeklyTimes: type: array items: type: string example: Monday description: Scheduled execution times nullable: true yearlyTimes: type: array items: type: string example: '1969-12-31T09:00:00.000Z' description: Scheduled execution times nullable: true WorkflowTrigger: type: object description: The trigger that starts the workflow required: - type - attributes properties: type: type: string enum: - EVENT - EXTERNAL - SCHEDULED - '' example: EVENT description: The trigger type displayName: type: string nullable: true attributes: nullable: true anyOf: - $ref: '#/components/schemas/EventAttributes' - $ref: '#/components/schemas/ExternalAttributes' - $ref: '#/components/schemas/ScheduledAttributes' description: Workflow Trigger Attributes. WorkflowBody: type: object properties: name: type: string description: The name of the workflow example: Send Email owner: type: object description: The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request. properties: type: type: string enum: - IDENTITY example: IDENTITY description: The type of object that is referenced id: type: string description: The unique ID of the object example: 2c91808568c529c60168cca6f90c1313 name: type: string description: The name of the object example: William Wilson description: type: string description: Description of what the workflow accomplishes example: Send an email to the identity who's attributes changed. definition: $ref: '#/components/schemas/WorkflowDefinition' enabled: type: boolean description: Enable or disable the workflow. Workflows cannot be created in an enabled state. default: false example: false trigger: $ref: '#/components/schemas/WorkflowTrigger' Workflow: allOf: - type: object properties: id: type: string description: Workflow ID. This is a UUID generated upon creation. example: d201c5e9-d37b-4aff-af14-66414f39d569 executionCount: type: integer format: int32 description: The number of times this workflow has been executed. example: 2 failureCount: type: integer format: int32 description: The number of times this workflow has failed during execution. example: 0 created: type: string format: date-time description: The date and time the workflow was created. example: '2022-01-10T16:06:16.636381447Z' modified: type: string format: date-time description: The date and time the workflow was modified. example: '2023-12-05T15:18:27.699132301Z' modifiedBy: $ref: '#/components/schemas/WorkflowModifiedBy' creator: type: object description: Workflow creator's identity. properties: type: type: string description: Workflow creator's DTO type. enum: - IDENTITY example: IDENTITY id: type: string description: Workflow creator's identity ID. example: 2c7180a46faadee4016fb4e018c20642 name: type: string description: Workflow creator's display name. example: Michael Michaels - $ref: '#/components/schemas/WorkflowBody' WorkflowExecution: type: object properties: id: type: string description: Workflow execution ID. example: b393f4e2-4785-4d7f-ab27-3a6b8ded4c81 workflowId: type: string description: Workflow ID. example: d201c5d9-d37b-4a2f-af14-66414f39d568 requestId: type: string description: Backend ID that tracks a workflow request in the system. Provide this ID in a customer support ticket for debugging purposes. example: 41e12a74fa7b4a6a98ae47887b64acdb startTime: type: string format: date-time description: Date/time when the workflow started. example: '2022-02-07T20:13:29.356648026Z' closeTime: type: string format: date-time description: Date/time when the workflow ended. example: '2022-02-07T20:13:31.682410165Z' status: description: Workflow execution status. type: string enum: - Completed - Failed - Canceled - Queued - Running example: Completed WorkflowExecutionEvent: type: object properties: type: type: string description: The type of event enum: - WorkflowExecutionScheduled - WorkflowExecutionStarted - WorkflowExecutionCompleted - WorkflowExecutionFailed - WorkflowTaskScheduled - WorkflowTaskStarted - WorkflowTaskCompleted - WorkflowTaskFailed - ActivityTaskScheduled - ActivityTaskStarted - ActivityTaskCompleted - ActivityTaskFailed - StartChildWorkflowExecutionInitiated - ChildWorkflowExecutionStarted - ChildWorkflowExecutionCompleted - ChildWorkflowExecutionFailed example: WorkflowTaskScheduled timestamp: type: string format: date-time description: The date-time when the event occurred example: '2022-02-07T20:13:31.640618296Z' attributes: type: object description: Additional attributes associated with the event example: {} WorkflowLibraryFormFields: type: object properties: description: type: string description: Description of the form field example: First value to compare helpText: type: string description: Describes the form field in the UI example: The name to give to this certification campaign. label: type: string description: A human readable name for this form field in the UI example: Campaign Name name: type: string description: The name of the input attribute example: name required: type: boolean description: Denotes if this field is a required attribute example: false default: false type: description: The type of the form field type: string nullable: true enum: - text - textarea - boolean - email - url - number - json - checkbox - jsonpath - select - multiType - duration - toggle - formPicker - identityPicker - governanceGroupPicker - string - object - array - secret - keyValuePairs - emailPicker - advancedToggle - variableCreator - htmlEditor example: text WorkflowLibraryAction: title: Workflow Action type: object properties: id: type: string description: Action ID. This is a static namespaced ID for the action example: sp:create-campaign name: type: string description: Action Name example: Create Certification Campaign type: type: string description: Action type example: ACTION description: type: string description: Action Description example: Generates a certification campaign. formFields: nullable: true type: array description: One or more inputs that the action accepts items: $ref: '#/components/schemas/WorkflowLibraryFormFields' exampleOutput: oneOf: - type: object description: Example output - type: array items: type: object deprecated: type: boolean deprecatedBy: type: string format: date-time versionNumber: type: integer description: Version number isSimulationEnabled: type: boolean isDynamicSchema: type: boolean description: Determines whether the dynamic output schema is returned in place of the action's output schema. The dynamic schema lists non-static properties, like properties of a workflow form where each form has different fields. These will be provided dynamically based on available form fields. example: false default: false outputSchema: type: object description: Defines the output schema, if any, that this action produces. example: definitions: {} properties: autoRevokeAllowed: $id: '#sp:create-campaign/autoRevokeAllowed' default: true examples: - false title: autoRevokeAllowed type: boolean deadline: $id: '#sp:create-campaign/deadline' default: '' examples: - '2020-12-25T06:00:00.468Z' format: date-time pattern: ^.*$ title: deadline type: string description: $id: '#sp:create-campaign/description' default: '' examples: - A review of everyone's access by their manager. pattern: ^.*$ title: description type: string emailNotificationEnabled: $id: '#sp:create-campaign/emailNotificationEnabled' default: true examples: - false title: emailNotificationEnabled type: boolean filter: $id: '#sp:create-campaign/filter' properties: id: $id: '#sp:create-campaign/filter/id' default: '' examples: - e0adaae69852e8fe8b8a3d48e5ce757c pattern: ^.*$ title: id type: string type: $id: '#sp:create-campaign/filter/type' default: '' examples: - CAMPAIGN_FILTER pattern: ^.*$ title: type type: string title: filter type: object id: $id: '#sp:create-campaign/id' default: '' examples: - 2c918086719eec070171a7e3355a360a pattern: ^.*$ title: id type: string name: $id: '#sp:create-campaign/name' default: '' examples: - Manager Review pattern: ^.*$ title: name type: string recommendationsEnabled: $id: '#sp:create-campaign/recommendationsEnabled' default: true examples: - false title: recommendationEnabled type: boolean type: $id: '#sp:create-campaign/type' default: '' examples: - MANAGER pattern: ^.*$ title: type type: string title: sp:create-campaign type: object WorkflowLibraryTrigger: title: Workflow Trigger type: object properties: id: type: string description: Trigger ID. This is a static namespaced ID for the trigger. example: idn:identity-attributes-changed type: description: Trigger type type: string enum: - EVENT - SCHEDULED - EXTERNAL example: EVENT deprecated: type: boolean deprecatedBy: type: string format: date-time isSimulationEnabled: type: boolean outputSchema: type: object description: Example output schema name: type: string description: Trigger Name example: Identity Attributes Changed description: type: string description: Trigger Description example: One or more identity attributes changed. isDynamicSchema: type: boolean description: Determines whether the dynamic output schema is returned in place of the action's output schema. The dynamic schema lists non-static properties, like properties of a workflow form where each form has different fields. These will be provided dynamically based on available form fields. example: false default: false inputExample: type: object description: Example trigger payload if applicable nullable: true externalDocs: description: List of triggers and their input schemas url: https://developer.sailpoint.com/docs/extensibility/event-triggers/available example: changes: - attribute: department newValue: marketing oldValue: sales - attribute: manager newValue: id: ee769173319b41d19ccec6c235423236c name: mean.guy type: IDENTITY oldValue: id: ee769173319b41d19ccec6c235423237b name: nice.guy type: IDENTITY - attribute: email newValue: john.doe@gmail.com oldValue: john.doe@hotmail.com identity: id: ee769173319b41d19ccec6cea52f237b name: john.doe type: IDENTITY formFields: type: array nullable: true description: One or more inputs that the trigger accepts example: [] items: $ref: '#/components/schemas/WorkflowLibraryFormFields' WorkflowLibraryOperator: title: Workflow Operator type: object properties: id: type: string description: Operator ID. example: sp:compare-boolean name: type: string description: Operator friendly name example: Compare Boolean Values type: description: Operator type type: string example: OPERATOR description: type: string description: Description of the operator example: Compare two boolean values and decide what happens based on the result. isDynamicSchema: type: boolean description: Determines whether the dynamic output schema is returned in place of the action's output schema. The dynamic schema lists non-static properties, like properties of a workflow form where each form has different fields. These will be provided dynamically based on available form fields. example: false deprecated: type: boolean deprecatedBy: type: string format: date-time isSimulationEnabled: type: boolean formFields: type: array nullable: true description: One or more inputs that the operator accepts items: $ref: '#/components/schemas/WorkflowLibraryFormFields' example: - description: Enter the JSONPath to a value from the input to compare to Variable B. helpText: '' label: Variable A name: variableA.$ required: true type: text - helpText: Select an operation. label: Operation name: operator options: - label: Equals value: BooleanEquals required: true type: select - description: Enter the JSONPath to a value from the input to compare to Variable A. helpText: '' label: Variable B name: variableB.$ required: false type: text - description: Enter True or False. helpText: '' label: Variable B name: variableB required: false type: text WorkflowOAuthClient: type: object properties: id: type: string description: OAuth client ID for the trigger. This is a UUID generated upon creation. example: 1a58c03a6bf64dc2876f6988c6e2c7b7 secret: type: string description: OAuthClient secret. example: 00cc24a7fe810fe06a7cb38bc168ae104d703c7abb296f9944dc68e69ddb578b url: type: string description: URL for the external trigger to invoke example: https://example-tenant.api.identitynow.com/beta/workflows/execute/external/c17bea3a-574d-453c-9e04-4365fbf5af0b ManualDiscoverApplicationsTemplate: type: object title: Manual Discover Applications Template properties: application_name: type: string description: Name of the application. example: Example Application description: type: string description: Description of the application. example: Example Description ManualDiscoverApplications: type: object title: Manual Discover Applications properties: file: type: string format: binary description: The CSV file to upload containing `application_name` and `description` columns. Each row represents an application to be discovered. example: |- application_name,description "Sample App","This is a sample description for Sample App." "Another App","Description for Another App." required: - file SlimDiscoveredApplications: type: object description: Discovered applications title: Slim Discovered Application properties: id: type: string format: uuid description: Unique identifier for the discovered application. example: 2d9180835d2e5168015d32f890ca1581 name: type: string description: Name of the discovered application. example: ExampleApp discoverySource: type: string description: Source from which the application was discovered. example: csv discoveredVendor: type: string description: The vendor associated with the discovered application. example: ExampleVendor description: type: string description: A brief description of the discovered application. example: An application for managing examples. recommendedConnectors: type: array items: type: string description: List of recommended connectors for the application. example: - ConnectorA - ConnectorB discoveredAt: type: string format: date-time description: The timestamp when the application was last received via an entitlement aggregation invocation or a manual csv upload, in ISO 8601 format. example: '2023-01-01T12:00:00Z' createdAt: type: string format: date-time description: The timestamp when the application was first discovered, in ISO 8601 format. example: '2023-01-01T12:00:00Z' status: type: string description: |- The status of an application within the discovery source. By default this field is set to "ACTIVE" when the application is discovered. If an application has been deleted from within the discovery source, the status will be set to "INACTIVE". example: ACTIVE FullDiscoveredApplications: type: object description: Discovered applications with their respective associated sources title: Discovered Application properties: id: type: string format: uuid description: Unique identifier for the discovered application. example: 2d9180835d2e5168015d32f890ca1581 name: type: string description: Name of the discovered application. example: ExampleApp discoverySource: type: string description: Source from which the application was discovered. example: csv discoveredVendor: type: string description: The vendor associated with the discovered application. example: ExampleVendor description: type: string description: A brief description of the discovered application. example: An application for managing examples. recommendedConnectors: type: array items: type: string description: List of recommended connectors for the application. example: - ConnectorA - ConnectorB discoveredAt: type: string format: date-time description: The timestamp when the application was last received via an entitlement aggregation invocation or a manual csv upload, in ISO 8601 format. example: '2023-01-01T12:00:00Z' createdAt: type: string format: date-time description: The timestamp when the application was first discovered, in ISO 8601 format. example: '2023-01-01T12:00:00Z' status: type: string description: |- The status of an application within the discovery source. By default this field is set to "ACTIVE" when the application is discovered. If an application has been deleted from within the discovery source, the status will be set to "INACTIVE". example: ACTIVE associatedSources: type: array items: type: string format: uuid description: List of associated sources related to this discovered application. example: - e0cc5d7d-bf7f-4f81-b2af-8885b09d9923 - a0303682-5e4a-44f7-bdc2-6ce6112549c1 parameters: limit: in: query name: limit description: |- Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. required: false example: 250 schema: type: integer format: int32 minimum: 0 maximum: 250 default: 250 offset: in: query name: offset description: |- Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. required: false example: 0 schema: type: integer format: int32 minimum: 0 default: 0 count: in: query name: count description: |- If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. required: false example: true schema: type: boolean default: false limit50: in: query name: limit description: |- Note that for this API the maximum value for limit is 50. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. required: false example: 50 schema: type: integer format: int32 minimum: 0 maximum: 50 default: 50 id: in: path name: id description: ID of the requested document. schema: type: string required: true example: 2c91808568c529c60168cca6f90c1313 x-sailpoint-resource-operation-id: - listAccessProfiles - listAccountActivities - listEntitlements - listRoles - listIdentities searchlimit: in: query name: limit description: |- Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. required: false example: 10000 schema: type: integer format: int32 minimum: 0 maximum: 10000 default: 250 index: in: path name: index description: | The index from which to fetch the specified document. The currently supported index names are: *accessprofiles*, *accountactivities*, *entitlements*, *events*, *identities*, and *roles*. schema: type: string enum: - accessprofiles - accountactivities - entitlements - events - identities - roles required: true example: identities responses: '202': description: Accepted - Returned if the request was successfully accepted into the system. content: application/json: schema: type: object '204': description: No content - indicates the request was successful but there is no content to be returned in the response. '400': description: Client Error - Returned if the request body is invalid. content: application/json: schema: $ref: '#/components/schemas/ErrorResponseDto' '401': description: Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. content: application/json: schema: type: object properties: error: description: A message describing the error example: 'JWT validation failed: JWT is expired' '403': description: Forbidden - Returned if the user you are running as, doesn't have access to this end-point. content: application/json: schema: $ref: '#/components/schemas/ErrorResponseDto' examples: '403': summary: An example of a 403 response object value: detailCode: 403 Forbidden trackingId: b21b1f7ce4da4d639f2c62a57171b427 messages: - locale: en-US localeOrigin: DEFAULT text: The server understood the request but refuses to authorize it. '404': description: Not Found - returned if the request URL refers to a resource or object that does not exist content: application/json: schema: $ref: '#/components/schemas/ErrorResponseDto' examples: '404': summary: An example of a 404 response object value: detailCode: 404 Not found trackingId: b21b1f7ce4da4d639f2c62a57171b427 messages: - locale: en-US localeOrigin: DEFAULT text: The server did not find a current representation for the target resource. '429': description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. content: application/json: schema: type: object properties: message: description: A message describing the error example: ' Rate Limit Exceeded ' '500': description: Internal Server Error - Returned if there is an unexpected error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponseDto' examples: '500': summary: An example of a 500 response object value: detailCode: 500.0 Internal Fault trackingId: b21b1f7ce4da4d639f2c62a57171b427 messages: - locale: en-US localeOrigin: DEFAULT text: An internal fault occurred. examples: SlimCampaigns: description: List of Slim Campaigns that would result from not specifying *detail* or specifying SLIM value: - id: 2c918086719eec070171a7e3355a360a name: Manager Review description: A review of everyone's access by their manager. deadline: '2020-12-25T06:00:00.123Z' type: MANAGER status: ACTIVE emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false created: '2022-08-02T19:00:27.731Z' totalCertifications: 10 completedCertifications: 3 alerts: - level: ERROR localizations: - locale: en localeOrigin: DEFAULT text: Composite criterion must have children non-composite criterion must not. - id: 7e1a731e3fb845cfbe58112ba4673ee4 name: Search Campaign description: Search Campaign Info deadline: '2022-07-26T15:42:44Z' type: SEARCH status: ACTIVE emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false created: '2022-07-25T15:42:18.276Z' totalCertifications: 5 completedCertifications: 3 alerts: null - id: 2c918086719eec070171a7e3355a412b name: AD Source Review description: A review of our AD source. deadline: '2020-12-25T06:00:00.123Z' type: SOURCE_OWNER status: STAGED emailNotificationEnabled: true autoRevokeAllowed: false recommendationsEnabled: false correlatedStatus: CORRELATED created: '2022-07-27T17:04:19.027Z' totalCertifications: 7 completedCertifications: 3 alerts: - level: WARN localizations: - locale: en localeOrigin: DEFAULT text: Composite criterion is in wrong format. - id: 3b2e2e5821e84127b6d693d41c40623b name: Role Composition Campaign description: A review done by a role owner. deadline: '2020-12-25T06:00:00.468Z' type: ROLE_COMPOSITION status: ACTIVE emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false created: '2022-08-02T20:29:51.065Z' totalCertifications: 1 completedCertifications: 1 alerts: null FullCampaigns: description: List of Campaigns that would result from specifying *detail* as FULL value: - id: 078696a575e045c68d6722ccdb9f101d name: Role Composition Campaign description: A review done by a role owner. deadline: '2020-12-25T06:00:00.468Z' type: ROLE_COMPOSITION status: ERROR emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false modified: '2022-08-02T20:29:51.331Z' filter: type: CAMPAIGN_FILTER id: 0fbe863c063c4c88a35fd7f17e8a3df5 name: Test Role Composition Filter sunsetCommentsRequired: true sourceOwnerCampaignInfo: null searchCampaignInfo: null roleCompositionCampaignInfo: remediatorRef: type: IDENTITY id: 7ec252acbd4245548bc25df22348cb75 name: SailPoint Support reviewerId: null reviewer: null roleIds: - b15d609fc5c8434b865fe552315fda8f query: null description: null sourcesWithOrphanEntitlements: null mandatoryCommentRequirement: NO_DECISIONS - id: 1be8fc1103914bf0a4e14e316b6a7b7c name: Manager Review description: A review of everyone's access by their manager. deadline: '2020-12-25T06:00:00.468Z' type: MANAGER status: STAGED emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false modified: '2022-08-02T19:00:34.391Z' filter: type: CAMPAIGN_FILTER id: 0fbe863c063c4c88a35fd7f17e8a3df5 name: Test Manager Filter sunsetCommentsRequired: true sourceOwnerCampaignInfo: null searchCampaignInfo: null roleCompositionCampaignInfo: null sourcesWithOrphanEntitlements: [] mandatoryCommentRequirement: NO_DECISIONS - id: 7e1a731e3fb845cfbe58112ba4673ee4 name: Search Campaign description: Search Campaign for Identities deadline: '2022-07-26T15:42:44Z' type: SEARCH status: ACTIVE emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false modified: '2022-07-25T15:42:53.718Z' filter: type: CAMPAIGN_FILTER id: 0fbe863c063c4c88a35fd7f17e8a3df5 name: Test Search Filter sunsetCommentsRequired: true sourceOwnerCampaignInfo: null searchCampaignInfo: type: IDENTITY description: Example of Search Campaign reviewer: type: IDENTITY id: 7ec252acbd4245548bc25df22348cb75 name: null query: user identityIds: null accessConstraints: [] roleCompositionCampaignInfo: null sourcesWithOrphanEntitlements: [] mandatoryCommentRequirement: NO_DECISIONS - id: ad3cf3dd50394b1bad646de4bc51b999 name: Source Owner Campaign description: Example for Source Owner Campaign deadline: '2022-08-10T17:09:02Z' type: SOURCE_OWNER status: ACTIVE emailNotificationEnabled: true autoRevokeAllowed: false recommendationsEnabled: false modified: '2022-07-27T17:09:13.925Z' filter: type: CAMPAIGN_FILTER id: 0fbe863c063c4c88a35fd7f17e8a3df5 name: Test Source Owner Filter sunsetCommentsRequired: true sourceOwnerCampaignInfo: sourceIds: - 2c91808781fd5aea01821200dc88318e searchCampaignInfo: null roleCompositionCampaignInfo: null sourcesWithOrphanEntitlements: [] correlatedStatus: CORRELATED mandatoryCommentRequirement: NO_DECISIONS CreateCampaignManager: value: name: Manager Review description: A review of everyone's access by their manager. deadline: '2020-12-25T06:00:00.468Z' type: MANAGER emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false filter: type: CAMPAIGN_FILTER id: 0c46fb26c6b20967a55517ee90d15b93 mandatoryCommentRequirement: NO_DECISIONS CreateCampaignSearch: value: name: Search Campaign description: Search Campaign deadline: '2020-12-25T06:00:00.468Z' type: SEARCH emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false filter: type: CAMPAIGN_FILTER id: 0c46fb26c6b20967a55517ee90d15b93 searchCampaignInfo: type: ACCESS query: user mandatoryCommentRequirement: NO_DECISIONS CreateCampaignSourceOwner: value: name: Source Owner description: Source Owner Info deadline: '2020-12-25T06:00:00.468Z' type: SOURCE_OWNER emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false filter: type: CAMPAIGN_FILTER id: 0c46fb26c6b20967a55517ee90d15b93 sourceOwnerCampaignInfo: sourceIds: - 612b31b1a0f04aaf83123bdb80e70db6 correlatedStatus: CORRELATED mandatoryCommentRequirement: NO_DECISIONS CreateCampaignRoleComposition: value: name: Role Composition Campaign description: A review done by a role owner. deadline: '2020-12-25T06:00:00.468Z' type: ROLE_COMPOSITION emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false filter: type: CAMPAIGN_FILTER id: 0c46fb26c6b20967a55517ee90d15b93 roleCompositionCampaignInfo: remediatorRef: type: IDENTITY id: 7ec252acbd4245548bc25df22348cb75 name: SailPoint Support roleIds: - b15d609fc5c8434b865fe552315fda8f mandatoryCommentRequirement: NO_DECISIONS CreateCampaignMachineAccount: value: name: Machine Account Owner Campaign description: A review done by a Machine Account's owner. deadline: '2024-12-25T06:00:00.468Z' type: MACHINE_ACCOUNT emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false filter: type: CAMPAIGN_FILTER id: 0c46fb26c6b20967a55517ee90d15b93 machineAccountCampaignInfo: sourceIds: - d988f117b7624a16ab0b64c439d5dbb8 reviewerType: ACCOUNT_OWNER FullCampaignManager: value: id: 5594f43b76804a6980ece5fdccf74be7 name: Manager Review description: A review of everyone's access by their manager. deadline: '2020-12-25T06:00:00.468Z' type: MANAGER status: PENDING emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false created: '2022-08-02T20:21:18.421Z' modified: null filter: type: CAMPAIGN_FILTER id: 0fbe863c063c4c88a35fd7f17e8a3df5 name: Test Manager Filter sunsetCommentsRequired: true sourceOwnerCampaignInfo: null searchCampaignInfo: null roleCompositionCampaignInfo: null machineAccountCampaignInfo: null alerts: null totalCertifications: 0 completedCertifications: 0 sourcesWithOrphanEntitlements: null mandatoryCommentRequirement: NO_DECISIONS FullCampaignSearch: value: id: ec041831cb2147778b594feb9d8db44a name: Search Campaign description: Search Campaign deadline: '2020-12-25T06:00:00.468Z' type: SEARCH status: PENDING emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false created: '2022-08-03T13:54:34.344Z' modified: null filter: type: CAMPAIGN_FILTER id: 0fbe863c063c4c88a35fd7f17e8a3df5 name: Test Search Filter sunsetCommentsRequired: true sourceOwnerCampaignInfo: null searchCampaignInfo: type: ACCESS description: user reviewer: type: IDENTITY id: 7ec252acbd4245548bc25df22348cb75 name: null query: user identityIds: null accessConstraints: [] roleCompositionCampaignInfo: null machineAccountCampaignInfo: null alerts: null totalCertifications: 0 completedCertifications: 0 sourcesWithOrphanEntitlements: null mandatoryCommentRequirement: NO_DECISIONS FullCampaignSourceOwner: value: id: fd7b76ba4ea042de8a9414aa12fc977a name: Source Owner description: Source Owner Info deadline: '2020-12-25T06:00:00.468Z' type: SOURCE_OWNER status: PENDING emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false created: '2022-08-03T13:34:19.541Z' modified: null filter: type: CAMPAIGN_FILTER id: 0fbe863c063c4c88a35fd7f17e8a3df5 name: Test Source Owner Filter sunsetCommentsRequired: true sourceOwnerCampaignInfo: null sourceIds: - 612b31b1a0f04aaf83123bdb80e70db6 searchCampaignInfo: null roleCompositionCampaignInfo: null machineAccountCampaignInfo: null alerts: null totalCertifications: 0 completedCertifications: 0 sourcesWithOrphanEntitlements: null correlatedStatus: CORRELATED mandatoryCommentRequirement: NO_DECISIONS FullCampaignRoleComposition: value: id: 3b2e2e5821e84127b6d693d41c40623b name: Role Composition Campaign description: A review done by a role owner. deadline: '2020-12-25T06:00:00.468Z' type: ROLE_COMPOSITION status: PENDING emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false created: '2022-08-02T20:30:46.083Z' modified: null filter: type: CAMPAIGN_FILTER id: 0fbe863c063c4c88a35fd7f17e8a3df5 name: Test Role Composition Filter sunsetCommentsRequired: true sourceOwnerCampaignInfo: null searchCampaignInfo: null roleCompositionCampaignInfo: remediatorRef: type: IDENTITY id: 7ec252acbd4245548bc25df22348cb75 name: SailPoint Support reviewerId: null reviewer: null roleIds: - b15d609fc5c8434b865fe552315fda8f query: null description: null alerts: null totalCertifications: 0 completedCertifications: 0 sourcesWithOrphanEntitlements: null machineAccountCampaignInfo: null mandatoryCommentRequirement: NO_DECISIONS FullCampaignMachineAccount: value: id: 3e9ff3d6555e4721b74695d5b578e847 name: Machine Account Owner Campaign description: A review done by a machine account's owner. deadline: '2024-05-07T19:43:38.186Z' type: MACHINE_ACCOUNT status: PENDING emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false created: '2024-04-23T19:43:38.355Z' modified: '2024-04-23T19:43:38.355Z' filter: null sunsetCommentsRequired: true mandatoryCommentRequirement: NO_DECISIONS sourceOwnerCampaignInfo: null searchCampaignInfo: null roleCompositionCampaignInfo: null totalCertifications: 0 completedCertifications: 0 alerts: null correlatedStatus: CORRELATED sourcesWithOrphanEntitlements: [] machineAccountCampaignInfo: sourceIds: - d988f117b7624a16ab0b64c439d5dbb8 reviewerType: ACCOUNT_OWNER SlimCampaignManager: value: id: 2c918086719eec070171a7e3355a360a name: Manager Review description: A review of everyone's access by their manager. deadline: '2020-12-25T06:00:00.123Z' type: MANAGER status: ACTIVE emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false SlimCampaignSearch: value: id: 7e1a731e3fb845cfbe58112ba4673ee4 name: Search Campaign description: Search Campaign Info deadline: '2022-07-26T15:42:44Z' type: SEARCH status: ACTIVE emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false SlimCampaignSourceOwner: value: id: 2c918086719eec070171a7e3355a412b name: AD Source Review description: A review of our AD source. deadline: '2020-12-25T06:00:00.123Z' type: SOURCE_OWNER status: STAGED emailNotificationEnabled: true autoRevokeAllowed: false recommendationsEnabled: false correlatedStatus: CORRELATED SlimCampaignRoleComposition: value: id: 3b2e2e5821e84127b6d693d41c40623b name: Role Composition Campaign description: A review done by a role owner. deadline: '2020-12-25T06:00:00.468Z' type: ROLE_COMPOSITION status: ACTIVE emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false CreateCampaignTemplateManager: description: This creates a template that can be used to generate manager campaigns. The campaigns will have a due date that is two weeks after their creation date, and will be named "{current date} Manager Review" (e.g. "2020-03-16 Manager Review"). value: name: Manager Review description: A review of everyone's access by their manager. deadlineDuration: P2W campaign: name: Manager Review description: Review everyone's access. type: MANAGER filter: type: CAMPAIGN_FILTER id: e0adaae69852e8fe8b8a3d48e5ce757c emailNotificationEnabled: true autoRevokeAllowed: false recommendationsEnabled: false mandatoryCommentRequirement: NO_DECISIONS CreateCampaignTemplateSearch: description: This creates a template that can be used to generate search access campaigns. The campaigns will cover the "reporter" access item for across all identities. value: name: Reporting Access Review description: A review of everyone's access to the reporting system. deadlineDuration: P2W campaign: name: Search Review description: Review everyone's access to the reporting system. type: SEARCH filter: type: CAMPAIGN_FILTER id: e0adaae69852e8fe8b8a3d48e5ce757c searchCampaignInfo: type: ACCESS query: '@access(name: ("reporter"))' description: Identities with reporting abilities emailNotificationEnabled: true autoRevokeAllowed: false recommendationsEnabled: false mandatoryCommentRequirement: NO_DECISIONS CreateCampaignTemplateSourceOwner: description: This creates a template that can be used to generate source owner campaigns. The campaigns will have a due date that is one month after their creation date, and will review one source. value: name: AD Source Review description: A review of our AD source. deadlineDuration: P1M campaign: name: Source Review description: Review everyone's access. type: SOURCE_OWNER filter: type: CAMPAIGN_FILTER id: e0adaae69852e8fe8b8a3d48e5ce757c sourceOwnerCampaignInfo: sourceIds: - 2c918084707deba501709d45ce4e5569 emailNotificationEnabled: true autoRevokeAllowed: false recommendationsEnabled: false correlatedStatus: CORRELATED mandatoryCommentRequirement: NO_DECISIONS CreateCampaignTemplateRoleComposition: description: This creates a template that can be used to generate role composition campaigns. The campaigns will have a due date that is two weeks after their creation date, and will be named "{current date} Role Composition Review" (e.g. "2020-03-16 Role Composition Review"). value: name: Role Composition Review description: A review of every role's access items, by the specified reviewer. deadlineDuration: P2W campaign: name: Role Composition Review description: Review all our roles. type: ROLE_COMPOSITION roleCompositionCampaignInfo: remediatorRef: type: IDENTITY id: 2c9180876ab2c053016ab6f65dfd5aaa emailNotificationEnabled: true autoRevokeAllowed: false recommendationsEnabled: false mandatoryCommentRequirement: NO_DECISIONS CampaignTemplateManager: value: id: e7dbec99d49349c8951bd84f58a05120 name: Manager Review created: '2022-08-02T19:16:42.632Z' modified: null description: A review of everyone's access by their manager. deadlineDuration: P14D ownerRef: email: support@testmail.identitysoon.com type: IDENTITY id: 7ec252acbd4245548bc25df22348cb75 name: SailPoint Support scheduled: false campaign: created: null modified: null filter: type: CAMPAIGN_FILTER id: e0adaae69852e8fe8b8a3d48e5ce757c name: Test Manager Filter sunsetCommentsRequired: true sourceOwnerCampaignInfo: null searchCampaignInfo: null roleCompositionCampaignInfo: null alerts: null totalCertifications: null completedCertifications: null sourcesWithOrphanEntitlements: null id: null name: Manager Review description: Review everyone's access. deadline: null type: MANAGER status: null emailNotificationEnabled: true autoRevokeAllowed: false recommendationsEnabled: false correlatedStatus: CORRELATED mandatoryCommentRequirement: NO_DECISIONS CampaignTemplateSearch: value: id: b7e6459eed5247ac8b98a5fed81fe27f name: Reporting Access Review created: '2022-07-28T19:19:40.035Z' modified: null description: A review of everyone's access to the reporting system. deadlineDuration: P14D ownerRef: email: support@testmail.identitysoon.com type: IDENTITY id: 7ec252acbd4245548bc25df22348cb75 name: SailPoint Support scheduled: false campaign: created: null modified: null filter: type: CAMPAIGN_FILTER id: e0adaae69852e8fe8b8a3d48e5ce757c name: Test Search Filter sunsetCommentsRequired: true sourceOwnerCampaignInfo: null searchCampaignInfo: type: ACCESS description: Identities with reporting abilities reviewerId: null reviewer: null query: '@access(name: ("reporter"))' identityIds: null accessConstraints: [] roleCompositionCampaignInfo: null alerts: null totalCertifications: null completedCertifications: null sourcesWithOrphanEntitlements: null id: null name: Search Campaign Review description: Review everyone's access to the reporting system. deadline: null type: SEARCH status: null emailNotificationEnabled: true autoRevokeAllowed: false recommendationsEnabled: false correlatedStatus: CORRELATED mandatoryCommentRequirement: NO_DECISIONS CampaignTemplateSourceOwner: value: id: b9f41bc69e7a4291b9de0630396d030d name: AD Source Review created: '2022-08-02T13:40:36.857Z' modified: null description: A review of our AD source. deadlineDuration: P1M ownerRef: email: support@testmail.identitysoon.com type: IDENTITY id: 7ec252acbd4245548bc25df22348cb75 name: SailPoint Support scheduled: false campaign: created: null modified: null filter: type: CAMPAIGN_FILTER id: e0adaae69852e8fe8b8a3d48e5ce757c name: Test Source Owner Filter sunsetCommentsRequired: true sourceOwnerCampaignInfo: sourceIds: - 2c918084707deba501709d45ce4e5569 searchCampaignInfo: null roleCompositionCampaignInfo: null alerts: null totalCertifications: null completedCertifications: null sourcesWithOrphanEntitlements: null id: null name: AD Source Review description: Review everyone's access. deadline: null type: SOURCE_OWNER status: null emailNotificationEnabled: true autoRevokeAllowed: false recommendationsEnabled: false correlatedStatus: CORRELATED mandatoryCommentRequirement: NO_DECISIONS CampaignTemplateRoleComposition: value: id: b9f41bc69e7a4291b9de0630396d030d name: Campaign With Admin Role created: '2022-08-02T13:40:36.857Z' modified: null description: Campaign With Admin Role deadlineDuration: null ownerRef: email: support@testmail.identitysoon.com type: IDENTITY id: 7ec252acbd4245548bc25df22348cb75 name: SailPoint Support scheduled: false campaign: created: null modified: null filter: null sunsetCommentsRequired: true sourceOwnerCampaignInfo: null searchCampaignInfo: null roleCompositionCampaignInfo: remediatorRef: type: IDENTITY id: 7ec252acbd4245548bc25df22348cb75 name: SailPoint Support reviewerId: null reviewer: null roleIds: - b15d609fc5c8434b865fe552315fda8f query: null description: null alerts: null totalCertifications: null completedCertifications: null sourcesWithOrphanEntitlements: null id: null name: Campaign With Admin Role description: Campaign With Admin Role deadline: null type: ROLE_COMPOSITION status: null emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false correlatedStatus: CORRELATED mandatoryCommentRequirement: NO_DECISIONS client-log-configuration-duration-minutes: summary: Duration minutes value: clientId: 3a38a51992e8445ab51a549c0a70ee66 durationMinutes: 120 rootLevel: INFO logLevels: sailpoint.connector.ADLDAPConnector: TRACE sailpoint.connector.JDBCConnector: DEBUG client-log-configuration-expiration: summary: Expiration value: clientId: 3a38a51992e8445ab51a549c0a70ee66 expiration: '2024-11-06T01:31:08.013164Z' rootLevel: INFO logLevels: sailpoint.connector.ADLDAPConnector: TRACE sailpoint.connector.JDBCConnector: DEBUG execute-scheduled: summary: Triggered by scheduled search value: scheduleId: 7a724640-0c17-4ce9-a8c3-4a89738459c8 execute-test: summary: Triggered by ui test value: owner: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 recipients: - type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 query-accessprofiles: summary: Query for access profiles value: indices: - accessprofiles query: query: requestable:true query-accountactivities: summary: Query for acccount activities value: indices: - accountactivities query: query: sources:"Active Directory" query-entitlements: summary: Query for entitlements value: indices: - entitlements query: query: source.name:Finance query-events: summary: Query for events value: indices: - events query: query: type:PROVISIONING query-identities: summary: Query for identities value: indices: - identities query: query: attributes.cloudLifecycleState:active query-roles: summary: Query for roles value: indices: - roles query: query: enabled:true query-fields: summary: Query with fields value: indices: - identities query: query: '"John Doe"' fields: - name query-timeZone: summary: Query with timezone value: indices: - identities query: query: 'created: [2022-05-19T19:26:03.351Z TO now]' timeZone: America/Los_Angeles query-innerHit: summary: Query with innerhit value: indices: - identities query: query: '"John Doe"' innerHit: type: access query: source.name:"Active Directory" typeAheadQuery: summary: Typeahead query value: indices: - identities queryType: TYPEAHEAD typeAheadQuery: field: name query: Jo maxExpansions: 50 size: 100 sort: desc sortByValue: false typeAheadQuery-nestedType: summary: Typeahead query with nestedtype value: indices: - identities queryType: TYPEAHEAD typeAheadQuery: field: source.name nestedType: access query: Work maxExpansions: 50 size: 100 sort: desc sortByValue: false filter-exists: summary: Filter with exists value: indices: - identities query: query: attributes.city:Austin filters: attributes.personalEmail: type: EXISTS exclude: true filter-range: summary: Filter with range value: indices: - identities query: query: attributes.city:London timeZone: Europe/London filters: accessCount: type: RANGE range: lower: value: '3' created: type: RANGE range: lower: value: '2023-12-01' inclusive: true upper: value: '2025-01-01' filter-terms: summary: Filter with terms value: indices: - identities query: query: attributes.city:London filters: source.name: type: TERMS terms: - HR Employees - Corporate Active Directory exclude: true isManager: type: TERMS terms: - 'true' accessProfiles: summary: A collection of access profiles value: - id: 13b856dd9a264206954b63ecbb57a853 name: Cloud Eng description: Cloud Eng source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory entitlements: - hasPermissions: false attribute: memberOf value: CN=Cloud Engineering,DC=sailpoint,DC=com schema: group privileged: false id: 7372eaddd75749bd89a2e76a363eb891 name: Cloud Engineering description: Cloud Engineering entitlementCount: 1 segments: [] segmentCount: 0 apps: [] created: '2024-09-16T17:41:25Z' modified: '2024-09-16T19:30:54Z' synced: '2025-02-12T06:32:40.156Z' enabled: true requestable: true requestCommentsRequired: false owner: id: ff8081815757d36a015757d42e56031e name: SailPoint Support type: IDENTITY email: cloud-support@sailpoint.com tags: - TAG_1 - TAG_2 _type: accessprofile type: accessprofile pod: pod01-useast1 org: org-name _version: v2 accountActivities: summary: A collection of account activities value: - id: 6f76c3add1db4ba8bbe0d42aaceb7a07 _type: accountactivity type: accountactivity requester: name: Amos.Cunningham id: ef1e2a36099447cb9448c68e1804dd9f type: Identity sources: Active Directory created: '2025-01-02T21:45:59.795Z' accountRequests: - result: status: committed accountId: CN=Amos Cunningham,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com op: Modify provisioningTarget: name: Active Directory id: 5c71ff71195b4794a0b87e7cf36fb017 type: ADLDAPConnector source: name: Active Directory id: 5c71ff71195b4794a0b87e7cf36fb017 type: ADLDAPConnector attributeRequests: - op: Add name: memberOf value: CN=HelpDesk,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com stage: Completed originalRequests: - result: status: Manual Task Created accountId: CN=Amos Cunningham,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com op: Modify accountUuid: '{17413e85-1c08-4bb0-b658-9afdaad11d0a}' source: name: Active Directory id: 5c71ff71195b4794a0b87e7cf36fb017 type: ADLDAPConnector attributeRequests: - op: Add name: memberOf value: CN=HelpDesk,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com expansionItems: [] approvals: - owner: name: tina.smith id: 322c6bce405a495a8e841a014b7d8410 type: Identity result: Finished attributeRequest: op: Add name: memberOf value: - CN=HelpDesk,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com accountUuid: '{17413e85-1c08-4bb0-b658-9afdaad11d0a}' modified: '2025-01-02T21:47:16.903Z' source: name: Active Directory id: 5c71ff71195b4794a0b87e7cf36fb017 type: ADLDAPConnector recipient: name: Amos.Cunningham id: ef1e2a36099447cb9448c68e1804dd9f type: Identity action: Access Request modified: '2025-01-02T21:47:16.903Z' trackingNumber: 051d09b0bb5b453d91f658ba7f1e3171 status: Complete pod: pod01-useast1 org: org-name synced: '2025-01-02T21:47:16.953Z' _version: v2 entitlements: summary: A collection of entitlements value: - id: 2c9180867dde18d1017de8ea1f5c130f name: Vendor Creation displayName: Vendor Creation created: '2021-12-23T20:09:57.340Z' modified: '2023-05-02T06:31:19.357Z' attribute: groups value: VC sourceSchemaObjectType: group schema: group privileged: false cloudGoverned: false hash: 22ac1f7a13c8a462c67ee74f5fcbf06a277cce50 description: Set up new AP vendors requestable: false source: id: 2c9180887de347a7017de8e75fa5570a type: SOURCE name: Finance containsDataAccess: 'false' pod: pod01-useast1 org: org-name synced: '2024-11-07T16:29:06.131Z' _type: entitlement type: entitlement _version: v2 events: summary: A collection of events value: - id: 001909ce8cc3b519436197105426b18b5fc6ca179803c0c3702e9038107bec78 stack: wps synced: '2023-06-01T22:01:38.170Z' created: '2023-06-01T22:01:37.818Z' objects: - ACCOUNT type: PROVISIONING technicalName: ACCOUNT_MODIFY_PASSED target: name: Colt.Spears actor: name: System name: Modify Account Passed action: ModifyAccount attributes: accountUuid: '{2d1ec18a-84cc-4659-bf75-a1ce4d56a9c5}' cloudAppName: Active Directory appId: 5c71ff71195b4794a0b87e7cf36fb017 sourceId: source sourceName: Active Directory accountName: CN=Colt Spears,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpoint,DC=com interface: Identity Refresh trackingNumber: 1f74901adbc0412d9fa51314195155be operation: MODIFY status: PASSED pod: pod01-useast1 org: org-name _type: event _version: v2 identities: summary: A collection of identities value: - id: 2c9180865c45e7e3015c46c434a80622 name: Laura Peeters firstName: Laura lastName: Peeters displayName: Laura Peeters email: Laura.Peeters@sailpointdemo.com created: '2024-04-04T21:36:00.385Z' inactive: false protected: false status: ACTIVE employeeNumber: '10673' manager: id: 88e405b1a3b8439daf2efc8f4ff0a98b name: Mia Garcia displayName: Mia Garcia isManager: true identityProfile: id: 00a2bc6244b34f4a88d985f035f2b68b name: HR Global source: id: 524f8d986f9b4192865269516d169eb0 name: HR Global attributes: city: Brussels cloudAuthoritativeSource: 524f8d986f9b4192865269516d169eb0 cloudLifecycleState: active cloudStatus: ACTIVE country: BE department: EMEA Sales displayName: Laura Peeters email: Laura.Peeters@sailpointdemo.com firstname: Laura identificationNumber: '10673' identityState: ACTIVE internalCloudStatus: ACTIVE jobTitle: Manager, Sales - Belgium lastname: Peeters location: EMEA uid: '10673' visibleSegments: - d75ae486-044b-4eba-8113-0cdacb5341df disabled: false locked: false accounts: - id: 830396e8863442f1bce7b485612c8b51 name: Laura Peeters accountId: '10673' source: id: 524f8d986f9b4192865269516d169eb0 name: HR Global type: DelimitedFile disabled: false locked: false privileged: false manuallyCorrelated: false entitlementAttributes: {} created: '2024-04-04T21:36:00.385Z' supportsPasswordChange: false - id: cd6797419f37492ba22ea991f9d6ba90 name: $SEK300-N3K0K4HOPEB6 accountId: CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory type: Active Directory - Direct disabled: false locked: false privileged: false manuallyCorrelated: true passwordLastSet: '2024-04-04T21:38:57.434Z' entitlementAttributes: memberOf: - CN=Salesforce Access,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - CN=Sales-Folder,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - CN=Salesforce opportunity management,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com created: '2024-04-04T21:42:26.787Z' supportsPasswordChange: true - id: db145fd0ec6a4e0cbc3a24bbe0758c8f name: Laura Peeters accountId: '10681' source: id: 524f8d986f9b4192865269516d169eb0 name: HR Global type: DelimitedFile disabled: false locked: false privileged: false manuallyCorrelated: false entitlementAttributes: {} created: '2024-04-04T21:36:15.769Z' supportsPasswordChange: false - id: 6b75898eec394b4c98a5c3d2d9ba311b name: Laura Peeters accountId: Laura Peeters source: id: af4686d6482841ac96d793901372ad9b name: IdentityNow type: IdentityNowConnector disabled: false locked: false privileged: false manuallyCorrelated: false entitlementAttributes: {} created: '2024-04-04T21:36:15.809Z' supportsPasswordChange: true accountAttributes: {} accountCount: 3 apps: - id: '20003' name: Active Directory source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: cd6797419f37492ba22ea991f9d6ba90 accountId: CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '20013' name: AD test source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: cd6797419f37492ba22ea991f9d6ba90 accountId: CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '20014' name: Test AD source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: cd6797419f37492ba22ea991f9d6ba90 accountId: CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '5092' name: Accounting source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: cd6797419f37492ba22ea991f9d6ba90 accountId: CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '5822114389092541705' name: IdentityNow app source: id: af4686d6482841ac96d793901372ad9b name: IdentityNow account: id: 6b75898eec394b4c98a5c3d2d9ba311b accountId: Laura Peeters appCount: 5 access: - id: 4919721c3c1a4ca484469b85f0fd9ba1 name: Benefits displayName: Benefits type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group - id: 4bf8f57887874e9c83ae3a662bf8988c name: Sales-Folder displayName: Sales-Folder type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Sales-Folder,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group - id: f1bea520cace4489805d26de3463262d name: Salesforce Access displayName: Salesforce Access type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Salesforce Access,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group - id: 98a76b26b7884f3e8d115991cebc09b2 name: Salesforce opportunity management displayName: Salesforce opportunity management type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Salesforce opportunity management,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group - id: 7e277d102c874560becc464cdfe33a86 name: Benefits Employees displayName: Benefits Employees type: ACCESS_PROFILE description: Access for Benefits Employees. Distribution group and File share access. enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory owner: id: 278f8a1859df48d2a0adb204257b26a2 name: Jerry.Bennett displayName: Jerry.Bennett disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: 468171f0af874adebb58d3718519bd56 name: SalesCommonAccess displayName: SalesCommonAccess type: ACCESS_PROFILE description: Grants basic access for everyone in the sale department enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory owner: id: 278f8a1859df48d2a0adb204257b26a2 name: Jerry.Bennett displayName: Jerry.Bennett disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: ad7025c956734455b28fa35e315e77fe name: Benefits Common Access displayName: Benefits Common Access type: ROLE description: Testing AD provisioning with birthright access enabled: false requestable: false requestCommentsRequired: false owner: id: 322c6bce405a495a8e841a014b7d8410 name: tina.smith displayName: tina.smith disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: a8819cb0445541438fe08dd38f311b3c name: SalesGlobal displayName: SalesGlobal type: ROLE description: All Sales people in the company enabled: false requestable: false requestCommentsRequired: false owner: id: 29b6ee3f91484d159b1ceac3109af151 name: se.admin displayName: se.admin disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false accessCount: 8 accessProfileCount: 2 entitlementCount: 4 roleCount: 2 modified: '2025-01-17T03:17:17.895Z' visibleSegments: - All Employees visibleSegmentCount: 1 tagCount: 2 tags: - TAG_1 - TAG_2 pod: pod01-useast1 org: org-name synced: '2025-01-17T06:10:19.853Z' _type: identity type: identity _version: v2 roles: summary: A collection of roles value: - id: 2c91808c6faadea6016fb4f2bc69077b accessProfileCount: 1 accessProfiles: - id: 468171f0af874adebb58d3718519bd56 name: SalesCommonAccess created: '2023-06-01T22:00:55.311Z' description: All Sales people in the company dimensional: false enabled: true modified: '2023-06-01T22:00:55.432Z' name: SalesGlobal owner: email: admin@sailpointdemo.com id: c18630c4811c4030810afb3a14f388cf name: admin type: IDENTITY requestCommentsRequired: false requestable: true tags: - TAG_1 - TAG_2 pod: pod01-useast1 org: org-name _type: role type: role _version: v2 queryFields: summary: Query with fields value: - name: John Doe firstName: John lastName: Doe displayName: John Doe id: 655f6741762547ec937893f27eab0cec email: John.Doe@sailpointdemo.com created: '2025-01-03T22:36:20.025Z' inactive: false protected: false status: UNREGISTERED isManager: false identityProfile: id: 63e42f96f2fc4b8ba544654eba6068cf name: Contractors source: id: b33c36dbaf974200b4d91f846abc30a5 name: Contractors attributes: cloudAuthoritativeSource: b33c36dbaf974200b4d91f846abc30a5 cloudLifecycleState: active cloudStatus: UNREGISTERED displayName: John Doe email: John.Doe@sailpointdemo.com endDate: '2199-01-01T00:00:00.000Z' firstname: John identityState: ACTIVE internalCloudStatus: UNREGISTERED lastname: Doe startDate: '2199-01-01T00:00:00.000Z' uid: John Doe visibleSegments: - d75ae486-044b-4eba-8113-0cdacb5341df disabled: false locked: false accounts: - id: 6f9cce655ddd40ca86a8faab8d5d52ec name: John Doe accountId: ac10e3a8-942a-1409-8194-2e4fe3090003 source: id: b33c36dbaf974200b4d91f846abc30a5 name: Contractors type: Non-Employee disabled: false locked: false privileged: false manuallyCorrelated: false entitlementAttributes: {} created: '2025-01-03T22:36:20.045Z' supportsPasswordChange: false - id: 9e29df88d4c5449ea790b4c24135b85c name: $FHK300-LAAKDKHU50K3 accountId: CN=John Doe,OU=Demo,DC=seri,DC=sailpointdemo,DC=com source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory type: Active Directory - Direct disabled: false locked: false privileged: false manuallyCorrelated: true entitlementAttributes: memberOf: - CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com created: '2025-01-03T22:36:36.866Z' supportsPasswordChange: true - id: 74e0cd14200943ff92b4f11fa3596eba name: John Doe accountId: John Doe source: id: af4686d6482841ac96d793901372ad9b name: IdentityNow type: IdentityNowConnector disabled: false locked: false privileged: false manuallyCorrelated: false entitlementAttributes: {} created: '2025-01-03T22:36:20.076Z' supportsPasswordChange: true accountAttributes: {} accountCount: 2 apps: - id: '20003' name: Active Directory source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: 9e29df88d4c5449ea790b4c24135b85c accountId: CN=John Doe,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '20013' name: AD test source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: 9e29df88d4c5449ea790b4c24135b85c accountId: CN=John Doe,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '20014' name: Test AD source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: 9e29df88d4c5449ea790b4c24135b85c accountId: CN=John Doe,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '5092' name: Accounting source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: 9e29df88d4c5449ea790b4c24135b85c accountId: CN=John Doe,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '5822114389092541705' name: IdentityNow app source: id: af4686d6482841ac96d793901372ad9b name: IdentityNow account: id: 74e0cd14200943ff92b4f11fa3596eba accountId: John Doe appCount: 5 access: - id: 4919721c3c1a4ca484469b85f0fd9ba1 name: Benefits displayName: Benefits type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group - id: 7e277d102c874560becc464cdfe33a86 name: Benefits Employees displayName: Benefits Employees type: ACCESS_PROFILE description: Access for Benefits Employees. Distribution group and File share access. enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory owner: id: 278f8a1859df48d2a0adb204257b26a2 name: Jerry.Bennett displayName: Jerry.Bennett disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: ad7025c956734455b28fa35e315e77fe name: Benefits Common Access displayName: Benefits Common Access type: ROLE description: Testing AD provisioning with birthright access enabled: false requestable: false requestCommentsRequired: false owner: id: 322c6bce405a495a8e841a014b7d8410 name: tina.smith displayName: tina.smith disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false accessCount: 3 accessProfileCount: 1 entitlementCount: 1 roleCount: 1 modified: '2025-01-03T22:36:37.599Z' visibleSegments: - All Employees visibleSegmentCount: 1 tagCount: 0 pod: pod01-useast1 org: org-name synced: '2025-01-03T22:37:04.452Z' _type: identity type: identity _version: v2 queryTimeZone: summary: Query with timezone value: - name: Laura Peeters firstName: Laura lastName: Peeters displayName: Laura Peeters id: 0011cac38db341738af1f2ce7bb3aede email: Laura.Peeters@sailpointdemo.com created: '2024-04-04T21:36:00.385Z' inactive: false protected: false status: UNREGISTERED employeeNumber: '10673' manager: id: 88e405b1a3b8439daf2efc8f4ff0a98b name: Mia Garcia displayName: Mia Garcia isManager: true identityProfile: id: 00a2bc6244b34f4a88d985f035f2b68b name: HR Global source: id: 524f8d986f9b4192865269516d169eb0 name: HR Global attributes: city: Brussels cloudAuthoritativeSource: 524f8d986f9b4192865269516d169eb0 cloudLifecycleState: active cloudStatus: UNREGISTERED country: BE department: EMEA Sales displayName: Laura Peeters email: Laura.Peeters@sailpointdemo.com firstname: Laura identificationNumber: '10673' identityState: ACTIVE internalCloudStatus: UNREGISTERED jobTitle: Manager, Sales - Belgium lastname: Peeters location: EMEA uid: '10673' visibleSegments: - d75ae486-044b-4eba-8113-0cdacb5341df disabled: false locked: false accounts: - id: 830396e8863442f1bce7b485612c8b51 name: Laura Peeters accountId: '10673' source: id: 524f8d986f9b4192865269516d169eb0 name: HR Global type: DelimitedFile disabled: false locked: false privileged: false manuallyCorrelated: false entitlementAttributes: {} created: '2024-04-04T21:36:00.385Z' supportsPasswordChange: false - id: cd6797419f37492ba22ea991f9d6ba90 name: $SEK300-N3K0K4HOPEB6 accountId: CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory type: Active Directory - Direct disabled: false locked: false privileged: false manuallyCorrelated: true passwordLastSet: '2024-04-04T21:38:57.434Z' entitlementAttributes: memberOf: - CN=Salesforce Access,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - CN=Sales-Folder,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - CN=Salesforce opportunity management,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com created: '2024-04-04T21:42:26.787Z' supportsPasswordChange: true - id: db145fd0ec6a4e0cbc3a24bbe0758c8f name: Laura Peeters accountId: '10681' source: id: 524f8d986f9b4192865269516d169eb0 name: HR Global type: DelimitedFile disabled: false locked: false privileged: false manuallyCorrelated: false entitlementAttributes: {} created: '2024-04-04T21:36:15.769Z' supportsPasswordChange: false - id: 6b75898eec394b4c98a5c3d2d9ba311b name: Laura Peeters accountId: Laura Peeters source: id: af4686d6482841ac96d793901372ad9b name: IdentityNow type: IdentityNowConnector disabled: false locked: false privileged: false manuallyCorrelated: false entitlementAttributes: {} created: '2024-04-04T21:36:15.809Z' supportsPasswordChange: true accountAttributes: {} accountCount: 3 apps: - id: '20003' name: Active Directory source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: cd6797419f37492ba22ea991f9d6ba90 accountId: CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '20013' name: AD test source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: cd6797419f37492ba22ea991f9d6ba90 accountId: CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '20014' name: Test AD source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: cd6797419f37492ba22ea991f9d6ba90 accountId: CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '5092' name: Accounting source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: cd6797419f37492ba22ea991f9d6ba90 accountId: CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '5822114389092541705' name: IdentityNow app source: id: af4686d6482841ac96d793901372ad9b name: IdentityNow account: id: 6b75898eec394b4c98a5c3d2d9ba311b accountId: Laura Peeters appCount: 5 access: - id: 4919721c3c1a4ca484469b85f0fd9ba1 name: Benefits displayName: Benefits type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group - id: 4bf8f57887874e9c83ae3a662bf8988c name: Sales-Folder displayName: Sales-Folder type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Sales-Folder,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group - id: f1bea520cace4489805d26de3463262d name: Salesforce Access displayName: Salesforce Access type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Salesforce Access,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group - id: 98a76b26b7884f3e8d115991cebc09b2 name: Salesforce opportunity management displayName: Salesforce opportunity management type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Salesforce opportunity management,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group - id: 7e277d102c874560becc464cdfe33a86 name: Benefits Employees displayName: Benefits Employees type: ACCESS_PROFILE description: Access for Benefits Employees. Distribution group and File share access. enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory owner: id: 278f8a1859df48d2a0adb204257b26a2 name: Jerry.Bennett displayName: Jerry.Bennett disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: 468171f0af874adebb58d3718519bd56 name: SalesCommonAccess displayName: SalesCommonAccess type: ACCESS_PROFILE description: Grants basic access for everyone in the sale department enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory owner: id: 278f8a1859df48d2a0adb204257b26a2 name: Jerry.Bennett displayName: Jerry.Bennett disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: ad7025c956734455b28fa35e315e77fe name: Benefits Common Access displayName: Benefits Common Access type: ROLE description: Testing AD provisioning with birthright access enabled: false requestable: false requestCommentsRequired: false owner: id: 322c6bce405a495a8e841a014b7d8410 name: tina.smith displayName: tina.smith disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: a8819cb0445541438fe08dd38f311b3c name: SalesGlobal displayName: SalesGlobal type: ROLE description: All Sales people in the company enabled: false requestable: false requestCommentsRequired: false owner: id: 29b6ee3f91484d159b1ceac3109af151 name: se.admin displayName: se.admin disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false accessCount: 8 accessProfileCount: 2 entitlementCount: 4 roleCount: 2 modified: '2024-12-13T02:49:18.104Z' visibleSegments: - All Employees visibleSegmentCount: 1 tagCount: 0 pod: pod01-useast1 org: org-name synced: '2024-12-13T06:10:14.229Z' _type: identity type: identity _version: v2 queryInnerHit: summary: Query with innerhit value: - requestCommentsRequired: false schema: group cloudEligible: false displayName: Benefits standalone: false source: name: Active Directory id: 5c71ff71195b4794a0b87e7cf36fb017 type: ENTITLEMENT enabled: false privileged: false name: Benefits disabled: false id: 4919721c3c1a4ca484469b85f0fd9ba1 requestable: false attribute: memberOf value: CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com cloudGoverned: false _type: access _originalType: identity _version: v2 - requestCommentsRequired: false owner: displayName: Jerry.Bennett name: Jerry.Bennett id: 278f8a1859df48d2a0adb204257b26a2 cloudEligible: false displayName: Benefits Employees standalone: false description: Access for Benefits Employees. Distribution group and File share access. source: name: Active Directory id: 5c71ff71195b4794a0b87e7cf36fb017 revocable: false type: ACCESS_PROFILE enabled: false privileged: false name: Benefits Employees disabled: false id: 7e277d102c874560becc464cdfe33a86 requestable: false cloudGoverned: false _type: access _originalType: identity _version: v2 typeAheadQuery-2: summary: Typeahead query value: - Ethan Johnson - Henry Jones - Joan.Wells - Joanna Gonzales - Joe Cook - Joe.Myers - Johan Jacobs - John Doe - John Roberts - John Smith - John.Jarndyce - John.Smithee - John.Williams - Johnny.Elliott - Jonathan.West - Jordan Wilson - Jordan.Sullivan - Jose.Reed - Joao Carvalho - Kamaria Jones - Lisa Jones - Mia Johnson - Michael Johnson - Scott Johnson typeAheadQueryNestedType: summary: Typeahead query with nestedtype value: - Active Directory - PRISM - ServiceNow - TRAKK-WS - AWS filterExists: summary: Filter with exists value: - name: Cory Henry firstName: Cory lastName: Henry displayName: Cory Henry id: 026bb65ed1f54fcd89197ca986e9acac email: Cory.Henry@sailpointdemo.com created: '2024-04-04T21:32:46.844Z' inactive: false protected: false status: UNREGISTERED employeeNumber: '10090' manager: id: 903349b85746471a9a898722206109bb name: Layla Hendricks displayName: Layla Hendricks isManager: true identityProfile: id: 00a2bc6244b34f4a88d985f035f2b68b name: HR Global source: id: 524f8d986f9b4192865269516d169eb0 name: HR Global attributes: city: Austin cloudAuthoritativeSource: 524f8d986f9b4192865269516d169eb0 cloudLifecycleState: active cloudStatus: UNREGISTERED country: US department: Revenue Operations displayName: Cory Henry email: Cory.Henry@sailpointdemo.com firstname: Cory identificationNumber: '10090' identityState: ACTIVE internalCloudStatus: UNREGISTERED jobTitle: Manager, System Operations lastname: Henry location: AMS uid: '10090' visibleSegments: - d75ae486-044b-4eba-8113-0cdacb5341df - 8ea4e957-f2f1-4cba-b202-54cc702528d1 disabled: false locked: false accounts: - id: a02142f41ad1407884da04a7bfa586d4 name: Cory Henry accountId: '10090' source: id: 524f8d986f9b4192865269516d169eb0 name: HR Global type: DelimitedFile disabled: false locked: false privileged: false manuallyCorrelated: false entitlementAttributes: {} created: '2024-04-04T21:32:46.844Z' supportsPasswordChange: false - id: f30019e125c74684acee7da3f1643d2a name: $LUJ300-P3QNVHE6R7FB accountId: CN=Cory Henry,OU=Demo,DC=seri,DC=sailpointdemo,DC=com source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory type: Active Directory - Direct disabled: false locked: false privileged: false manuallyCorrelated: true passwordLastSet: '2024-04-04T21:33:34.488Z' entitlementAttributes: memberOf: - CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com created: '2024-04-04T21:37:03.481Z' supportsPasswordChange: true - id: 7fe340119c5d4b00a9b85d55b18a6416 name: Cory Henry accountId: Cory Henry source: id: af4686d6482841ac96d793901372ad9b name: IdentityNow type: IdentityNowConnector disabled: false locked: false privileged: false manuallyCorrelated: false entitlementAttributes: {} created: '2024-04-04T21:37:03.536Z' supportsPasswordChange: true accountAttributes: {} accountCount: 2 apps: - id: '20003' name: Active Directory source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: f30019e125c74684acee7da3f1643d2a accountId: CN=Cory Henry,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '20013' name: AD test source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: f30019e125c74684acee7da3f1643d2a accountId: CN=Cory Henry,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '20014' name: Test AD source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: f30019e125c74684acee7da3f1643d2a accountId: CN=Cory Henry,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '5092' name: Accounting source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: f30019e125c74684acee7da3f1643d2a accountId: CN=Cory Henry,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '5822114389092541705' name: IdentityNow app source: id: af4686d6482841ac96d793901372ad9b name: IdentityNow account: id: 7fe340119c5d4b00a9b85d55b18a6416 accountId: Cory Henry appCount: 5 access: - id: ad7025c956734455b28fa35e315e77fe name: Benefits Common Access displayName: Benefits Common Access type: ROLE description: Testing AD provisioning with birthright access enabled: false requestable: false requestCommentsRequired: false owner: id: 322c6bce405a495a8e841a014b7d8410 name: tina.smith displayName: tina.smith disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: 7e277d102c874560becc464cdfe33a86 name: Benefits Employees displayName: Benefits Employees type: ACCESS_PROFILE description: Access for Benefits Employees. Distribution group and File share access. enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory owner: id: 278f8a1859df48d2a0adb204257b26a2 name: Jerry.Bennett displayName: Jerry.Bennett disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: 4919721c3c1a4ca484469b85f0fd9ba1 name: Benefits displayName: Benefits type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group accessCount: 3 accessProfileCount: 1 entitlementCount: 1 roleCount: 1 modified: '2024-12-13T02:49:19.214Z' visibleSegments: - All Employees - Austin Employees visibleSegmentCount: 2 tagCount: 0 pod: pod01-useast1 org: org-name synced: '2024-12-13T06:10:29.734Z' _type: identity type: identity _version: v2 filterRange: summary: Filter with range value: - name: Mia Garcia firstName: Mia lastName: Garcia displayName: Mia Garcia id: 88e405b1a3b8439daf2efc8f4ff0a98b email: Mia.Garcia@sailpointdemo.com created: '2024-04-04T21:33:05.522Z' inactive: false protected: false status: UNREGISTERED employeeNumber: '10142' manager: id: 624db52c764f410baca2b192caad8e58 name: Ethan Johnson displayName: Ethan Johnson isManager: true identityProfile: id: 00a2bc6244b34f4a88d985f035f2b68b name: HR Global source: id: 524f8d986f9b4192865269516d169eb0 name: HR Global attributes: city: London cloudAuthoritativeSource: 524f8d986f9b4192865269516d169eb0 cloudLifecycleState: active cloudStatus: UNREGISTERED country: GB department: EMEA Sales displayName: Mia Garcia email: Mia.Garcia@sailpointdemo.com firstname: Mia identificationNumber: '10142' identityState: ACTIVE internalCloudStatus: UNREGISTERED jobTitle: Regional Director, EMEA Sales lastname: Garcia location: EMEA uid: '10142' visibleSegments: - d75ae486-044b-4eba-8113-0cdacb5341df disabled: false locked: false accounts: - id: 9021760f10b64f42b7ebfb78085ccaff name: Mia Garcia accountId: '10142' source: id: 524f8d986f9b4192865269516d169eb0 name: HR Global type: DelimitedFile disabled: false locked: false privileged: false manuallyCorrelated: false entitlementAttributes: {} created: '2024-04-04T21:33:05.522Z' supportsPasswordChange: false - id: f3ef91f3c2874e79981f2d97297660ee name: $DUJ300-H5LFRVRDLKKM accountId: CN=Mia Garcia,OU=Demo,DC=seri,DC=sailpointdemo,DC=com source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory type: Active Directory - Direct disabled: false locked: false privileged: false manuallyCorrelated: true passwordLastSet: '2024-04-04T21:33:25.979Z' entitlementAttributes: memberOf: - CN=Salesforce Access,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - CN=Sales-Folder,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - CN=Salesforce opportunity management,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com created: '2024-04-04T21:36:54.974Z' supportsPasswordChange: true - id: c379279cc5b9450cbb274aad31486510 name: Mia Garcia accountId: Mia Garcia source: id: af4686d6482841ac96d793901372ad9b name: IdentityNow type: IdentityNowConnector disabled: false locked: false privileged: false manuallyCorrelated: false entitlementAttributes: {} created: '2024-04-04T21:36:55.027Z' supportsPasswordChange: true accountAttributes: {} accountCount: 2 apps: - id: '20003' name: Active Directory source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: f3ef91f3c2874e79981f2d97297660ee accountId: CN=Mia Garcia,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '20013' name: AD test source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: f3ef91f3c2874e79981f2d97297660ee accountId: CN=Mia Garcia,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '20014' name: Test AD source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: f3ef91f3c2874e79981f2d97297660ee accountId: CN=Mia Garcia,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '5092' name: Accounting source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: f3ef91f3c2874e79981f2d97297660ee accountId: CN=Mia Garcia,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '5822114389092541705' name: IdentityNow app source: id: af4686d6482841ac96d793901372ad9b name: IdentityNow account: id: c379279cc5b9450cbb274aad31486510 accountId: Mia Garcia appCount: 5 access: - id: 7e277d102c874560becc464cdfe33a86 name: Benefits Employees displayName: Benefits Employees type: ACCESS_PROFILE description: Access for Benefits Employees. Distribution group and File share access. enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory owner: id: 278f8a1859df48d2a0adb204257b26a2 name: Jerry.Bennett displayName: Jerry.Bennett disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: 468171f0af874adebb58d3718519bd56 name: SalesCommonAccess displayName: SalesCommonAccess type: ACCESS_PROFILE description: Grants basic access for everyone in the sale department enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory owner: id: 278f8a1859df48d2a0adb204257b26a2 name: Jerry.Bennett displayName: Jerry.Bennett disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: ad7025c956734455b28fa35e315e77fe name: Benefits Common Access displayName: Benefits Common Access type: ROLE description: Testing AD provisioning with birthright access enabled: false requestable: false requestCommentsRequired: false owner: id: 322c6bce405a495a8e841a014b7d8410 name: tina.smith displayName: tina.smith disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: a8819cb0445541438fe08dd38f311b3c name: SalesGlobal displayName: SalesGlobal type: ROLE description: All Sales people in the company enabled: false requestable: false requestCommentsRequired: false owner: id: 29b6ee3f91484d159b1ceac3109af151 name: se.admin displayName: se.admin disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: 4919721c3c1a4ca484469b85f0fd9ba1 name: Benefits displayName: Benefits type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group - id: 4bf8f57887874e9c83ae3a662bf8988c name: Sales-Folder displayName: Sales-Folder type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Sales-Folder,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group - id: f1bea520cace4489805d26de3463262d name: Salesforce Access displayName: Salesforce Access type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Salesforce Access,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group - id: 98a76b26b7884f3e8d115991cebc09b2 name: Salesforce opportunity management displayName: Salesforce opportunity management type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Salesforce opportunity management,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group accessCount: 8 accessProfileCount: 2 entitlementCount: 4 roleCount: 2 modified: '2024-12-13T02:49:35.220Z' visibleSegments: - All Employees visibleSegmentCount: 1 tagCount: 0 pod: pod01-useast1 org: org-name synced: '2024-12-13T06:25:44.222Z' _type: identity type: identity _version: v2 filterTerms: summary: Filter with terms value: - name: Oliver Davies firstName: Oliver lastName: Davies displayName: Oliver Davies id: b173815fef574b74a283f39e6634c215 email: Oliver.Davies@sailpointdemo.com created: '2024-04-04T21:32:27.473Z' inactive: false protected: false status: UNREGISTERED employeeNumber: '10029' manager: id: b8c8e021a4104eda91b80bfac6a99b47 name: Jackson Brooks displayName: Jackson Brooks isManager: true identityProfile: id: 00a2bc6244b34f4a88d985f035f2b68b name: HR Global source: id: 524f8d986f9b4192865269516d169eb0 name: HR Global attributes: city: London cloudAuthoritativeSource: 524f8d986f9b4192865269516d169eb0 cloudLifecycleState: active cloudStatus: UNREGISTERED country: GB department: Customer Support displayName: Oliver Davies email: Oliver.Davies@sailpointdemo.com firstname: Oliver identificationNumber: '10029' identityState: ACTIVE internalCloudStatus: UNREGISTERED jobTitle: Call Center lastname: Davies location: EMEA uid: '10029' visibleSegments: - d75ae486-044b-4eba-8113-0cdacb5341df disabled: false locked: false accounts: - id: c8cacc7080254b2781f56e0ded6c8dea name: $GRJ300-AQD2M7N9L7NT accountId: CN=Oliver Davies,OU=Demo,DC=seri,DC=sailpointdemo,DC=com source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory type: Active Directory - Direct disabled: false locked: false privileged: false manuallyCorrelated: true passwordLastSet: '2024-04-04T21:30:25.205Z' entitlementAttributes: memberOf: - CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com created: '2024-04-04T21:33:54.332Z' supportsPasswordChange: true - id: cd7f58b2290c43909320ff89427b57a1 name: Oliver Davies accountId: '10029' source: id: 524f8d986f9b4192865269516d169eb0 name: HR Global type: DelimitedFile disabled: false locked: false privileged: false manuallyCorrelated: false entitlementAttributes: {} created: '2024-04-04T21:32:27.473Z' supportsPasswordChange: false - id: a1ee6cd948754371a98105a5a6dd067d name: Oliver Davies accountId: Oliver Davies source: id: af4686d6482841ac96d793901372ad9b name: IdentityNow type: IdentityNowConnector disabled: false locked: false privileged: false manuallyCorrelated: false entitlementAttributes: {} created: '2024-04-04T21:33:54.377Z' supportsPasswordChange: true accountAttributes: {} accountCount: 2 apps: - id: '20003' name: Active Directory source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: c8cacc7080254b2781f56e0ded6c8dea accountId: CN=Oliver Davies,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '20013' name: AD test source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: c8cacc7080254b2781f56e0ded6c8dea accountId: CN=Oliver Davies,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '20014' name: Test AD source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: c8cacc7080254b2781f56e0ded6c8dea accountId: CN=Oliver Davies,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '5092' name: Accounting source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: c8cacc7080254b2781f56e0ded6c8dea accountId: CN=Oliver Davies,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '5822114389092541705' name: IdentityNow app source: id: af4686d6482841ac96d793901372ad9b name: IdentityNow account: id: a1ee6cd948754371a98105a5a6dd067d accountId: Oliver Davies appCount: 5 access: - id: ad7025c956734455b28fa35e315e77fe name: Benefits Common Access displayName: Benefits Common Access type: ROLE description: Testing AD provisioning with birthright access enabled: false requestable: false requestCommentsRequired: false owner: id: 322c6bce405a495a8e841a014b7d8410 name: tina.smith displayName: tina.smith disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: 7e277d102c874560becc464cdfe33a86 name: Benefits Employees displayName: Benefits Employees type: ACCESS_PROFILE description: Access for Benefits Employees. Distribution group and File share access. enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory owner: id: 278f8a1859df48d2a0adb204257b26a2 name: Jerry.Bennett displayName: Jerry.Bennett disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: 4919721c3c1a4ca484469b85f0fd9ba1 name: Benefits displayName: Benefits type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group accessCount: 3 accessProfileCount: 1 entitlementCount: 1 roleCount: 1 modified: '2024-12-13T02:49:35.917Z' visibleSegments: - All Employees visibleSegmentCount: 1 tagCount: 0 pod: pod01-useast1 org: org-name synced: '2024-12-13T06:28:14.763Z' _type: identity type: identity _version: v2 metricAggregation: summary: Metricaggregation value: indices: - identities aggregationType: SAILPOINT aggregations: metric: name: How Many Locations type: UNIQUE_COUNT field: attributes.city metricAggregation-dsl: summary: Metricaggregation using dsl value: indices: - identities aggregationType: DSL aggregationsDsl: How Many Locations: cardinality: field: attributes.city.exact bucketAggregation: summary: Bucketaggregation value: indices: - identities aggregationType: SAILPOINT aggregations: bucket: name: Identity Locations type: TERMS field: attributes.city bucketAggregation-dsl: summary: Bucketaggregation using dsl value: indices: - identities aggregationType: DSL aggregationsDsl: Identity Locations: terms: field: attributes.city.exact nestedAggregation-bucketAggregation: summary: Nestedaggregation with bucketaggregation value: indices: - identities aggregationType: SAILPOINT aggregations: nested: name: Access field: access type: TERMS bucket: name: Access Source Name type: TERMS field: access.source.name nestedAggregation-bucketAggregation-dsl: summary: Nestedaggregation with bucketaggregation using dsl value: indices: - identities aggregationType: DSL aggregationsDsl: access: nested: path: access aggs: Access Source Name: terms: field: access.source.name.exact nestedAggregation-filterAggregation-bucketAggregation: summary: Nestedaggregation with filteraggregation and bucketaggregation value: indices: - identities aggregationType: SAILPOINT aggregations: nested: name: Access field: access type: TERMS filter: name: Entitlements field: access.type value: ENTITLEMENT bucket: name: Access Name type: TERMS field: access.name nestedAggregation-filterAggregation-bucketAggregation-dsl: summary: Nestedaggregation with filteraggregation and bucketaggregation using dsl value: indices: - identities aggregationType: DSL aggregationsDsl: access: nested: path: access aggs: Entitlements: filter: term: access.type: ENTITLEMENT aggs: Access Name: terms: field: access.name.exact bucketAggregation-subAggregation: summary: Bucketaggregation with subaggregation value: indices: - identities aggregationType: SAILPOINT aggregations: bucket: name: Identity Department type: TERMS field: attributes.department subAggregation: bucket: name: Identity Locations type: TERMS field: attributes.city bucketAggregation-subAggregation-dsl: summary: Bucketaggregation with subaggregation using dsl value: indices: - identities aggregationType: DSL aggregationsDsl: Identity Department: terms: field: attributes.department.exact aggs: Identity Locations: terms: field: attributes.city.exact accessProfile: summary: Accessprofile value: id: 13b856dd9a264206954b63ecbb57a853 name: Cloud Eng description: Cloud Eng source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory entitlements: - hasPermissions: false attribute: memberOf value: CN=Cloud Engineering,DC=sailpoint,DC=COM schema: group privileged: false id: 7372eaddd75749bd89a2e76a363eb891 name: Cloud Engineering description: Cloud Engineering entitlementCount: 1 segments: [] segmentCount: 0 apps: [] created: '2024-09-16T17:41:25Z' modified: '2024-09-16T19:30:54Z' synced: '2025-02-12T06:32:40.156Z' enabled: true requestable: true requestCommentsRequired: false owner: id: ff8081815757d36a015757d42e56031e name: SailPoint Support type: IDENTITY email: cloud-support@sailpoint.com tags: - TAG_1 - TAG_2 accountActivity: summary: Accountactivity value: id: 6f76c3add1db4ba8bbe0d42aaceb7a07 requester: name: Amos.Cunningham id: ef1e2a36099447cb9448c68e1804dd9f type: Identity synced: '2025-01-02T21:47:16.953Z' sources: Active Directory created: '2025-01-02T21:45:59.795Z' accountRequests: - result: status: committed accountId: CN=Amos Cunningham,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com op: Modify provisioningTarget: name: Active Directory id: 5c71ff71195b4794a0b87e7cf36fb017 type: ADLDAPConnector source: name: Active Directory id: 5c71ff71195b4794a0b87e7cf36fb017 type: ADLDAPConnector attributeRequests: - op: Add name: memberOf value: CN=HelpDesk,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com stage: Completed originalRequests: - result: status: Manual Task Created accountId: CN=Amos Cunningham,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com op: Modify accountUuid: '{17413e85-1c08-4bb0-b658-9afdaad11d0a}' source: name: Active Directory id: 5c71ff71195b4794a0b87e7cf36fb017 type: ADLDAPConnector attributeRequests: - op: Add name: memberOf value: CN=HelpDesk,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com expansionItems: [] approvals: - owner: name: tina.smith id: 322c6bce405a495a8e841a014b7d8410 type: Identity result: Finished attributeRequest: op: Add name: memberOf value: - CN=HelpDesk,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com accountUuid: '{17413e85-1c08-4bb0-b658-9afdaad11d0a}' modified: '2025-01-02T21:47:16.903Z' source: name: Active Directory id: 5c71ff71195b4794a0b87e7cf36fb017 type: ADLDAPConnector recipient: name: Amos.Cunningham id: ef1e2a36099447cb9448c68e1804dd9f type: Identity action: Access Request modified: '2025-01-02T21:47:16.903Z' trackingNumber: 051d09b0bb5b453d91f658ba7f1e3171 status: Complete entitlement: summary: Entitlement value: id: 2c9180867dde18d1017de8ea1f5c130f name: Vendor Creation displayName: Vendor Creation created: '2021-12-23T20:09:57.340Z' modified: '2023-05-02T06:31:19.357Z' attribute: groups value: VC sourceSchemaObjectType: group schema: group privileged: false cloudGoverned: false hash: 22ac1f7a13c8a462c67ee74f5fcbf06a277cce50 description: Set up new AP vendors requestable: false source: id: 2c9180887de347a7017de8e75fa5570a type: SOURCE name: Finance containsDataAccess: 'false' event: summary: Event value: id: 001909ce8cc3b519436197105426b18b5fc6ca179803c0c3702e9038107bec78 stack: wps synced: '2023-06-01T22:01:38.170Z' created: '2023-06-01T22:01:37.818Z' objects: - ACCOUNT type: PROVISIONING technicalName: ACCOUNT_MODIFY_PASSED target: name: Colt.Spears actor: name: System name: Modify Account Passed action: ModifyAccount attributes: accountUuid: '{2d1ec18a-84cc-4659-bf75-a1ce4d56a9c5}' cloudAppName: Active Directory appId: 5c71ff71195b4794a0b87e7cf36fb017 sourceId: source sourceName: Active Directory accountName: CN=Colt Spears,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpoint,DC=com interface: Identity Refresh trackingNumber: 1f74901adbc0412d9fa51314195155be operation: MODIFY status: PASSED identity: summary: Identity value: id: 2c9180865c45e7e3015c46c434a80622 name: Laura Peeters firstName: Laura lastName: Peeters displayName: Laura Peeters email: Laura.Peeters@sailpointdemo.com created: '2024-04-04T21:36:00.385Z' inactive: false protected: false status: ACTIVE employeeNumber: '10673' manager: id: 88e405b1a3b8439daf2efc8f4ff0a98b name: Mia Garcia displayName: Mia Garcia isManager: true identityProfile: id: 00a2bc6244b34f4a88d985f035f2b68b name: HR Global source: id: 524f8d986f9b4192865269516d169eb0 name: HR Global attributes: city: Brussels cloudAuthoritativeSource: 524f8d986f9b4192865269516d169eb0 cloudLifecycleState: active cloudStatus: UNREGISTERED country: BE department: EMEA Sales displayName: Laura Peeters email: Laura.Peeters@sailpointdemo.com firstname: Laura identificationNumber: '10673' identityState: ACTIVE internalCloudStatus: UNREGISTERED jobTitle: Manager, Sales - Belgium lastname: Peeters location: EMEA uid: '10673' visibleSegments: - d75ae486-044b-4eba-8113-0cdacb5341df disabled: false locked: false accounts: - id: 830396e8863442f1bce7b485612c8b51 name: Laura Peeters accountId: '10673' source: id: 524f8d986f9b4192865269516d169eb0 name: HR Global type: DelimitedFile disabled: false locked: false privileged: false manuallyCorrelated: false entitlementAttributes: {} created: '2024-04-04T21:36:00.385Z' supportsPasswordChange: false - id: cd6797419f37492ba22ea991f9d6ba90 name: $SEK300-N3K0K4HOPEB6 accountId: CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory type: Active Directory - Direct disabled: false locked: false privileged: false manuallyCorrelated: true passwordLastSet: '2024-04-04T21:38:57.434Z' entitlementAttributes: memberOf: - CN=Salesforce Access,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - CN=Sales-Folder,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - CN=Salesforce opportunity management,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com created: '2024-04-04T21:42:26.787Z' supportsPasswordChange: true - id: db145fd0ec6a4e0cbc3a24bbe0758c8f name: Laura Peeters accountId: '10681' source: id: 524f8d986f9b4192865269516d169eb0 name: HR Global type: DelimitedFile disabled: false locked: false privileged: false manuallyCorrelated: false entitlementAttributes: {} created: '2024-04-04T21:36:15.769Z' supportsPasswordChange: false - id: 6b75898eec394b4c98a5c3d2d9ba311b name: Laura Peeters accountId: Laura Peeters source: id: af4686d6482841ac96d793901372ad9b name: IdentityNow type: IdentityNowConnector disabled: false locked: false privileged: false manuallyCorrelated: false entitlementAttributes: {} created: '2024-04-04T21:36:15.809Z' supportsPasswordChange: true accountAttributes: {} accountCount: 3 apps: - id: '20003' name: Active Directory source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: cd6797419f37492ba22ea991f9d6ba90 accountId: CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '20013' name: AD test source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: cd6797419f37492ba22ea991f9d6ba90 accountId: CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '20014' name: Test AD source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: cd6797419f37492ba22ea991f9d6ba90 accountId: CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '5092' name: Accounting source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: cd6797419f37492ba22ea991f9d6ba90 accountId: CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '5822114389092541705' name: IdentityNow app source: id: af4686d6482841ac96d793901372ad9b name: IdentityNow account: id: 6b75898eec394b4c98a5c3d2d9ba311b accountId: Laura Peeters appCount: 5 access: - id: 4919721c3c1a4ca484469b85f0fd9ba1 name: Benefits displayName: Benefits type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group - id: 4bf8f57887874e9c83ae3a662bf8988c name: Sales-Folder displayName: Sales-Folder type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Sales-Folder,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group - id: f1bea520cace4489805d26de3463262d name: Salesforce Access displayName: Salesforce Access type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Salesforce Access,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group - id: 98a76b26b7884f3e8d115991cebc09b2 name: Salesforce opportunity management displayName: Salesforce opportunity management type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Salesforce opportunity management,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group - id: 7e277d102c874560becc464cdfe33a86 name: Benefits Employees displayName: Benefits Employees type: ACCESS_PROFILE description: Access for Benefits Employees. Distribution group and File share access. enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory owner: id: 278f8a1859df48d2a0adb204257b26a2 name: Jerry.Bennett displayName: Jerry.Bennett disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: 468171f0af874adebb58d3718519bd56 name: SalesCommonAccess displayName: SalesCommonAccess type: ACCESS_PROFILE description: Grants basic access for everyone in the sale department enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory owner: id: 278f8a1859df48d2a0adb204257b26a2 name: Jerry.Bennett displayName: Jerry.Bennett disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: ad7025c956734455b28fa35e315e77fe name: Benefits Common Access displayName: Benefits Common Access type: ROLE description: Testing AD provisioning with birthright access enabled: false requestable: false requestCommentsRequired: false owner: id: 322c6bce405a495a8e841a014b7d8410 name: tina.smith displayName: tina.smith disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: a8819cb0445541438fe08dd38f311b3c name: SalesGlobal displayName: SalesGlobal type: ROLE description: All Sales people in the company enabled: false requestable: false requestCommentsRequired: false owner: id: 29b6ee3f91484d159b1ceac3109af151 name: se.admin displayName: se.admin disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false accessCount: 8 accessProfileCount: 2 entitlementCount: 4 roleCount: 2 modified: '2025-01-17T03:17:17.895Z' visibleSegments: - All Employees visibleSegmentCount: 1 tagCount: 2 tags: - TAG_1 - TAG_2 role: summary: Role value: id: 2c91808c6faadea6016fb4f2bc69077b accessProfileCount: 1 accessProfiles: - id: 468171f0af874adebb58d3718519bd56 name: SalesCommonAccess created: '2023-06-01T22:00:55.311Z' description: All Sales people in the company dimensional: false enabled: true modified: '2023-06-01T22:00:55.432Z' name: SalesGlobal owner: email: admin@sailpointdemo.com id: c18630c4811c4030810afb3a14f388cf name: admin type: IDENTITY requestCommentsRequired: false requestable: true tags: - TAG_1 - TAG_2 identities-details-report-results: summary: Identities details report result. value: reportType: IDENTITIES_DETAILS taskDefName: Identities Details Report id: 1e01d272b8084c4fa12fcf8fa898102d created: '2023-09-07T42:14:05.122Z' status: SUCCESS duration: 3681 rows: 193 availableFormats: - CSV account-export-report-details: summary: Account export report value: reportType: ACCOUNTS arguments: application: 2c9180897eSourceIde781782f705b9 sourceName: Active Directory identities-details-report-details: summary: Identities details report value: reportType: IDENTITIES_DETAILS arguments: correlatedOnly: true identities-report-details: summary: Identities report value: reportType: IDENTITIES arguments: correlatedOnly: true identity-profile-identity-error-report-details: summary: Identity profile identity error report value: reportType: IDENTITY_PROFILE_IDENTITY_ERROR arguments: authoritativeSource: 2c9180847de347aa017de8ef09167792 orphan-identities-report-details: summary: Orphan identities report value: reportType: ORPHAN_IDENTITIES arguments: selectedFormats: - CSV - PDF search-export-report-details: summary: Search export report value: reportType: SEARCH_EXPORT arguments: indices: - identities query: attributes.city:London columns: displayName,firstName,lastName,email,attributes.city,created,attributes.cloudLifecycleState,access.spread sort: - +displayName uncorrelated-accounts-report-details: summary: Uncorrelated accounts report value: reportType: UNCORRELATED_ACCOUNTS arguments: selectedFormats: - CSV - PDF identities-details-report-task-result: summary: Identities details report task result. value: reportType: IDENTITIES_DETAILS taskDefName: Identities Details Report type: QUARTZ id: a248c16fe22222b2bd49615481311111 created: '2023-09-07T42:14:00.364Z' description: A detailed view of the identities in the system. parentName: Audit Report launcher: '9832285' launched: '2023-09-07T42:14:00.521Z' completed: '2023-09-07T42:14:01.137Z' messages: [] returns: [] attributes: org: an-org progress: Initializing... search-export-report-task-result: summary: Identities details report task result. value: reportType: SEARCH_EXPORT taskDefName: Search Export type: QUARTZ id: a248c16fe22222b2bd49615481311111 created: '2023-09-07T42:14:11.137Z' description: Extract query data from ElasticSearch to CSV parentName: null launcher: T05293 launched: '2020-09-07T42:14:11.137Z' completed: '2020-09-07T42:14:13.451Z' messages: [] returns: [] attributes: queryHash: 5e12cf79c67d92e23d4d8cb3e974f87d164e86d4a48d32ecf89645cacfd3f2 org: an-org queryParams: columns: displayName,firstName,lastName,email,created,attributes.cloudLifecycleState,tags,access.spread,apps.pread,accounts.spread indices: identities ownerId: 95ecba5c5444439c999aec638ce2a777 query: 700007 sort: displayName progress: Initializing... SlimDiscoveredApplications: description: List of discovered applications value: - id: 09d88a67-bae8-422c-a09b-f7a72f5ab032 name: Example App discoverySource: csv discoveredVendor: Example Vendor description: An application for managing examples. recommendedConnectors: - ConnectorA - ConnectorB discoveredAt: '2023-07-01T12:00:00Z' createdAt: '2024-06-01T12:00:00Z' status: ACTIVE - id: 59310a1e-0d8f-42fa-95aa-b82b263de7f6 name: Sample Tracker discoverySource: Okta SaaS discoveredVendor: Sample Vendor description: A tool for monitoring and managing samples. recommendedConnectors: - ConnectorC - ConnectorD discoveredAt: '2023-08-15T08:00:00Z' createdAt: '2024-05-20T08:00:00Z' status: ACTIVE - id: dfe675cb-f689-475f-99f1-49e348449867 name: Demo Manager discoverySource: Okta SaaS discoveredVendor: Demo Provider description: Software to demonstrate basic functionalities. recommendedConnectors: - ConnectorE - ConnectorF discoveredAt: '2023-09-10T15:00:00Z' createdAt: '2024-07-03T15:00:00Z' status: ACTIVE FullDiscoveredApplications: description: List of discovered applications with their respective associated sources value: - id: 6f672248-2dac-4cf5-9531-fca0719cbb4a name: Example App discoverySource: csv discoveredVendor: Example Vendor description: An application for managing examples. recommendedConnectors: - ConnectorA - ConnectorB discoveredAt: '2023-07-01T12:00:00Z' createdAt: '2024-06-01T12:00:00Z' status: ACTIVE associatedSources: - e0cc5d7d-bf7f-4f81-b2af-8885b09d9923 - id: b3a3a704-6a45-45ee-a501-bbc332388222 name: Sample Tracker discoverySource: Okta SaaS discoveredVendor: Sample Vendor description: A tool for monitoring and managing samples. recommendedConnectors: - ConnectorC - ConnectorD discoveredAt: '2023-08-15T08:00:00Z' createdAt: '2024-05-20T08:00:00Z' status: ACTIVE associatedSources: - a3b159f2-5f09-43c9-b40e-a6f317aa5b8f - e0cc5d7d-bf7f-4f81-b2af-8885b09d9923 - id: 1d070458-faed-4a6c-8990-918ad70a06ee name: Demo Manager discoverySource: Okta SaaS discoveredVendor: Demo Provider description: Software to demonstrate basic functionalities. recommendedConnectors: - ConnectorE - ConnectorF discoveredAt: '2023-09-10T15:00:00Z' createdAt: '2024-07-03T15:00:00Z' status: ACTIVE associatedSources: - 4e2d7605-833f-4c34-8d03-5b2c7d2f4f66 - f9b7e2ce-aced-4117-a95f-4ffad8b33989 - a3b159f2-5f09-43c9-b40e-a6f317aa5b8f - id: 9be7c5a5-9f37-46ba-965a-e5b9453472c6 name: Task Organizer discoverySource: Manual Entry discoveredVendor: Organizer Solutions description: An application designed to help teams manage tasks and projects efficiently. recommendedConnectors: - ConnectorG - ConnectorH discoveredAt: '2023-10-05T14:00:00Z' createdAt: '2024-08-01T14:00:00Z' status: ACTIVE associatedSources: []