openapi: 3.0.3
info:
description: |
IdentityIQ REST Endpoint Interface Documentation for SCIM
version: '8.3'
title: IdentityIQ SCIM REST API
servers:
- url: 'http://localhost:8080/identityiq/scim/v2'
description: IdentityIQ SCIM server basepath and path to API.
tags:
- name: Accounts
- name: Alerts
- name: Applications
description: 'Alert object, a generic real time event processing object.'
- name: Checked Policy Violations
- name: Entitlements
- name: LaunchedWorkflows
- name: ObjectConfig
- name: PolicyViolations
- name: ResourceTypes
- name: Roles
- name: Schemas
- name: ServiceProviderConfig
- name: TaskResults
- name: Users
- name: Workflows
security:
- basicAuth: []
paths:
/Accounts:
get:
operationId: getAccounts
tags:
- Accounts
summary: Returns all Account resources.
description: This endpoint returns all Account resources.
parameters:
- in: query
name: filter
schema:
type: string
example: application.value eq "7f000001804444fe818051b44414444c" and displayName sw "G"
description: 'Allows for query filters according to RFC-7644, Section 3.4.2.2 - not all operations are supported.'
- in: query
name: sortBy
schema:
type: string
example: displayName
description: Allows sorting the results by a resource's attributes.
- in: query
name: sortOrder
schema:
type: string
example: descending
default: ascending
description: Determines what order to sort results in.
- in: query
name: startIndex
schema:
type: integer
example: 2313
default: 1
description: Determines the starting index of the result set.
- in: query
name: count
schema:
type: integer
example: 10
default: 1000
description: Specifies the number of results per page.
- in: query
name: attributes
schema:
type: string
example: 'displayName,active'
description: 'A comma-separated list of attributes to return in the response. This query parameter supersedes excludedAttributes, so providing the same attribute(s) to both will result in the attribute(s) being returned.'
- in: query
name: excludedAttributes
schema:
type: string
example: 'displayName,active'
description: A comma-separated list of attributes to exclude from the response. *Some attributes cannot be excluded.*
responses:
'200':
description: Returns all Account resources.
content:
application/json:
schema:
properties:
totalResults:
description: Number of Account resources returned
type: integer
example: '18,'
startIndex:
description: The starting index of the resource set list. Can be specified with startIndex query parameter.
type: integer
example: 1
schemas:
description: SCIM Schema used for response.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:api:messages:2.0:ListResponse'
Resources:
type: array
items:
properties:
id:
description: IdentityIQ id of the Account.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
identity:
description: The corresponding User object of the Account.
properties:
userName:
description: The identity name of the Account User.
type: string
example: Barbara.Jensen
displayName:
description: The displayable name of the Account User.
type: string
example: Barbara Jensen
value:
description: IdentityIQ identifier for the Account User.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
ref:
description: The URI of the SCIM resource representing the Account User.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444'
application:
description: The corresponding Application object of the Account.
properties:
displayName:
description: The displayable name of the Account Application.
type: string
example: Mock Application1
value:
description: IdentityIQ identifier for the Account Application.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
ref:
description: The URI of the SCIM resource representing the Account Application.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Applications/c0a7778b7ef71e79817ee74e6a1f0444'
nativeIdentity:
description: The Account unique identifier associated with the native application. This field is immutable.
type: string
example: a1b2c3
displayName:
description: 'The name of the Account, suitable for display to end-users.'
type: string
example: Barbara Jensen
instance:
description: The instance identifier of the Account. This field is immutable.
type: string
example: null
uuid:
description: The UUID of the Account.
type: string
example: '{f99999ff-f000-444b-b6ae-4443dd6cd6ed}'
'urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:APPLICATION NAME:account':
description: 'Provide the name of Application that corresponds to this Account in APPLICATION NAME. This field contains an object structure dependent on the Application that the Account applies to.
Example: urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:**My Application1**:account: { "department": "IT"}'
type: object
additionalProperties: true
active:
description: Flag to indicate this account is enabled or disabled.
type: boolean
example: true
locked:
description: 'Flag to indicate this account is locked. An account may be unlocked by setting this attribute to false, but can not be locked by setting a false value to true.'
type: boolean
example: true
manuallyCorrelated:
description: Flag to indicate this account has been manually correlated in the UI.
type: boolean
example: true
hasEntitlements:
description: Flag to indicate this account has one or more entitlement attributes.
type: boolean
example: true
lastRefresh:
description: Datetime representation of the last refresh for this Account.
type: string
format: date-time
lastTargetAggregation:
description: Datetime representation of last targeted aggregation for the Account.
type: string
format: date-time
meta:
description: Metadata of the SCIM resource.
properties:
created:
description: Datetime this resource was created.
type: string
format: date-time
example: '2022-02-11T01:34:04.074-05:00'
location:
description: The location of the resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Accounts/c0b4568a4fe7458c434ee77d1fbt156b'
lastModified:
description: Datetime the resource was last modified.
type: string
format: date-time
example: '2022-02-11T01:08:45.866-05:00'
version:
description: The version of the SCIM resource.
type: string
example: W"1644561244074"
resourceType:
description: The resource type.
type: string
example: Account
schemas:
description: The schemas involved in the SCIM resource.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Account'
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:Mock Application:account'
application/scim+json:
schema:
properties:
totalResults:
description: Number of Account resources returned.
type: integer
example: '1500,'
startIndex:
description: The starting index of the resource set list. Can be specified with startIndex query parameter.
type: integer
example: 1
schemas:
description: SCIM Schema used for response.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:api:messages:2.0:ListResponse'
Resources:
description: The SCIM resources returned for this endpoint.
type: array
items:
properties:
id:
description: IdentityIQ id of the Account.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
identity:
description: The corresponding User object of the Account.
properties:
userName:
description: The identity name of the Account User.
type: string
example: Barbara.Jensen
displayName:
description: The displayable name of the Account User.
type: string
example: Barbara Jensen
value:
description: IdentityIQ identifier for the Account User.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
ref:
description: The URI of the SCIM resource representing the Account User.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444'
application:
description: The corresponding Application object of the Account.
properties:
displayName:
description: The displayable name of the Account Application.
type: string
example: Mock Application1
value:
description: IdentityIQ identifier for the Account Application.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
ref:
description: The URI of the SCIM resource representing the Account Application.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Applications/c0a7778b7ef71e79817ee74e6a1f0444'
nativeIdentity:
description: The Account unique identifier associated with the native application. This field is immutable.
type: string
example: a1b2c3
displayName:
description: 'The name of the Account, suitable for display to end-users.'
type: string
example: Barbara Jensen
instance:
description: The instance identifier of the Account. This field is immutable.
type: string
example: null
uuid:
description: The UUID of the Account.
type: string
example: '{f99999ff-f000-444b-b6ae-4443dd6cd6ed}'
'urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:APPLICATION NAME:account':
description: 'Provide the name of Application that corresponds to this Account in APPLICATION NAME. This field contains an object structure dependent on the Application that the Account applies to.
Example: urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:**My Application1**:account: { "department": "IT"}'
type: object
additionalProperties: true
active:
description: Flag to indicate this account is enabled or disabled.
type: boolean
example: true
locked:
description: 'Flag to indicate this account is locked. An account may be unlocked by setting this attribute to false, but can not be locked by setting a false value to true.'
type: boolean
example: true
manuallyCorrelated:
description: Flag to indicate this account has been manually correlated in the UI.
type: boolean
example: true
hasEntitlements:
description: Flag to indicate this account has one or more entitlement attributes.
type: boolean
example: true
lastRefresh:
description: Datetime representation of the last refresh for this Account.
type: string
format: date-time
lastTargetAggregation:
description: Datetime representation of last targeted aggregation for the Account.
type: string
format: date-time
meta:
description: Metadata of the SCIM resource.
properties:
created:
description: Datetime this resource was created.
type: string
format: date-time
example: '2022-02-11T01:34:04.074-05:00'
location:
description: The location of the resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Accounts/c0b4568a4fe7458c434ee77d1fbt156b'
lastModified:
description: Datetime the resource was last modified.
type: string
format: date-time
example: '2022-02-11T01:08:45.866-05:00'
version:
description: The version of the SCIM resource.
type: string
example: W"1644561244074"
resourceType:
description: The resource type.
type: string
example: Account
schemas:
description: The schemas involved in the SCIM resource.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Account'
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:Mock Application:account'
post:
operationId: createAccount
tags:
- Accounts
summary: Creates an Account.
description: The endpoint used to create an Account resource. The required payload fields can differ drastically depending on the Application.
parameters:
- in: query
name: attributes
schema:
type: string
example: 'displayName,active'
description: 'A comma-separated list of attributes to return in the response. This query parameter supersedes excludedAttributes, so providing the same attribute(s) to both will result in the attribute(s) being returned.'
- in: query
name: excludedAttributes
schema:
type: string
example: 'displayName,active'
description: A comma-separated list of attributes to exclude from the response. *Some attributes cannot be excluded.*
requestBody:
required: true
content:
application/scim+json:
schema:
properties:
identity:
required:
- value
description: The corresponding User object of the Account.
properties:
userName:
description: The identity name of the Account User.
type: string
example: Barbara.Jensen
displayName:
description: The displayable name of the Account User.
type: string
example: Barbara Jensen
value:
description: IdentityIQ identifier for the Account User.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
ref:
description: The URI of the SCIM resource representing the Account User.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444'
application:
required:
- value
description: The corresponding Application object of the Account.
properties:
displayName:
description: The displayable name of the Account Application.
type: string
example: Mock Application1
value:
description: IdentityIQ identifier for the Account Application.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
ref:
description: The URI of the SCIM resource representing the Account Application.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Applications/c0a7778b7ef71e79817ee74e6a1f0444'
nativeIdentity:
description: The Account unique identifier associated with the native application. This field is immutable.
type: string
example: a1b2c3
displayName:
description: 'The name of the Account, suitable for display to end-users.'
type: string
example: Barbara Jensen
instance:
description: The instance identifier of the Account. This field is immutable.
type: string
example: mockInstance
password:
description: 'The password of the Account, used in created or changing the Account password. This attribute is write-only and will never be returned in a response.'
type: string
example: useStrongPwd123!
currentPassword:
description: 'The current password of the Account, used in created or changing the Account password. This attribute is write-only and will never be returned in a response.'
type: string
example: useStrongPwd123!
'urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:APPLICATION NAME:account':
description: 'Provide the name of Application that corresponds to this Account in APPLICATION NAME. This field contains an object structure dependent on the Application that the Account applies to.
Example: urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:**My Application1**:account: { "department": "IT"}'
type: object
additionalProperties: true
active:
description: Flag to indicate this account is enabled or disabled.
type: boolean
example: true
locked:
description: 'Flag to indicate this account is locked. An account may be unlocked by setting this attribute to false, but can not be locked by setting a false value to true.'
type: boolean
example: true
required:
- identity
- application
- nativeIdentity
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:APPLICATION NAME:account'
'*/*':
schema:
properties:
identity:
required:
- value
description: The corresponding User object of the Account.
properties:
userName:
description: The identity name of the Account User.
type: string
example: Barbara.Jensen
displayName:
description: The displayable name of the Account User.
type: string
example: Barbara Jensen
value:
description: IdentityIQ identifier for the Account User.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
ref:
description: The URI of the SCIM resource representing the Account User.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444'
application:
required:
- value
description: The corresponding Application object of the Account.
properties:
displayName:
description: The displayable name of the Account Application.
type: string
example: Mock Application1
value:
description: IdentityIQ identifier for the Account Application.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
ref:
description: The URI of the SCIM resource representing the Account Application.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Applications/c0a7778b7ef71e79817ee74e6a1f0444'
nativeIdentity:
description: The Account unique identifier associated with the native application. This field is immutable.
type: string
example: a1b2c3
displayName:
description: 'The name of the Account, suitable for display to end-users.'
type: string
example: Barbara Jensen
instance:
description: The instance identifier of the Account. This field is immutable.
type: string
example: mockInstance
password:
description: 'The password of the Account, used in created or changing the Account password. This attribute is write-only and will never be returned in a response.'
type: string
example: useStrongPwd123!
currentPassword:
description: 'The current password of the Account, used in created or changing the Account password. This attribute is write-only and will never be returned in a response.'
type: string
example: useStrongPwd123!
'urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:APPLICATION NAME:account':
description: 'Provide the name of Application that corresponds to this Account in APPLICATION NAME. This field contains an object structure dependent on the Application that the Account applies to.
Example: urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:**My Application1**:account: { "department": "IT"}'
type: object
additionalProperties: true
active:
description: Flag to indicate this account is enabled or disabled.
type: boolean
example: true
locked:
description: 'Flag to indicate this account is locked. An account may be unlocked by setting this attribute to false, but can not be locked by setting a false value to true.'
type: boolean
example: true
required:
- identity
- application
- nativeIdentity
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:APPLICATION NAME:account'
responses:
'201':
description: Creates an Account and returns the resultant Account.
content:
application/json:
schema:
properties:
id:
description: IdentityIQ id of the Account.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
identity:
description: The corresponding User object of the Account.
properties:
userName:
description: The identity name of the Account User.
type: string
example: Barbara.Jensen
displayName:
description: The displayable name of the Account User.
type: string
example: Barbara Jensen
value:
description: IdentityIQ identifier for the Account User.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
ref:
description: The URI of the SCIM resource representing the Account User.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444'
application:
description: The corresponding Application object of the Account.
properties:
displayName:
description: The displayable name of the Account Application.
type: string
example: Mock Application1
value:
description: IdentityIQ identifier for the Account Application.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
ref:
description: The URI of the SCIM resource representing the Account Application.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Applications/c0a7778b7ef71e79817ee74e6a1f0444'
nativeIdentity:
description: The Account unique identifier associated with the native application. This field is immutable.
type: string
example: a1b2c3
displayName:
description: 'The name of the Account, suitable for display to end-users.'
type: string
example: Barbara Jensen
instance:
description: The instance identifier of the Account. This field is immutable.
type: string
example: null
uuid:
description: The UUID of the Account.
type: string
example: '{f99999ff-f000-444b-b6ae-4443dd6cd6ed}'
'urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:APPLICATION NAME:account':
description: 'Provide the name of Application that corresponds to this Account in APPLICATION NAME. This field contains an object structure dependent on the Application that the Account applies to.
Example: urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:**My Application1**:account: { "department": "IT"}'
type: object
additionalProperties: true
active:
description: Flag to indicate this account is enabled or disabled.
type: boolean
example: true
locked:
description: 'Flag to indicate this account is locked. An account may be unlocked by setting this attribute to false, but can not be locked by setting a false value to true.'
type: boolean
example: true
manuallyCorrelated:
description: Flag to indicate this account has been manually correlated in the UI.
type: boolean
example: true
hasEntitlements:
description: Flag to indicate this account has one or more entitlement attributes.
type: boolean
example: true
lastRefresh:
description: Datetime representation of the last refresh for this Account.
type: string
format: date-time
lastTargetAggregation:
description: Datetime representation of last targeted aggregation for the Account.
type: string
format: date-time
meta:
description: Metadata of the SCIM resource.
properties:
created:
description: Datetime this resource was created.
type: string
format: date-time
example: '2022-02-11T01:34:04.074-05:00'
location:
description: The location of the resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Accounts/c0b4568a4fe7458c434ee77d1fbt156b'
lastModified:
description: Datetime the resource was last modified.
type: string
format: date-time
example: '2022-02-11T01:08:45.866-05:00'
version:
description: The version of the SCIM resource.
type: string
example: W"1644561244074"
resourceType:
description: The resource type.
type: string
example: Account
schemas:
description: The schemas involved in the SCIM resource.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Account'
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:Mock Application:account'
'/Accounts/{accountId}':
get:
operationId: getAccountById
tags:
- Accounts
summary: Returns an Account resource based on id.
description: The Account resource with matching id is returned.
parameters:
- name: accountId
in: path
schema:
type: string
example: c7c7777c7ef77e77777ee77e7a1f0444
description: The id of the Account.
required: true
- in: query
name: attributes
schema:
type: string
example: 'displayName,active'
description: 'A comma-separated list of attributes to return in the response. This query parameter supersedes excludedAttributes, so providing the same attribute(s) to both will result in the attribute(s) being returned.'
- in: query
name: excludedAttributes
schema:
type: string
example: 'displayName,active'
description: A comma-separated list of attributes to exclude from the response. *Some attributes cannot be excluded.*
responses:
'200':
description: Returns a single Account resource based on the id.
content:
application/json:
schema:
properties:
id:
description: IdentityIQ id of the Account.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
identity:
description: The corresponding User object of the Account.
properties:
userName:
description: The identity name of the Account User.
type: string
example: Barbara.Jensen
displayName:
description: The displayable name of the Account User.
type: string
example: Barbara Jensen
value:
description: IdentityIQ identifier for the Account User.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
ref:
description: The URI of the SCIM resource representing the Account User.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444'
application:
description: The corresponding Application object of the Account.
properties:
displayName:
description: The displayable name of the Account Application.
type: string
example: Mock Application1
value:
description: IdentityIQ identifier for the Account Application.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
ref:
description: The URI of the SCIM resource representing the Account Application.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Applications/c0a7778b7ef71e79817ee74e6a1f0444'
nativeIdentity:
description: The Account unique identifier associated with the native application. This field is immutable.
type: string
example: a1b2c3
displayName:
description: 'The name of the Account, suitable for display to end-users.'
type: string
example: Barbara Jensen
instance:
description: The instance identifier of the Account. This field is immutable.
type: string
example: null
uuid:
description: The UUID of the Account.
type: string
example: '{f99999ff-f000-444b-b6ae-4443dd6cd6ed}'
'urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:APPLICATION NAME:account':
description: 'Provide the name of Application that corresponds to this Account in APPLICATION NAME. This field contains an object structure dependent on the Application that the Account applies to.
Example: urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:**My Application1**:account: { "department": "IT"}'
type: object
additionalProperties: true
active:
description: Flag to indicate this account is enabled or disabled.
type: boolean
example: true
locked:
description: 'Flag to indicate this account is locked. An account may be unlocked by setting this attribute to false, but can not be locked by setting a false value to true.'
type: boolean
example: true
manuallyCorrelated:
description: Flag to indicate this account has been manually correlated in the UI.
type: boolean
example: true
hasEntitlements:
description: Flag to indicate this account has one or more entitlement attributes.
type: boolean
example: true
lastRefresh:
description: Datetime representation of the last refresh for this Account.
type: string
format: date-time
lastTargetAggregation:
description: Datetime representation of last targeted aggregation for the Account.
type: string
format: date-time
meta:
description: Metadata of the SCIM resource.
properties:
created:
description: Datetime this resource was created.
type: string
format: date-time
example: '2022-02-11T01:34:04.074-05:00'
location:
description: The location of the resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Accounts/c0b4568a4fe7458c434ee77d1fbt156b'
lastModified:
description: Datetime the resource was last modified.
type: string
format: date-time
example: '2022-02-11T01:08:45.866-05:00'
version:
description: The version of the SCIM resource.
type: string
example: W"1644561244074"
resourceType:
description: The resource type.
type: string
example: Account
schemas:
description: The schemas involved in the SCIM resource.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Account'
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:Mock Application:account'
application/scim+json:
schema:
properties:
id:
description: IdentityIQ id of the Account.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
identity:
description: The corresponding User object of the Account.
properties:
userName:
description: The identity name of the Account User.
type: string
example: Barbara.Jensen
displayName:
description: The displayable name of the Account User.
type: string
example: Barbara Jensen
value:
description: IdentityIQ identifier for the Account User.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
ref:
description: The URI of the SCIM resource representing the Account User.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444'
application:
description: The corresponding Application object of the Account.
properties:
displayName:
description: The displayable name of the Account Application.
type: string
example: Mock Application1
value:
description: IdentityIQ identifier for the Account Application.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
ref:
description: The URI of the SCIM resource representing the Account Application.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Applications/c0a7778b7ef71e79817ee74e6a1f0444'
nativeIdentity:
description: The Account unique identifier associated with the native application. This field is immutable.
type: string
example: a1b2c3
displayName:
description: 'The name of the Account, suitable for display to end-users.'
type: string
example: Barbara Jensen
instance:
description: The instance identifier of the Account. This field is immutable.
type: string
example: null
uuid:
description: The UUID of the Account.
type: string
example: '{f99999ff-f000-444b-b6ae-4443dd6cd6ed}'
'urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:APPLICATION NAME:account':
description: 'Provide the name of Application that corresponds to this Account in APPLICATION NAME. This field contains an object structure dependent on the Application that the Account applies to.
Example: urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:**My Application1**:account: { "department": "IT"}'
type: object
additionalProperties: true
active:
description: Flag to indicate this account is enabled or disabled.
type: boolean
example: true
locked:
description: 'Flag to indicate this account is locked. An account may be unlocked by setting this attribute to false, but can not be locked by setting a false value to true.'
type: boolean
example: true
manuallyCorrelated:
description: Flag to indicate this account has been manually correlated in the UI.
type: boolean
example: true
hasEntitlements:
description: Flag to indicate this account has one or more entitlement attributes.
type: boolean
example: true
lastRefresh:
description: Datetime representation of the last refresh for this Account.
type: string
format: date-time
lastTargetAggregation:
description: Datetime representation of last targeted aggregation for the Account.
type: string
format: date-time
meta:
description: Metadata of the SCIM resource.
properties:
created:
description: Datetime this resource was created.
type: string
format: date-time
example: '2022-02-11T01:34:04.074-05:00'
location:
description: The location of the resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Accounts/c0b4568a4fe7458c434ee77d1fbt156b'
lastModified:
description: Datetime the resource was last modified.
type: string
format: date-time
example: '2022-02-11T01:08:45.866-05:00'
version:
description: The version of the SCIM resource.
type: string
example: W"1644561244074"
resourceType:
description: The resource type.
type: string
example: Account
schemas:
description: The schemas involved in the SCIM resource.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Account'
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:Mock Application:account'
put:
operationId: updateAccount
tags:
- Accounts
summary: Updates an existing Account.
description: The endpoint used to update an Account resource. The required payload fields depend on the corresponding Application.
parameters:
- name: accountId
in: path
schema:
type: string
example: c7c7777c7ef77e77777ee77e7a1f0444
description: The id of the Account.
required: true
- in: query
name: attributes
schema:
type: string
example: 'displayName,active'
description: 'A comma-separated list of attributes to return in the response. This query parameter supersedes excludedAttributes, so providing the same attribute(s) to both will result in the attribute(s) being returned.'
- in: query
name: excludedAttributes
schema:
type: string
example: 'displayName,active'
description: A comma-separated list of attributes to exclude from the response. *Some attributes cannot be excluded.*
requestBody:
required: true
content:
application/scim+json:
schema:
properties:
identity:
required:
- value
description: The corresponding User object of the Account.
properties:
userName:
description: The identity name of the Account User.
type: string
example: Barbara.Jensen
displayName:
description: The displayable name of the Account User.
type: string
example: Barbara Jensen
value:
description: IdentityIQ identifier for the Account User.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
ref:
description: The URI of the SCIM resource representing the Account User.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444'
application:
required:
- value
description: The corresponding Application object of the Account.
properties:
displayName:
description: The displayable name of the Account Application.
type: string
example: Mock Application1
value:
description: IdentityIQ identifier for the Account Application.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
ref:
description: The URI of the SCIM resource representing the Account Application.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Applications/c0a7778b7ef71e79817ee74e6a1f0444'
nativeIdentity:
description: The Account unique identifier associated with the native application. This field is immutable.
type: string
example: a1b2c3
displayName:
description: 'The name of the Account, suitable for display to end-users.'
type: string
example: Barbara Jensen
instance:
description: The instance identifier of the Account. This field is immutable.
type: string
example: mockInstance
password:
description: 'The password of the Account, used in created or changing the Account password. This attribute is write-only and will never be returned in a response.'
type: string
example: useStrongPwd123!
currentPassword:
description: 'The current password of the Account, used in created or changing the Account password. This attribute is write-only and will never be returned in a response.'
type: string
example: useStrongPwd123!
'urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:APPLICATION NAME:account':
description: 'Provide the name of Application that corresponds to this Account in APPLICATION NAME. This field contains an object structure dependent on the Application that the Account applies to.
Example: urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:**My Application1**:account: { "department": "IT"}'
type: object
additionalProperties: true
active:
description: Flag to indicate this account is enabled or disabled.
type: boolean
example: true
locked:
description: 'Flag to indicate this account is locked. An account may be unlocked by setting this attribute to false, but can not be locked by setting a false value to true.'
type: boolean
example: true
required:
- identity
- application
- nativeIdentity
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:APPLICATION NAME:account'
'*/*':
schema:
properties:
identity:
required:
- value
description: The corresponding User object of the Account.
properties:
userName:
description: The identity name of the Account User.
type: string
example: Barbara.Jensen
displayName:
description: The displayable name of the Account User.
type: string
example: Barbara Jensen
value:
description: IdentityIQ identifier for the Account User.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
ref:
description: The URI of the SCIM resource representing the Account User.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444'
application:
required:
- value
description: The corresponding Application object of the Account.
properties:
displayName:
description: The displayable name of the Account Application.
type: string
example: Mock Application1
value:
description: IdentityIQ identifier for the Account Application.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
ref:
description: The URI of the SCIM resource representing the Account Application.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Applications/c0a7778b7ef71e79817ee74e6a1f0444'
nativeIdentity:
description: The Account unique identifier associated with the native application. This field is immutable.
type: string
example: a1b2c3
displayName:
description: 'The name of the Account, suitable for display to end-users.'
type: string
example: Barbara Jensen
instance:
description: The instance identifier of the Account. This field is immutable.
type: string
example: mockInstance
password:
description: 'The password of the Account, used in created or changing the Account password. This attribute is write-only and will never be returned in a response.'
type: string
example: useStrongPwd123!
currentPassword:
description: 'The current password of the Account, used in created or changing the Account password. This attribute is write-only and will never be returned in a response.'
type: string
example: useStrongPwd123!
'urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:APPLICATION NAME:account':
description: 'Provide the name of Application that corresponds to this Account in APPLICATION NAME. This field contains an object structure dependent on the Application that the Account applies to.
Example: urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:**My Application1**:account: { "department": "IT"}'
type: object
additionalProperties: true
active:
description: Flag to indicate this account is enabled or disabled.
type: boolean
example: true
locked:
description: 'Flag to indicate this account is locked. An account may be unlocked by setting this attribute to false, but can not be locked by setting a false value to true.'
type: boolean
example: true
required:
- identity
- application
- nativeIdentity
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:APPLICATION NAME:account'
responses:
'200':
description: Updates an existing Account and returns that Account.
content:
application/json:
schema:
properties:
id:
description: IdentityIQ id of the Account.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
identity:
description: The corresponding User object of the Account.
properties:
userName:
description: The identity name of the Account User.
type: string
example: Barbara.Jensen
displayName:
description: The displayable name of the Account User.
type: string
example: Barbara Jensen
value:
description: IdentityIQ identifier for the Account User.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
ref:
description: The URI of the SCIM resource representing the Account User.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444'
application:
description: The corresponding Application object of the Account.
properties:
displayName:
description: The displayable name of the Account Application.
type: string
example: Mock Application1
value:
description: IdentityIQ identifier for the Account Application.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
ref:
description: The URI of the SCIM resource representing the Account Application.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Applications/c0a7778b7ef71e79817ee74e6a1f0444'
nativeIdentity:
description: The Account unique identifier associated with the native application. This field is immutable.
type: string
example: a1b2c3
displayName:
description: 'The name of the Account, suitable for display to end-users.'
type: string
example: Barbara Jensen
instance:
description: The instance identifier of the Account. This field is immutable.
type: string
example: null
uuid:
description: The UUID of the Account.
type: string
example: '{f99999ff-f000-444b-b6ae-4443dd6cd6ed}'
'urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:APPLICATION NAME:account':
description: 'Provide the name of Application that corresponds to this Account in APPLICATION NAME. This field contains an object structure dependent on the Application that the Account applies to.
Example: urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:**My Application1**:account: { "department": "IT"}'
type: object
additionalProperties: true
active:
description: Flag to indicate this account is enabled or disabled.
type: boolean
example: true
locked:
description: 'Flag to indicate this account is locked. An account may be unlocked by setting this attribute to false, but can not be locked by setting a false value to true.'
type: boolean
example: true
manuallyCorrelated:
description: Flag to indicate this account has been manually correlated in the UI.
type: boolean
example: true
hasEntitlements:
description: Flag to indicate this account has one or more entitlement attributes.
type: boolean
example: true
lastRefresh:
description: Datetime representation of the last refresh for this Account.
type: string
format: date-time
lastTargetAggregation:
description: Datetime representation of last targeted aggregation for the Account.
type: string
format: date-time
meta:
description: Metadata of the SCIM resource.
properties:
created:
description: Datetime this resource was created.
type: string
format: date-time
example: '2022-02-11T01:34:04.074-05:00'
location:
description: The location of the resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Accounts/c0b4568a4fe7458c434ee77d1fbt156b'
lastModified:
description: Datetime the resource was last modified.
type: string
format: date-time
example: '2022-02-11T01:08:45.866-05:00'
version:
description: The version of the SCIM resource.
type: string
example: W"1644561244074"
resourceType:
description: The resource type.
type: string
example: Account
schemas:
description: The schemas involved in the SCIM resource.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Account'
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:Mock Application:account'
delete:
operationId: deleteAccount
tags:
- Accounts
summary: Deletes an existing Account.
description: The endpoint used to delete an Account resource. **This is not reversible.**
parameters:
- name: accountId
in: path
schema:
type: string
example: c7c7777c7ef77e77777ee77e7a1f0444
description: The id of the Account.
required: true
responses:
'204':
description: Returns a 204 with no response body if delete was successful.
/Alerts:
get:
operationId: getAlerts
tags:
- Alerts
summary: Returns all Alert resources.
description: |
This endpoint returns all Alert resources.
Attributes to include in the response can be specified with the 'attributes' query parameter.
Attributes to exclude from the response can be specified with the 'excludedAttributes' query parameter.
The schemas related to Alerts are:
- **urn:ietf:params:scim:schemas:core:1.0:Alert**
- **urn:ietf:params:scim:schemas:core:1.0:AlertInput**
parameters:
- in: query
name: filter
schema:
type: string
example: name eq "0000000001"
description: 'Allows for query filters according to RFC-7644, Section 3.4.2.2 - not all operations are supported.'
- in: query
name: lookupByName
schema:
type: boolean
default: false
example: true
description: Set to true if the Alert name is passed instead of the Alert id.
- in: query
name: sortBy
schema:
type: string
example: name
description: Allows sorting the results by a resource's attributes.
- in: query
name: sortOrder
schema:
type: string
default: ascending
example: descending
description: Determines what order to sort results in.
- in: query
name: startIndex
schema:
type: integer
example: '10'
default: 1
description: Determines the starting index of the result set.
- in: query
name: count
schema:
type: integer
example: '10'
default: 1000
description: Specifies the number of results per page.
- in: query
name: attributes
schema:
type: string
example: name
description: 'A comma-separated list of attributes to return in the response. This query parameter supersedes excludedAttributes, so providing the same attribute(s) to both will result in the attribute(s) being returned.'
- in: query
name: excludedAttributes
schema:
type: string
example: 'name, application'
description: A comma-separated list of attributes to exclude from the response. **Some attributes cannot be excluded.**
responses:
'200':
description: Returned all SCIM resources for this endpoint.
content:
application/json:
schema:
properties:
totalResults:
description: Number of resources returned for this endpoint.
type: integer
example: '1,'
startIndex:
description: The starting index of the resource set list. Can be specified with startIndex query parameter.
type: integer
example: 1
schemas:
description: SCIM Schema used for response.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:api:messages:2.0:ListResponse'
Resources:
type: array
items:
properties:
id:
description: Unique identifier of the Alert.
type: string
example: c0a8019c7fe11678817fe18984351477
name:
description: 'Name of the Alert, auto-generated by the SCIM Server.'
type: string
example: '0000000001'
displayName:
description: Display name of the Alert.
type: string
example: Hello World!
type:
description: Type of the Alert.
type: string
example: Permission
attributes:
description: A list of attributes of the Alert.
type: array
items:
properties:
value:
description: The attribute value.
type: string
example: Grackle5.Test.Sailpoint.com
key:
description: The attribute key.
type: string
example: bamName
application:
description: The corresponding Application object of the Alert.
type: object
properties:
value:
description: The Application associated with the Alert.
type: string
example: Active_Directory
$ref:
description: The URI of the SCIM resource representating the Alert application.
type: object
example: 'http://localhost:8080/identityiq/scim/v2/Applications/7f00000180281df7818028bfed100826'
displayName:
description: The name of the Alert Application.
type: string
example: Active_Directory
actions:
description: Not empty if action was taken on the Alert.
type: array
items:
properties:
type:
description: The type of action performed as a result of the Alert.
type: string
enum:
- WORKFLOW
- CERTIFICATION
- NOTIFICATION
example: WORKFLOW
alertDefinitionName:
description: The name of the Alert Definition that triggered the action.
type: string
example: lowSeverityAlertDefinition
resultId:
description: 'Typically actions create other objects, a certificationId or workflowId as a result of the action taken.'
type: string
example: 7f00000180281df7818028c109ea1742
result:
description: The Task Result of the Alert.
type: array
items:
properties:
name:
description: The name of the Task Result for the Alert action.
type: string
workflowName:
description: The name of the Workflow used in the Alert action task result.
type: string
example: LCM Provisioning
notifications:
description: Notifications to send when a Alert action is generated.
type: array
items:
properties:
name:
description: The name of configured notifications for Alert action results.
type: string
example: lowLevelAlertNotification
displayName:
description: Display name for the Alert action notification.
type: string
example: lowLevelAlert result notification
emailAddresses:
description: A list of email addresses to send an Alert action notification.
type: string
example: 'amanda.ross@demoexample.com, alice.ford@demoexample.com'
alertDate:
description: 'The Alert DateTime, this could have different meanings based on the type of alert.'
type: string
format: date-time
example: '2022-03-31T14:52:40.265-05:00'
lastProcessed:
description: 'The DateTime of the last time the alert was processed, this does not indicate the system took action on the Alert.'
type: string
format: date-time
example: '2022-03-31T14:52:40.260-05:00'
nativeId:
description: Unique Identifier of the Alert in the native system.
type: string
example: 420bebfb-c87a-406f-930c-29e06feb47bc
targetId:
description: Unique Identifier of the target object which caused the Alert.
type: string
example: c0a8019c7fe51750817fe634a6b10171
targetType:
description: The type of SailPointObject the target is.
type: string
example: Certification
targetDisplayName:
description: User friendly display name of the target object.
type: string
example: Manager Certification
meta:
description: Metadata for the Alert.
type: array
items:
properties:
created:
description: DateTime when the Alert was created.
type: string
format: date-time
example: '2022-03-31T14:52:40.245-05:00'
location:
description: URL to the Alert.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Alerts/c0a8019c7fe11678817fe18984351477'
lastModified:
description: DateTime of Alert last modification.
type: string
format: date-time
example: '2022-03-31T14:52:40.265-05:00'
version:
description: Alert version.
type: string
example: W"1650050901217"
resourceType:
description: Resource type of the metadata subject.
type: string
example: Alert
schemas:
description: A list of the schemas used for Alerts.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:AlertInput'
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Alert'
application/scim+json:
schema:
properties:
totalResults:
description: Number of Alert resources returned.
type: integer
example: '1500,'
startIndex:
description: The starting index of the resource set list. Can be specified with startIndex query parameter.
type: integer
example: 1
schemas:
description: SCIM Schema used for response.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:api:messages:2.0:ListResponse'
Resources:
description: The SCIM resources returned for this endpoint.
type: array
items:
properties:
id:
description: Unique identifier of the Alert.
type: string
example: c0a8019c7fe11678817fe18984351477
name:
description: 'Name of the Alert, auto-generated by the SCIM Server.'
type: string
example: '0000000001'
displayName:
description: Display name of the Alert.
type: string
example: Hello World!
type:
description: Type of the Alert.
type: string
example: Permission
attributes:
description: A list of attributes of the Alert.
type: array
items:
properties:
value:
description: The attribute value.
type: string
example: Grackle5.Test.Sailpoint.com
key:
description: The attribute key.
type: string
example: bamName
application:
description: The corresponding Application object of the Alert.
type: object
properties:
value:
description: The Application associated with the Alert.
type: string
example: Active_Directory
$ref:
description: The URI of the SCIM resource representating the Alert application.
type: object
example: 'http://localhost:8080/identityiq/scim/v2/Applications/7f00000180281df7818028bfed100826'
displayName:
description: The name of the Alert Application.
type: string
example: Active_Directory
actions:
description: Not empty if action was taken on the Alert.
type: array
items:
properties:
type:
description: The type of action performed as a result of the Alert.
type: string
enum:
- WORKFLOW
- CERTIFICATION
- NOTIFICATION
example: WORKFLOW
alertDefinitionName:
description: The name of the Alert Definition that triggered the action.
type: string
example: lowSeverityAlertDefinition
resultId:
description: 'Typically actions create other objects, a certificationId or workflowId as a result of the action taken.'
type: string
example: 7f00000180281df7818028c109ea1742
result:
description: The Task Result of the Alert.
type: array
items:
properties:
name:
description: The name of the Task Result for the Alert action.
type: string
workflowName:
description: The name of the Workflow used in the Alert action task result.
type: string
example: LCM Provisioning
notifications:
description: Notifications to send when a Alert action is generated.
type: array
items:
properties:
name:
description: The name of configured notifications for Alert action results.
type: string
example: lowLevelAlertNotification
displayName:
description: Display name for the Alert action notification.
type: string
example: lowLevelAlert result notification
emailAddresses:
description: A list of email addresses to send an Alert action notification.
type: string
example: 'amanda.ross@demoexample.com, alice.ford@demoexample.com'
alertDate:
description: 'The Alert DateTime, this could have different meanings based on the type of alert.'
type: string
format: date-time
example: '2022-03-31T14:52:40.265-05:00'
lastProcessed:
description: 'The DateTime of the last time the alert was processed, this does not indicate the system took action on the Alert.'
type: string
format: date-time
example: '2022-03-31T14:52:40.260-05:00'
nativeId:
description: Unique Identifier of the Alert in the native system.
type: string
example: 420bebfb-c87a-406f-930c-29e06feb47bc
targetId:
description: Unique Identifier of the target object which caused the Alert.
type: string
example: c0a8019c7fe51750817fe634a6b10171
targetType:
description: The type of SailPointObject the target is.
type: string
example: Certification
targetDisplayName:
description: User friendly display name of the target object.
type: string
example: Manager Certification
meta:
description: Metadata for the Alert.
type: array
items:
properties:
created:
description: DateTime when the Alert was created.
type: string
format: date-time
example: '2022-03-31T14:52:40.245-05:00'
location:
description: URL to the Alert.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Alerts/c0a8019c7fe11678817fe18984351477'
lastModified:
description: DateTime of Alert last modification.
type: string
format: date-time
example: '2022-03-31T14:52:40.265-05:00'
version:
description: Alert version.
type: string
example: W"1650050901217"
resourceType:
description: Resource type of the metadata subject.
type: string
example: Alert
schemas:
description: A list of the schemas used for Alerts.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:AlertInput'
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Alert'
post:
operationId: createAlert
tags:
- Alerts
summary: Creates a new Alert.
description: The endpoint used to create an Alert resource.
parameters:
- in: query
name: attributes
schema:
type: string
example: name
description: 'A comma-separated list of attributes to return in the response. This query parameter supersedes excludedAttributes, so providing the same attribute(s) to both will result in the attribute(s) being returned.'
- in: query
name: excludedAttributes
schema:
type: string
example: 'name, application'
description: A comma-separated list of attributes to exclude from the response. **Some attributes cannot be excluded.**
requestBody:
required: true
content:
application/scim+json:
schema:
properties:
displayName:
description: Display name of the Alert.
type: string
example: Confidential File Opened
type:
description: Type of the Alert.
type: string
example: alert
attributes:
description: A list of attributes of the Alert.
type: array
items:
properties:
key:
description: The attribute key.
type: string
example: userFullName
value:
description: The attribute value.
type: string
example: TEST/Anne.Arnold
alertDate:
description: 'The Alert DateTime, this could have different meanings based on the type of alert.'
type: string
format: date-time
example: '2022-05-04T13:24:09.661-05:00'
nativeId:
description: Unique Identifier of the Alert in the native system.
type: string
example: '2351234513245349'
targetId:
description: Unique Identifier of the target object which caused the Alert.
type: string
example: 2c9091d24f65486f014f6568be4400f7
targetType:
description: The type of SailPointObject the target is.
type: string
example: Identity
targetDisplayName:
description: User friendly display name of the target object.
type: string
example: Anne.Arnold
application:
description: The corresponding Application object of the Alert.
type: object
properties:
displayName:
description: The name of the Alert Application. OPTIONAL and READ-ONLY.
type: string
example: JDBCDirectAlerts
value:
description: The Application associated with the Alert.
type: string
example: 7f00000180281df7818028bfed100826
$ref:
description: The URI of the SCIM resource representating the Alert application.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Applications/7f00000180281df7818028bfed100826'
responses:
'201':
description: Creates an Alert and returns the resultant Alert.
content:
application/json:
schema:
properties:
id:
description: Unique identifier of the Alert.
type: string
example: c0a8019c7fe11678817fe18984351477
name:
description: 'Name of the Alert, auto-generated by the SCIM Server.'
type: string
example: '0000000001'
displayName:
description: Display name of the Alert.
type: string
example: Hello World!
type:
description: Type of the Alert.
type: string
example: Permission
attributes:
description: A list of attributes of the Alert.
type: array
items:
properties:
value:
description: The attribute value.
type: string
example: Grackle5.Test.Sailpoint.com
key:
description: The attribute key.
type: string
example: bamName
application:
description: The corresponding Application object of the Alert.
type: object
properties:
value:
description: The Application associated with the Alert.
type: string
example: Active_Directory
$ref:
description: The URI of the SCIM resource representating the Alert application.
type: object
example: 'http://localhost:8080/identityiq/scim/v2/Applications/7f00000180281df7818028bfed100826'
displayName:
description: The name of the Alert Application.
type: string
example: Active_Directory
actions:
description: Not empty if action was taken on the Alert.
type: array
items:
properties:
type:
description: The type of action performed as a result of the Alert.
type: string
enum:
- WORKFLOW
- CERTIFICATION
- NOTIFICATION
example: WORKFLOW
alertDefinitionName:
description: The name of the Alert Definition that triggered the action.
type: string
example: lowSeverityAlertDefinition
resultId:
description: 'Typically actions create other objects, a certificationId or workflowId as a result of the action taken.'
type: string
example: 7f00000180281df7818028c109ea1742
result:
description: The Task Result of the Alert.
type: array
items:
properties:
name:
description: The name of the Task Result for the Alert action.
type: string
workflowName:
description: The name of the Workflow used in the Alert action task result.
type: string
example: LCM Provisioning
notifications:
description: Notifications to send when a Alert action is generated.
type: array
items:
properties:
name:
description: The name of configured notifications for Alert action results.
type: string
example: lowLevelAlertNotification
displayName:
description: Display name for the Alert action notification.
type: string
example: lowLevelAlert result notification
emailAddresses:
description: A list of email addresses to send an Alert action notification.
type: string
example: 'amanda.ross@demoexample.com, alice.ford@demoexample.com'
alertDate:
description: 'The Alert DateTime, this could have different meanings based on the type of alert.'
type: string
format: date-time
example: '2022-03-31T14:52:40.265-05:00'
lastProcessed:
description: 'The DateTime of the last time the alert was processed, this does not indicate the system took action on the Alert.'
type: string
format: date-time
example: '2022-03-31T14:52:40.260-05:00'
nativeId:
description: Unique Identifier of the Alert in the native system.
type: string
example: 420bebfb-c87a-406f-930c-29e06feb47bc
targetId:
description: Unique Identifier of the target object which caused the Alert.
type: string
example: c0a8019c7fe51750817fe634a6b10171
targetType:
description: The type of SailPointObject the target is.
type: string
example: Certification
targetDisplayName:
description: User friendly display name of the target object.
type: string
example: Manager Certification
meta:
description: Metadata for the Alert.
type: array
items:
properties:
created:
description: DateTime when the Alert was created.
type: string
format: date-time
example: '2022-03-31T14:52:40.245-05:00'
location:
description: URL to the Alert.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Alerts/c0a8019c7fe11678817fe18984351477'
lastModified:
description: DateTime of Alert last modification.
type: string
format: date-time
example: '2022-03-31T14:52:40.265-05:00'
version:
description: Alert version.
type: string
example: W"1650050901217"
resourceType:
description: Resource type of the metadata subject.
type: string
example: Alert
schemas:
description: A list of the schemas used for Alerts.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:AlertInput'
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Alert'
'/Alerts/{alertId}':
get:
operationId: getAlertById
tags:
- Alerts
summary: Returns an Alert resource based on id.
description: |
>The Alert resource with matching id is returned.
>Attributes to include in the response can be specified with the attributes query parameter.
>Attributes to exclude from the response can be specified with the excludedAttributes query parameter.
parameters:
- name: alertId
in: path
schema:
type: string
example: c0a8019c802d1e5a81802eb2b57e020f
description: id of Alert resource.
required: true
- in: query
name: attributes
schema:
type: string
example: name
description: 'A comma-separated list of attributes to return in the response. This query parameter supersedes excludedAttributes, so providing the same attribute(s) to both will result in the attribute(s) being returned.'
- in: query
name: excludedAttributes
schema:
type: string
example: 'name, application'
description: A comma-separated list of attributes to exclude from the response. **Some attributes cannot be excluded.**
responses:
'200':
description: Returns a single Alert resource based on the id.
content:
application/json:
schema:
properties:
id:
description: Unique identifier of the Alert.
type: string
example: c0a8019c7ffa186e817ffb80170a0195
name:
description: 'Name of the Alert, auto-generated by the SCIM Server.'
type: string
example: '0000000002'
displayName:
description: Display name of the Alert.
type: string
example: Workflow Alert
type:
description: Type of the Alert.
type: string
example: Business Process Alert
attributes:
description: A list of attributes of the Alert.
type: array
items:
properties:
value:
description: The attribute value.
type: string
example: Windows File Server (Agent)
key:
description: The attribute key.
type: string
example: applicationType
application:
description: The corresponding Application object of the Alert.
type: array
items:
properties:
value:
description: The Application associated with the Alert.
type: string
example: SAP
$ref:
description: The URI of the SCIM resource representating the Alert application.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Applications/7f00000180281df7818028bfed100826'
displayName:
description: The name of the Alert Application. OPTIONAL and READ-ONLY.
type: string
example: SAP Financial App
actions:
description: Alert actions.
type: array
items:
properties:
type:
description: The type of action performed as a result of the Alert.
type: string
enum:
- WORKFLOW
- CERTIFICATION
- NOTIFICATION
example: Certification
alertDefinitionName:
description: The name of the Alert Definition that triggered the action.
type: string
example: certLauncher
resultId:
description: 'Typically actions create other objects, a certificationId or workflowId as a result of the action taken.'
type: string
example: 7f00000180281df7818028c109ea1742
result:
description: The Task Result of the Alert.
type: array
items:
properties:
name:
description: The name of the Task Result for the Alert action.
type: string
example: Alert 0000000001 Certification Result
workflowName:
description: The name of the Workflow used in the Alert action task result.
type: string
example: refreshCerficationSchedule
notifications:
type: array
description: Notifications to send when a Alert action is generated.
items:
properties:
name:
description: The name of configured notifications for Alert action results.
type: string
example: 000000009
displayName:
description: Display name for the Alert action notification.
type: string
example: Certification Refresh Notification for James.Smith
emailAddresses:
description: A list of email addresses to send an Alert action notification.
type: string
example: james.smith@demoexample.com
alertDate:
description: 'The Alert DateTime, this could have different meanings based on the type of alert.'
type: string
format: date-time
example: '2022-03-31T14:52:40.265-05:00'
lastProcessed:
description: 'The DateTime of the last time the Alert was processed, this does not indicate the system took action on the Alert.'
type: string
format: date-time
example: '2022-03-31T14:52:40.260-05:00'
nativeId:
description: Unique Identifier of the Alert in the native system.
type: string
example: 420bebfb-c87a-406f-930c-29e06feb47bc
targetId:
description: Unique Identifier of the target object which caused the Alert.
type: string
example: c0a8019c7fe51750817fe634a6b10171
targetType:
description: The type of SailPointObject the target is.
type: string
example: Certification
targetDisplayName:
description: User friendly display name of the target object.
type: string
example: Manager Certification
meta:
type: object
properties:
created:
description: DateTime when the Alert was created.
type: string
format: date-time
example: '2022-04-05T15:52:30.090-05:00'
location:
description: URL to the Alert.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Alerts/c0a8019c7ffa186e817ffb80170a0195'
lastModified:
description: DateTime of Alert last modification.
type: string
format: date-time
example: '2022-04-05T15:52:30.119-05:00'
version:
description: Alert version.
type: string
example: W"1649191950119"
resourceType:
description: Resource type of the metadata subject.
type: string
example: Alert
/Applications:
get:
operationId: getApplications
tags:
- Applications
summary: Returns all Application resources.
description: |
This endpoint returns all Application resources.
Attributes to include in the response can be specified with the 'attributes' query parameter.
Attributes to exclude from the response can be specified with the 'excludedAttributes' query parameter.
The schema related to Applications is:
- **urn:ietf:params:scim:schemas:core:1.0:Application**
parameters:
- in: query
name: filter
schema:
type: string
example: type eq "Active Directory - Direct"
description: 'Allows for query filters according to RFC-7644, Section 3.4.2.2 - not all operations are supported.'
- in: query
name: lookupByName
schema:
type: boolean
default: false
example: true
- in: query
name: sortBy
schema:
type: string
example: name
description: Allows sorting the results by a resource's attributes.
- in: query
name: sortOrder
schema:
type: string
default: ascending
example: descending
description: Determines what order to sort results in.
- in: query
name: startIndex
schema:
type: integer
example: 10
default: 1
description: Determines the starting index of the result set.
- in: query
name: count
schema:
type: integer
example: 10
default: 1
description: Specifies the number of results per page.
- in: query
name: attributes
schema:
type: string
example: 'name,type,features'
description: 'The Application attributes to include in the response. The query parameter value is a comma-separated list of fields to be returned in the response for each Application. The attributes listed will be the only ones returned in the response, with the exception of id, schemas, and meta, which are always returned for an Application.'
- in: query
name: excludedAttributes
schema:
type: string
example: features
description: 'The Application attributes to exclude frome the response. The query parameter value is a comma-separated list of fields to be excluded from the response for each Application. The attributes listed will be the only ones excluded frome the response, with the exception of id, schemas, and meta, which are always returned for an Application.'
responses:
'200':
description: Returns all SCIM Application resources.
content:
application/json:
schema:
properties:
totalResults:
description: Number of Application resources returned.
type: integer
example: '18,'
startIndex:
description: The starting index of the resource set list. Can be specified with startIndex query parameter.
type: integer
example: 1
schemas:
description: SCIM Schema used for response.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:api:messages:2.0:ListResponse'
Resources:
type: array
items:
properties:
id:
description: IdentityIQ id of the Application.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
name:
description: Unique name for the Application. This name MUST be unique across the entire set of Applications.
type: string
example: Active Directory
descriptions:
description: A list of localized descriptions of the Application.
type: array
example:
- locale: en_US
value: The main Active_Directory domain data for the corporate network.
type:
description: The type of the Application.
type: string
example: Active Directory - Direct
features:
description: A list of features of the Application.
type: array
example:
- - DIRECT_PERMISSIONS
- NO_RANDOM_ACCESS
- DISCOVER_SCHEMA
owner:
description: The owner of the Application.
type: object
properties:
displayName:
description: Display name of the application owner.
type: string
example: Joe Smith
value:
description: id of the application owner.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
$ref:
description: URI reference of the application owner resource.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Users/c0b4568a4fe7458c434ee77d1fbt156b'
applicationSchemas:
description: List of the Application Schemas.
type: object
properties:
value:
description: The urn of the Application Schema.
type: string
example: 'urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:Active Directory:account'
type:
description: 'The type of Application Schema (account, group, etc.).'
type: string
example: account
$ref:
description: The URI of the SCIM resource representing the Entitlement.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Schemas/urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:Active%20Directory:account'
meta:
description: Metadata of the SCIM resource.
properties:
created:
description: Datetime this Application was created.
type: string
format: date-time
example: '2022-02-11T01:34:04.074-05:00'
location:
description: The location of the SCIM resource.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Applications/c0b4568a4fe7458c434ee77d1fbt156b'
lastModified:
description: Datetime the Application was last modified.
type: string
format: date-time
example: '2022-02-11T01:08:45.866-05:00'
version:
description: The version of the SCIM resource.
type: string
example: W"1644561244074"
resourceType:
description: The SCIM resource type.
type: string
example: Application
schemas:
description: The schemas involved in the SCIM resource.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Application'
application/scim+json:
schema:
properties:
totalResults:
description: Number of Application resources returned.
type: integer
example: '1500,'
startIndex:
description: The starting index of the resource set list. Can be specified with startIndex query parameter.
type: integer
example: 1
schemas:
description: SCIM Schema used for response.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:api:messages:2.0:ListResponse'
Resources:
description: The SCIM resources returned for this endpoint.
type: array
items:
properties:
id:
description: IdentityIQ id of the Application.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
name:
description: Unique name for the Application. This name MUST be unique across the entire set of Applications.
type: string
example: Active Directory
descriptions:
description: A list of localized descriptions of the Application.
type: array
example:
- locale: en_US
value: The main Active_Directory domain data for the corporate network.
type:
description: The type of the Application.
type: string
example: Active Directory - Direct
features:
description: A list of features of the Application.
type: array
example:
- - DIRECT_PERMISSIONS
- NO_RANDOM_ACCESS
- DISCOVER_SCHEMA
owner:
description: The owner of the Application.
type: object
properties:
displayName:
description: Display name of the application owner.
type: string
example: Joe Smith
value:
description: id of the application owner.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
$ref:
description: URI reference of the application owner resource.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Users/c0b4568a4fe7458c434ee77d1fbt156b'
applicationSchemas:
description: List of the Application Schemas.
type: object
properties:
value:
description: The urn of the Application Schema.
type: string
example: 'urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:Active Directory:account'
type:
description: 'The type of Application Schema (account, group, etc.).'
type: string
example: account
$ref:
description: The URI of the SCIM resource representing the Entitlement.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Schemas/urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:Active%20Directory:account'
meta:
description: Metadata of the SCIM resource.
properties:
created:
description: Datetime this Application was created.
type: string
format: date-time
example: '2022-02-11T01:34:04.074-05:00'
location:
description: The location of the SCIM resource.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Applications/c0b4568a4fe7458c434ee77d1fbt156b'
lastModified:
description: Datetime the Application was last modified.
type: string
format: date-time
example: '2022-02-11T01:08:45.866-05:00'
version:
description: The version of the SCIM resource.
type: string
example: W"1644561244074"
resourceType:
description: The SCIM resource type.
type: string
example: Application
schemas:
description: The schemas involved in the SCIM resource.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Application'
'/Applications/{applicationId}':
get:
operationId: getApplication
tags:
- Applications
summary: Returns an Application resource based on id or name.
description: |
The Application resource with matching id or name is returned. Attributes to include in the response can be specified with the 'attributes' query parameter.
Attributes to exclude from the response can be specified with the 'excludedAttributes' query parameter.
The schema related to Application is:
- **urn:ietf:params:scim:schemas:sailpoint:1.0:Application.**
parameters:
- name: applicationId
in: path
schema:
type: string
example: 7f00000180281df7818028bfaae8035b
description: id or name of Application resource.
required: true
- in: query
name: attributes
schema:
type: string
example: 'name,type,features'
description: 'The Application attributes to include in the response. The query parameter value is a comma-separated list of fields to be returned in the response for each Application. The attributes listed will be the only ones returned in the response, with the exception of id, schemas, and meta, which are always returned for an Application.'
- in: query
name: excludedAttributes
schema:
type: string
example: features
description: 'The Application attributes to exclude frome the response. The query parameter value is a comma-separated list of fields to be excluded from the response for each Application. The attributes listed will be the only ones excluded frome the response, with the exception of id, schemas, and meta, which are always returned for an Application.'
responses:
'200':
description: Returns a single Application resource based on the id.
content:
application/json:
schema:
properties:
id:
description: IdentityIQ id of the Application.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
name:
description: Unique name for the Application. This name MUST be unique across the entire set of Applications.
type: string
example: Active Directory
descriptions:
description: A list of localized descriptions of the Application.
type: array
example:
- locale: en_US
value: The main Active_Directory domain data for the corporate network.
type:
description: The type of the Application.
type: string
example: Active Directory - Direct
features:
description: A list of features of the Application.
type: array
example:
- - DIRECT_PERMISSIONS
- NO_RANDOM_ACCESS
- DISCOVER_SCHEMA
owner:
description: The owner of the Application.
type: object
properties:
displayName:
description: Display name of the application owner.
type: string
example: Joe Smith
value:
description: id of the application owner.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
$ref:
description: URI reference of the application owner resource.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Users/c0b4568a4fe7458c434ee77d1fbt156b'
applicationSchemas:
description: List of the Application Schemas.
type: object
properties:
value:
description: The urn of the Application Schema.
type: string
example: 'urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:Active Directory:account'
type:
description: 'The type of Application Schema (account, group, etc.).'
type: string
example: account
$ref:
description: The URI of the SCIM resource representing the Entitlement.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Schemas/urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:Active%20Directory:account'
meta:
description: Metadata of the SCIM resource.
properties:
created:
description: Datetime this Application was created.
type: string
format: date-time
example: '2022-02-11T01:34:04.074-05:00'
location:
description: The location of the SCIM resource.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Applications/c0b4568a4fe7458c434ee77d1fbt156b'
lastModified:
description: Datetime the Application was last modified.
type: string
format: date-time
example: '2022-02-11T01:08:45.866-05:00'
version:
description: The version of the SCIM resource.
type: string
example: W"1644561244074"
resourceType:
description: The SCIM resource type.
type: string
example: Application
schemas:
description: The schemas involved in the SCIM resource.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Application'
/CheckedPolicyViolations:
post:
operationId: checkPolicyViolations
tags:
- Checked Policy Violations
summary: 'This endpoint simulates provisioning a set of access items, and then checks against a set of policies to determine if granting the access items would cause creation of new policy violations.'
description: |
>This submits a set of access items to request and a set of policies to check after the access provisioning is simulated in order to determine if policy violations would be created by provisioning the access items. It receives a payload that includes:
>**An identity:** Used as the recipient for the access items on the simulation.
>**A provisioning plan:** To specify the changes to be simulatedly provisioned in the provided identity
>**A list of policies:** to check after the simulation of provisioning plan was applied to the identity in order to determine if the access granted in the simulation causes new policy violations.
>Optionally you can pass a list of attributes, as query params, to be included or excluded from the response, this setting is applicable only to top level attributes as defined in the schema ***urn:ietf:params:scim:schemas:sailpoint:1.0:CheckedPolicyViolation.***
>**Valid values**:
**- policies**
**- identity**
**- plan**
**- violations**
**- leftBundles**
**- rightBundles**
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
identity:
description: An identity for whom access is requested on the provisioning simulation
type: string
example:
identity: Ryan.Russell
plan:
description: A provisioning plan detailing the access to request on the simulation
type: object
properties:
value:
type: object
properties:
accounts:
type: array
items:
type: object
properties:
op:
description: The operation to perform on the provisioning.
type: string
example: Modify
instance:
type: string
example: 'null'
description: A particular instance to provision this access to
application:
type: string
example: Active_Directory
description: The application that owns the access items in the request
attributes:
type: array
items:
type: object
properties:
op:
description: The operation to perform on the access item.
type: string
example: Add
name:
description: The type of access item to provision.
type: string
example: groupmbr
value:
description: The name of the access item to provision.
type: string
example: UnixAdministration
type:
type: string
example: application/sailpoint.object.ProvisioningPlan+json
policies:
description: A list of policies to check for new policy violations on the access provisioned by the simulation.
type: array
items:
type: string
example:
- SOD Policy
- Entitlement Policy
- RandomPolicyNotExisting
responses:
'201':
description: Returns a list of violations based on simulated requested access
content:
application/json:
schema:
type: object
properties:
identity:
description: An identity for whom access was requested on the provisioning simulation
type: string
example:
identity: Ryan.Russell
meta:
type: object
properties:
resourceType:
description: ''
type: string
example: CheckedPolicyViolation
violations:
type: array
items:
properties:
entitlements:
description: An array of the entitlements used in the provisioning simulation.
type: array
items:
type: string
example:
- a2a
- a2b
- benefits
policyName:
description: The name of the policy that conflicted with the access items provisioned in the simulation causing policy violation.
type: string
example: SOD Policy
policyType:
description: The type of the policy that conflicted with the access items provisioned in the simulation causing policy violation(s).
type: string
example: SOD
description:
description: The description of the policy violation(s) caused by the access provisioned in the simulation.
type: string
example: Security design should not be combined with administrative permissions.
constraintName:
description: The specific constraint in the policy that conflicted with the access items provisioned in the simulation.
type: string
example: ' IT SOD-117'
leftBundles:
description: The left set of entitlements defined in the policy constraint in order to check against another set of entitlements for compliance.
type: array
items:
type: string
example:
- Security Architect - IT
rightBundles:
description: The right set of entitlements defined in the policy constraint in order to check against another set of entitlements for compliance.
type: array
items:
type: string
example:
- Unix Administrator - IT
schemas:
description: The SCIM schema for Checked Policy Violations.
type: array
items:
type: string
example: 'urn:ietf:params:scim:schemas:sailpoint:1.0:CheckedPolicyViolation'
policies:
description: The set of policies used to check for conflicting access in the provisioning simulation
type: array
items:
type: string
example:
- SOD Policy
- Entitlement Policy
- RandomPolicyNotExisting
plan:
description: A provisioning plan detailing the access to request on the simulation
type: object
properties:
value:
type: object
properties:
accounts:
type: array
items:
type: object
properties:
op:
description: The operation performed on the access in the provisioning simulation.
type: string
example: Modify
instance:
type: string
example: 'null'
description: A particular instance to provision this access to
application:
type: string
example: Active_Directory
description: The application that owns the access provisioned in the simulation.
attributes:
type: array
items:
type: object
properties:
op:
description: The operation performed on the access in the provisioning simulation.
type: string
example: Add
name:
description: The type of provisioned access.
type: string
example: groupmbr
value:
description: The name of the provisioned access items.
type: string
example: UnixAdministration
type:
type: string
example: application/sailpoint.object.ProvisioningPlan+json
parameters:
- in: query
name: attributes
schema:
type: string
description: A list of attributes to indicate what top level attributes to include in the response
- in: query
name: authnPassword
schema:
type: string
description: Password for authentication
- in: query
name: authnUsername
schema:
type: string
description: Username for authentication
- in: query
name: excludedAttributes
schema:
type: string
description: A list of attributes to indicate what top level attributes to exclude from the response
- in: query
name: lookupByName
schema:
type: boolean
description: 'This is not required in this endpoint, the returned object is a new PolicyViolation and not one returned from the persistence layer. This is inherited from the BaseSCIMResource and is used to override the default id based lookup, and use a name based lookup instead, if for any reason the artifact id is not present.'
example: false
/Entitlements:
get:
operationId: getEntitlements
tags:
- Entitlements
summary: Returns all Entitlement resources.
description: |
This endpoint returns all Entitlement resources.
Attributes to include in the response can be specified with the 'attributes' query parameter.
Attributes to exclude from the response can be specified with the 'excludedAttributes' query parameter.
The schemas related to Entitlements are:
- **urn:ietf:params:scim:schemas:sailpoint:1.0:Entitlement**
parameters:
- in: query
name: filter
schema:
type: string
example: displayableName eq "accessLog"
description: 'Allows for query filters according to RFC-7644, Section 3.4.2.2 - not all operations are supported.'
- in: query
name: sortBy
schema:
type: string
example: application
description: Allows sorting the results by a resource's attributes.
- in: query
name: sortOrder
schema:
type: string
default: ascending
example: descending
description: Determines what order to sort results in.
- in: query
name: startIndex
schema:
type: integer
example: 10
default: 1
description: Determines the starting index of the result set.
- in: query
name: count
schema:
type: integer
example: 10
default: 1000
description: Specifies the number of results per page.
- in: query
name: attributes
schema:
type: string
example: application
description: 'A comma-separated list of attributes to return in the response. This query parameter supersedes excludedAttributes, so providing the same attribute(s) to both will result in the attribute(s) being returned.'
- in: query
name: excludedAttributes
schema:
type: string
example: application
description: A comma-separated list of attributes to exclude from the response. **Some attributes cannot be excluded.**
responses:
'200':
description: Returned all SCIM resources for this endpoint.
content:
application/json:
schema:
properties:
totalResults:
description: Number of resources returned for this endpoint.
type: integer
example: '1,'
startIndex:
description: The starting index of the resource set list. Can be specified with startIndex query parameter.
type: integer
example: 1
schemas:
description: SCIM Schema used for response.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:api:messages:2.0:ListResponse'
Resources:
type: array
items:
properties:
id:
description: Unique identifier of the Entitlement.
type: string
example: 7f00000180281df7818028bfb83204dc
descriptions:
description: A list of localized descriptions of the Entitlement.
type: object
properties:
locale:
description: The locale associated with this Entitlement description.
type: string
example: en_GB
value:
description: The description in localized form.
type: string
example: **AP_Logins** Target Friendly Description
displayName:
description: Displayable name of the Entitlement.
type: string
example: AP_Logins
type:
description: Type of the Entitlement.
type: string
example: Permission
application:
description: The corresponding Application object of the Entitlement.
type: array
items:
properties:
value:
description: The Application associated with the Entitlement.
type: string
example: 7f00000180281df7818028bfac5a0367
$ref:
description: The URI of the SCIM resource representating the Entitlement application.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Applications/7f00000180281df7818028bfed100826'
displayName:
description: The name of the Entitlement Application. OPTIONAL and READ-ONLY.
type: string
example: Oracle_DB_oasis
owner:
description: The owner of the Entitlement.
type: array
items:
properties:
value:
description: The id of the SCIM resource representing the Entitlement Owner.
type: string
example: 7f00000180281df7818028bfb0d103c7
$ref:
description: The URI of the SCIM resource representing the Entitlement Owner.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Users/7f00000180281df7818028bfb0d103c7'
displayName:
description: The displayName of the Entitlement Owner. OPTIONAL and READ-ONLY.
type: string
example: Debra Wood
requestable:
description: Flag to indicate this entitlement is requestable.
type: boolean
example: true
aggregated:
description: Flag to indicate this entitlement has been aggregated.
type: boolean
example: true
attribute:
description: Attribute of the Entitlement.
type: string
example: AP_Logins
value:
description: Attribute value of the Entitlement.
type: string
example: 'CN=AP_Logins,OU=Security,OU=Permissions,DC=test,DC=sailpoint,DC=com'
lastRefresh:
description: The DateTime when the Entitlement was refreshed.
type: string
format: date-time
example: '2022-04-14T10:48:01.907-05:00'
lastTargetAggregation:
description: The date aggregation was last targeted of the Entitlement.
type: string
format: date-time
example: '2022-04-14T10:48:01.907-05:00'
classifications:
description: Classifications of this Entitlement.
type: object
required:
- classification
properties:
source:
description: The source of the ObjectClassification.
type: string
example: UI
effective:
description: Flag indicating this is an effective Classification.
type: boolean
example: false
classification:
description: Classification of this object.
type: object
properties:
name:
description: The name of the classification.
type: string
example: ClassificationB
displayName:
description: The display name of the classification.
type: string
example: ClassB
origin:
description: The origin of the Classification.
type: string
example: PAMSource
type:
description: The type of the Classification.
type: string
example: Aggregation
meta:
type: object
properties:
created:
description: DateTime when the Entitlement was created.
type: string
format: date-time
example: '2022-04-14T10:44:54.834-05:00'
location:
description: URL to the Entitlement.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Entitlements/7f00000180281df7818028bfb83204dc'
lastModified:
description: DateTime of Entitlement last modification.
type: string
format: date-time
example: '2022-04-05T15:52:30.119-05:00'
version:
description: Entitlement version.
type: string
example: '"W"1649951094834"'
resourceType:
description: Resource type of the metadata subject.
type: string
example: Entitlement
schemas:
type: array
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Entitlement'
entitleAuth:
description: This is an Extended Attribute from Managed Attribute used to describe the authorization level of an Entitlement.
type: string
example: Low
entDate:
description: This is an Extended Attribute from Managed Attribute. The Entitlement DateTime.
type: string
format: date-time
example: '2022-04-14T10:44:54.738-05:00'
active:
description: This is an Extended Attribute from Managed Attribute. Describes if an Entitlement is active.
type: boolean
example: false
rank:
description: This is an Extended Attribute from Managed Attribute.
type: integer
example: 3
rule:
description: This is an Extended Attribute from Managed Attribute. Used to specify a Rule object for the Entitlement.
type: string
example: APLogin-Contractors-Rule
reviewer:
description: This is an Extended Attribute from Managed Attribute. The Identity that reviewed the Entitlement.
type: object
properties:
displayName:
description: Display name of the Entitlement reviewer.
type: string
example: Dan Patrick
value:
description: id of the Entitlement reviewer.
type: string
example: c0b4568a4fe7458c434ee77f2fad267c
$ref:
description: URI reference of the Entitlement reviewer resource.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Users/c0b4568a4fe7458c434ee77f2fad267c'
email:
description: This is an Extended Attribute from Managed Attribute. Used to specify the Entitlement owner email.
type: string
example: dpatrick@demoexample.com
application/scim+json:
schema:
properties:
totalResults:
description: Number of Entitlement resources returned.
type: integer
example: '1500,'
startIndex:
description: The starting index of the resource set list. Can be specified with startIndex query parameter.
type: integer
example: 1
schemas:
description: SCIM Schema used for response.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:api:messages:2.0:ListResponse'
Resources:
description: The SCIM resources returned for this endpoint.
type: array
items:
properties:
id:
description: Unique identifier of the Entitlement.
type: string
example: 7f00000180281df7818028bfb83204dc
descriptions:
description: A list of localized descriptions of the Entitlement.
type: object
properties:
locale:
description: The locale associated with this Entitlement description.
type: string
example: en_GB
value:
description: The description in localized form.
type: string
example: **AP_Logins** Target Friendly Description
displayName:
description: Displayable name of the Entitlement.
type: string
example: AP_Logins
type:
description: Type of the Entitlement.
type: string
example: Permission
application:
description: The corresponding Application object of the Entitlement.
type: array
items:
properties:
value:
description: The Application associated with the Entitlement.
type: string
example: 7f00000180281df7818028bfac5a0367
$ref:
description: The URI of the SCIM resource representating the Entitlement application.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Applications/7f00000180281df7818028bfed100826'
displayName:
description: The name of the Entitlement Application. OPTIONAL and READ-ONLY.
type: string
example: Oracle_DB_oasis
owner:
description: The owner of the Entitlement.
type: array
items:
properties:
value:
description: The id of the SCIM resource representing the Entitlement Owner.
type: string
example: 7f00000180281df7818028bfb0d103c7
$ref:
description: The URI of the SCIM resource representing the Entitlement Owner.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Users/7f00000180281df7818028bfb0d103c7'
displayName:
description: The displayName of the Entitlement Owner. OPTIONAL and READ-ONLY.
type: string
example: Debra Wood
requestable:
description: Flag to indicate this entitlement is requestable.
type: boolean
example: true
aggregated:
description: Flag to indicate this entitlement has been aggregated.
type: boolean
example: true
attribute:
description: Attribute of the Entitlement.
type: string
example: AP_Logins
value:
description: Attribute value of the Entitlement.
type: string
example: 'CN=AP_Logins,OU=Security,OU=Permissions,DC=test,DC=sailpoint,DC=com'
lastRefresh:
description: The DateTime when the Entitlement was refreshed.
type: string
format: date-time
example: '2022-04-14T10:48:01.907-05:00'
lastTargetAggregation:
description: The date aggregation was last targeted of the Entitlement.
type: string
format: date-time
example: '2022-04-14T10:48:01.907-05:00'
classifications:
description: Classifications of this Entitlement.
type: object
required:
- classification
properties:
source:
description: The source of the ObjectClassification.
type: string
example: UI
effective:
description: Flag indicating this is an effective Classification.
type: boolean
example: false
classification:
description: Classification of this object.
type: object
properties:
name:
description: The name of the classification.
type: string
example: ClassificationB
displayName:
description: The display name of the classification.
type: string
example: ClassB
origin:
description: The origin of the Classification.
type: string
example: PAMSource
type:
description: The type of the Classification.
type: string
example: Aggregation
meta:
type: object
properties:
created:
description: DateTime when the Entitlement was created.
type: string
format: date-time
example: '2022-04-14T10:44:54.834-05:00'
location:
description: URL to the Entitlement.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Entitlements/7f00000180281df7818028bfb83204dc'
lastModified:
description: DateTime of Entitlement last modification.
type: string
format: date-time
example: '2022-04-05T15:52:30.119-05:00'
version:
description: Entitlement version.
type: string
example: '"W"1649951094834"'
resourceType:
description: Resource type of the metadata subject.
type: string
example: Entitlement
schemas:
type: array
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Entitlement'
entitleAuth:
description: This is an Extended Attribute from Managed Attribute used to describe the authorization level of an Entitlement.
type: string
example: Low
entDate:
description: This is an Extended Attribute from Managed Attribute. The Entitlement DateTime.
type: string
format: date-time
example: '2022-04-14T10:44:54.738-05:00'
active:
description: This is an Extended Attribute from Managed Attribute. Describes if an Entitlement is active.
type: boolean
example: false
rank:
description: This is an Extended Attribute from Managed Attribute.
type: integer
example: 3
rule:
description: This is an Extended Attribute from Managed Attribute. Used to specify a Rule object for the Entitlement.
type: string
example: APLogin-Contractors-Rule
reviewer:
description: This is an Extended Attribute from Managed Attribute. The Identity that reviewed the Entitlement.
type: object
properties:
displayName:
description: Display name of the Entitlement reviewer.
type: string
example: Dan Patrick
value:
description: id of the Entitlement reviewer.
type: string
example: c0b4568a4fe7458c434ee77f2fad267c
$ref:
description: URI reference of the Entitlement reviewer resource.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Users/c0b4568a4fe7458c434ee77f2fad267c'
email:
description: This is an Extended Attribute from Managed Attribute. Used to specify the Entitlement owner email.
type: string
example: dpatrick@demoexample.com
'/Entitlements/{entitlementId}':
get:
operationId: getEntitlementById
tags:
- Entitlements
summary: Returns an Entitlement resource based on id.
description: |
The Entitlement resource with matching id is returned.
Attributes to include in the response can be specified with the attributes query parameter.
Attributes to exclude from the response can be specified with the excludedAttributes query parameter.
parameters:
- name: entitlementId
in: path
schema:
type: string
example: c0a8019c802d1e5a81802eb2b57e020f
description: id of Entitlement resource.
required: true
- in: query
name: attributes
schema:
type: string
example: application
description: 'A comma-separated list of attributes to return in the response. This query parameter supersedes excludedAttributes, so providing the same attribute(s) to both will result in the attribute(s) being returned.'
- in: query
name: excludedAttributes
schema:
type: string
example: 'name, application'
description: A comma-separated list of attributes to exclude from the response. **Some attributes cannot be excluded.**
responses:
'200':
description: Returns a single Entitlement resource based on the id.
content:
application/json:
schema:
properties:
id:
description: Unique identifier of the Entitlement.
type: string
example: 7f00000180281df7818028bfb7d204c1
descriptions:
description: A list of localized descriptions of the Entitlement.
type: object
properties:
locale:
description: The locale associated with this Entitlement description.
type: string
example: en_US
value:
description: The description in localized form.
type: string
example: **Employee Database** target friendly description
displayableName:
description: Displayable name of the Entitlement.
type: string
example: a2a
type:
description: Type of the Entitlement.
type: string
example: group
application:
description: The corresponding Application object of the Entitlement.
type: array
items:
properties:
value:
description: The Application associated with the Entitlement.
type: string
example: 7f00000180281df7818028bfed100826
$ref:
description: The URI of the SCIM resource representating the Entitlement application.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Applications/7f00000180281df7818028bfed100826'
displayName:
description: The name of the Entitlement Application. OPTIONAL and READ-ONLY.
type: string
example: SAP
owner:
description: The owner of the Entitlement.
type: array
items:
properties:
value:
description: The id of the SCIM resource representing the Entitlement Owner.
type: string
example: 7f00000180281df7818028bfab930361
$ref:
description: The URI of the SCIM resource representing the Entitlement Owner.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Users/7f00000180281df7818028bfab930361'
displayName:
description: The displayName of the Entitlement Owner. OPTIONAL and READ-ONLY.
type: string
example: Mary Johnson
requestable:
description: Flag to indicate this entitlement is requestable.
type: boolean
example: true
aggregated:
description: Flag to indicate this entitlement has been aggregated.
type: boolean
example: true
attribute:
description: Attribute of the Entitlement.
type: string
example: memberOf
value:
description: Attribute value of the Entitlement.
type: string
example: 'CN=a2a,OU=HierarchicalGroups,OU=DemoData,DC=test,DC=sailpoint,DC=com'
lastRefresh:
description: The DateTime when the Entitlement was refreshed.
format: date-time
type: string
example: '2022-04-14T10:48:01.907-05:00'
lastTargetAggregation:
description: The date aggregation was last targeted of the Entitlement.
type: string
format: date-time
example: '2022-04-14T10:48:01.907-05:00'
classifications:
description: Classifications of this Entitlement.
type: object
required:
- classification
properties:
source:
description: The source of the ObjectClassification.
type: string
example: UI
effective:
description: Flag indicating this is an effective Classification.
type: boolean
example: false
classification:
description: Classification of this object.
type: object
properties:
name:
description: The name of the Classification.
type: string
example: ClassificationA
displayName:
description: The displayName of the Classification.
type: string
example: ClassA
origin:
description: The origin of the Classification.
type: string
example: FAM Aggregation
type:
description: The type of the Classification.
type: string
example: Aggregation
meta:
type: object
properties:
created:
description: DateTime when the Entitlement was created.
type: string
format: date-time
example: '2022-04-05T15:52:30.090-05:00'
location:
description: URL to the Entitlement.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Entitlements/c0a8019c7ffa186e817ffb80170a0195'
lastModified:
description: DateTime of Entitlement last modification.
type: string
format: date-time
example: '2022-04-05T15:52:30.119-05:00'
version:
description: Entitlement version.
type: string
example: '"W"1649191950119"'
resourceType:
description: Resource type of the metadata subject.
type: string
example: Entitlement
schemas:
type: array
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Entitlement'
entitleAuth:
description: This is an Extended Attribute from Managed Attribute used to describe the authorization level of an Entitlement.
type: string
example: None
entDate:
description: This is an Extended Attribute from Managed Attribute. The Entitlement DateTime.
type: string
format: date-time
example: '2022-04-14T10:44:54.738-05:00'
active:
description: This is an Extended Attribute from Managed Attribute. Describes if an Entitlement is active.
type: boolean
example: false
rank:
description: This is an Extended Attribute from Managed Attribute.
type: integer
example: 3
rule:
description: This is an Extended Attribute from Managed Attribute. Used to specify a Rule object for the Entitlement.
type: string
example: APLogin-Contractors-Rule
reviewer:
description: This is an Extended Attribute from Managed Attribute. The Identity that reviewed the Entitlement.
type: object
properties:
displayName:
description: Display name of the Entitlement reviewer.
type: string
example: Caroline Lee
value:
description: id of the Entitlement reviewer.
type: string
example: c0b4568a4fe7458c434ee77f2fad267c
$ref:
description: URI reference of the Entitlement reviewer resource.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Users/c0b4568a4fe7458c434ee77f2fad267c'
emails:
description: This is an Extended Attribute from Managed Attribute. Used to specify the Entitlement owner email.
type: string
example: clee@demoexample.com
/LaunchedWorkflows:
get:
operationId: LaunchedWorkflowsGet
tags:
- LaunchedWorkflows
summary: Returns all LaunchedWorkflow resources.
description: |
This endpoint returns all LaunchedWorkflow resources.
Attributes to include in the response can be specified with the 'attributes' query parameter.
Attributes to exclude from the response can be specified with the 'excludedAttributes' query parameter.
The schema related to LaunchedWorkflow is:
- **urn:ietf:params:scim:schemas:sailpoint:1.0:LaunchedWorkflow**
parameters:
- in: query
name: filter
schema:
type: string
example: 'completed eq "2022-05-03T16:40:34.271-05:00"'
description: 'Allows for query filters according to RFC-7644, Section 3.4.2.2 - not all operations are supported.'
- in: query
name: sortBy
schema:
type: string
example: application
description: Allows sorting the results by a resource's attributes.
- in: query
name: sortOrder
schema:
type: string
default: ascending
example: descending
description: Determines what order to sort results in.
- in: query
name: startIndex
schema:
type: integer
example: 10
default: 1
description: Determines the starting index of the result set.
- in: query
name: count
schema:
type: integer
example: 10
default: 1000
description: Specifies the number of results per page.
- in: query
name: attributes
schema:
type: string
example: 'name, expiration'
description: 'A comma-separated list of attributes to return in the response. This query parameter supersedes excludedAttributes, so providing the same attribute(s) to both will result in the attribute(s) being returned.'
- in: query
name: excludedAttributes
schema:
type: string
example: identityRequestId
description: A comma-separated list of attributes to exclude from the response. **Some attributes cannot be excluded.**
responses:
'200':
description: Returned all SCIM resources for this endpoint.
**LaunchedWorkflow responses include attributes from the TaskResult related to the Workflow execution.**
content:
application/json:
schema:
properties:
totalResults:
description: Number of resources returned for this endpoint
type: integer
example: '1,'
startIndex:
description: The starting index of the resource set list. Can be specified with startIndex query parameter.
type: integer
example: 1
schemas:
description: SCIM Schema used for response.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:api:messages:2.0:ListResponse'
Resources:
type: array
items:
properties:
partitioned:
description: Flag to indicate this TaskResult is partitioned. (From the TaskResult used to launch the Workflow).
type: boolean
example: true
completed:
type: string
format: date-time
description: The completed DateTime of the TaskResult. (From the TaskResult used to launch the Workflow).
example: '2022-04-14T10:45:26.098-05:00'
type:
description: Type of the TaskResult. (From the TaskResult used to launch the Workflow).
type: string
example: Workflow
launched:
type: string
format: date-time
description: The launched DateTime of the TaskResult. (From the TaskResult used to launch the Workflow).
example: '2022-04-14T10:45:26.114-05:00'
pendingSignOffs:
description: The number of pending signoffs of this TaskResult. (From the TaskResult used to launch the Workflow).
type: integer
example: 2
workflowName:
description: Name of the Workflow to launch.
type: string
example: Update Identity Adam.Kennedy AccessRequest
identityRequestId:
description: Id representing the identity request.
type: string
example: '0000000001'
workflowCaseId:
description: Id representing the workflow case (a running instance of a workflow).
type: string
example: c0a8019c808b1baa81808bde2c2201b3
workflowProcessId:
type: string
description: Id representing the workflow monitoring process log.
example: 7f000001806719888180675c8f8a225g
retries:
description: The number of retries performed during the execution of provisioning activities.
type: integer
example: 1
approvalSet:
description: XML representation of approvals.
type: string
example: 'example: '
workflowSummary:
description: XML representation of the workflow summary.
type: string
example: 'example: ""'
input:
description: A list of input attributes of the Launched Workflow.
type: object
properties:
key:
description: The attribute key.
type: string
example: _workflowRef
value:
description: The attribute value.
type: string
example: UpdateIdentityWorkflow
type:
description: The attribute type.
type: string
example: string
output:
description: A list of output attributes of the Launched Workflow.
type: object
properties:
key:
description: The attribute key.
type: string
example: workflowSummary
value:
description: The attribute value.
type: string
example: '\n \n \n \n\n'
type:
description: The attribute type.
type: string
example: application/xml
targetClass:
description: Target Class of the TaskResult. (From the TaskResult used to launch the Workflow).
type: string
example: Permission
name:
description: Name of the TaskResult. (From the TaskResult used to launch the Workflow).
type: string
example: Update Account Group a2a
messages:
description: List of messages of the TaskResult. (From the TaskResult used to launch the Workflow).
type: array
items:
example:
- Task executed successfully.
attributes:
description: A list of attributes of the TaskResult. (From the TaskResult used to launch the Workflow).
type: array
items:
properties:
key:
description: The attribute key.
type: string
example: Workflow Summary
value:
description: The attribute value.
type: string
example: '\n \n \n \n\n'
id:
description: Unique identifier of the TaskResult. (From the TaskResult used to launch the Workflow).
type: string
example: 7f00000180281df7818028c03252085c
completionStatus:
type: string
description: Completion Status of the TaskResult. (From the TaskResult used to launch the Workflow).
enum:
- Success
- Warning
- Error
- Terminated
- TempError
example: Success
taskDefinition:
type: string
description: Name of the TaskDefinition of the TaskResult. (From the TaskResult used to launch the Workflow).
example: Workflow Launcher
terminated:
description: Flag to indicate this TaskResult is terminated. (From the TaskResult used to launch the Workflow).
type: boolean
example: true
launcher:
description: Launcher of the TaskResult. (From the TaskResult used to launch the Workflow).
type: string
example: spadmin
meta:
type: object
properties:
created:
description: DateTime when the TaskResult was created. (From the TaskResult used to launch the Workflow).
type: string
format: date-time
example: '2022-04-14T10:44:54.834-05:00'
location:
description: URL to the TaskResult. (From the TaskResult used to launch the Workflow).
type: string
example: 'http://localhost:8080/identityiq/scim/v2/TaskResults/7f00000180281df7818028c03252085c'
lastModified:
description: DateTime of TaskResult last modification. (From the TaskResult used to launch the Workflow).
type: string
format: date-time
example: '2022-04-05T15:52:30.119-05:00'
version:
description: TaskResult version. (From the TaskResult used to launch the Workflow).
type: string
example: '"W"1649951094834"'
resourceType:
description: Resource type of the metadata subject. (From the TaskResult used to launch the Workflow).
type: string
example: TaskResult
application/scim+json:
schema:
properties:
totalResults:
description: Number of LaunchedWorkflow resources returned.
type: integer
example: '1500,'
startIndex:
description: The starting index of the resource set list. Can be specified with startIndex query parameter.
type: integer
example: 1
schemas:
description: SCIM Schema used for response.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:api:messages:2.0:ListResponse'
Resources:
description: The SCIM resources returned for this endpoint.
type: array
items:
properties:
partitioned:
description: Flag to indicate this TaskResult is partitioned. (From the TaskResult used to launch the Workflow).
type: boolean
example: true
completed:
type: string
format: date-time
description: The completed DateTime of the TaskResult. (From the TaskResult used to launch the Workflow).
example: '2022-04-14T10:45:26.098-05:00'
type:
description: Type of the TaskResult. (From the TaskResult used to launch the Workflow).
type: string
example: Workflow
launched:
type: string
format: date-time
description: The launched DateTime of the TaskResult. (From the TaskResult used to launch the Workflow).
example: '2022-04-14T10:45:26.114-05:00'
pendingSignOffs:
description: The number of pending signoffs of this TaskResult. (From the TaskResult used to launch the Workflow).
type: integer
example: 2
workflowName:
description: Name of the Workflow to launch.
type: string
example: Update Identity Adam.Kennedy AccessRequest
identityRequestId:
description: Id representing the identity request.
type: string
example: '0000000001'
workflowCaseId:
description: Id representing the workflow case (a running instance of a workflow).
type: string
example: c0a8019c808b1baa81808bde2c2201b3
workflowProcessId:
type: string
description: Id representing the workflow monitoring process log.
example: 7f000001806719888180675c8f8a225g
retries:
description: The number of retries performed during the execution of provisioning activities.
type: integer
example: 1
approvalSet:
description: XML representation of approvals.
type: string
example: 'example: '
workflowSummary:
description: XML representation of the workflow summary.
type: string
example: 'example: ""'
input:
description: A list of input attributes of the Launched Workflow.
type: object
properties:
key:
description: The attribute key.
type: string
example: _workflowRef
value:
description: The attribute value.
type: string
example: UpdateIdentityWorkflow
type:
description: The attribute type.
type: string
example: string
output:
description: A list of output attributes of the Launched Workflow.
type: object
properties:
key:
description: The attribute key.
type: string
example: workflowSummary
value:
description: The attribute value.
type: string
example: '\n \n \n \n\n'
type:
description: The attribute type.
type: string
example: application/xml
targetClass:
description: Target Class of the TaskResult. (From the TaskResult used to launch the Workflow).
type: string
example: Permission
name:
description: Name of the TaskResult. (From the TaskResult used to launch the Workflow).
type: string
example: Update Account Group a2a
messages:
description: List of messages of the TaskResult. (From the TaskResult used to launch the Workflow).
type: array
items:
example:
- Task executed successfully.
attributes:
description: A list of attributes of the TaskResult. (From the TaskResult used to launch the Workflow).
type: array
items:
properties:
key:
description: The attribute key.
type: string
example: Workflow Summary
value:
description: The attribute value.
type: string
example: '\n \n \n \n\n'
id:
description: Unique identifier of the TaskResult. (From the TaskResult used to launch the Workflow).
type: string
example: 7f00000180281df7818028c03252085c
completionStatus:
type: string
description: Completion Status of the TaskResult. (From the TaskResult used to launch the Workflow).
enum:
- Success
- Warning
- Error
- Terminated
- TempError
example: Success
taskDefinition:
type: string
description: Name of the TaskDefinition of the TaskResult. (From the TaskResult used to launch the Workflow).
example: Workflow Launcher
terminated:
description: Flag to indicate this TaskResult is terminated. (From the TaskResult used to launch the Workflow).
type: boolean
example: true
launcher:
description: Launcher of the TaskResult. (From the TaskResult used to launch the Workflow).
type: string
example: spadmin
meta:
type: object
properties:
created:
description: DateTime when the TaskResult was created. (From the TaskResult used to launch the Workflow).
type: string
format: date-time
example: '2022-04-14T10:44:54.834-05:00'
location:
description: URL to the TaskResult. (From the TaskResult used to launch the Workflow).
type: string
example: 'http://localhost:8080/identityiq/scim/v2/TaskResults/7f00000180281df7818028c03252085c'
lastModified:
description: DateTime of TaskResult last modification. (From the TaskResult used to launch the Workflow).
type: string
format: date-time
example: '2022-04-05T15:52:30.119-05:00'
version:
description: TaskResult version. (From the TaskResult used to launch the Workflow).
type: string
example: '"W"1649951094834"'
resourceType:
description: Resource type of the metadata subject. (From the TaskResult used to launch the Workflow).
type: string
example: TaskResult
post:
operationId: launchWorkflow
tags:
- LaunchedWorkflows
summary: Endpoint used to launch a Workflow.
description: Endpoint to launch or execute a Workflow. A payload for the request is required and this can include inputs specific to the Workflow being launched.
parameters:
- in: query
name: attributes
schema:
type: string
example: input
description: 'A comma-separated list of attributes to return in the response. This query parameter supersedes excludedAttributes, so providing the same attribute(s) to both will result in the attribute(s) being returned.'
- in: query
name: excludedAttributes
schema:
type: string
example: workflowName
description: A comma-separated list of attributes to exclude from the response. *Some attributes cannot be excluded.*
requestBody:
required: true
content:
application/scim+json:
schema:
properties:
schemas:
type: array
description: Schemas related to Launched Workflows.
items:
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:LaunchedWorkflow'
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:TaskResult'
workflowName:
type: string
description: Name of the Workflow to launch.
example: LCM Manage Passwords
input:
type: array
description: A list of input attributes of the Launched Workflow.
items:
properties:
key:
type: string
description: The attribute key.
example: plan
value:
type: string
description: The attribute value.
example: |
type:
type: string
description: The attribute type.
example: application/xml
'*/*':
schema:
properties:
schemas:
type: array
description: Schemas related to Launched Workflows.
items:
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:LaunchedWorkflow'
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:TaskResult'
workflowName:
type: string
description: Name of the Workflow to launch.
example: LCM Manage Passwords
input:
type: array
description: A list of input attributes of the Launched Workflow.
items:
properties:
key:
type: string
description: The attribute key.
example: plan
value:
type: string
description: The attribute value.
example: |
type:
type: string
description: The attribute type.
example: application/xml
responses:
'201':
description: Executes a workflow and returns the resulting LaunchedWorkflow. **LaunchedWorkflow responses include attributes from the TaskResult related to the Workflow execution.**
content:
application/json:
schema:
type: object
description: Response example for a POST request to execute a Workflow.
properties:
targetName:
type: string
description: Target name of the TaskResult.
example: Ernest.Wagner
verified:
type: string
format: date-time
description: The verified date of the TaskResult.
example: '2022-05-26T11:17:13.481-05:00'
partitioned:
type: boolean
description: Flag to indicate if the TaskResult is partitioned.
example: false
completed:
type: string
format: date-time
description: The completed date of the TaskResult.
example: '2022-05-26T11:17:13.678-05:00'
type:
type: string
description: Type of the TaskResult.
example: LCM
launched:
type: string
description: The launched date of the TaskResult.
pendingSignOffs:
type: integer
description: Number of pending signoffs of this TaskResult.
example: 0
'urn:ietf:params:scim:schemas:sailpoint:1.0:LaunchedWorkflow':
type: object
description: LaunchedWorkflow properties.
properties:
output:
type: array
items:
properties:
type:
type: string
description: The output attribute type.
example: application/int
value:
type: string
description: The output attribute value.
example: '0'
key:
type: string
description: The output attribute key.
example: workflowSummary
retries:
type: integer
description: The number of retries performed during the execution of provisioning activities.
example: 0
input:
type: array
items:
properties:
key:
type: string
description: The input attribute key.
example: optimisticProvisioning
value:
type: string
description: The input attribute value.
example: 'true'
type:
type: string
description: The input attribute type.
example: boolean
workflowSummary:
type: string
description: XML representation of the workflow summary.
example: |
workflowName:
type: string
description: Name of the workflow to launch.
example: LCM Manage Passwords.
identityRequestId:
type: string
description: Id representing the identity request.
example: '0000000004'
workflowCaseId:
type: string
description: Id representing the workflow case (a running instance of a workflow).
example: c0a8019c810011478181012862b81568
targetClass:
type: string
description: Target class of the Task Result.
example: Identity
meta:
description: Metadata for the LaunchedWorkflow TaskResult.
type: array
items:
properties:
created:
description: Datetime when the TaskResult for the LaunchedWorkflow was created.
type: string
format: date-time
example: '2022-03-31T14:52:40.245-05:00'
location:
description: URL to the TaskResult.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/TaskResults/c0a8019c810011478181012862b51567'
lastModified:
description: Datetime of LaunchedWorkflow TaskResult last modification
type: string
format: date-time
example: '2022-03-31T14:52:40.265-05:00'
version:
description: Version of the LaunchedWorkflow TaskResult.
type: string
example: '"W"1649951092552"'
resourceType:
description: Resource type of the metadata subject
type: string
example: LaunchedWorkflow
schemas:
type: array
description: Schemas related to LaunchedWorkflow.
items:
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:LaunchedWorkflow'
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:TaskResult'
name:
type: string
description: Name of the TaskResult for the Workflow launch.
example: LCM Manage Passwords - 2
messages:
type: array
description: List of messages of the TaskResult.
items:
example:
- Connection error
Attributes:
type: object
description: A list of attributes of the TaskResult.
properties:
key:
type: string
description: The attribute key.
example: retries
value:
type: string
description: The attribute value.
example: '0'
id:
type: string
description: Id of the task result for the Workflow launch.
example: c0a8019c810011478181012862b51567
completionStatus:
type: string
description: Completion Status of the TaskResult.
enum:
- Success
- Warning
- Error
- Terminated
- TempError
example: Success
taskDefinition:
type: string
description: Name of the TaskDefinition of the TaskResult.
example: Workflow Launcher
terminated:
type: boolean
description: Flag to indicate this TaskResult is terminated.
example: false
launcher:
type: string
description: Launcher of the TaskResult.
example: spadmin
'/LaunchedWorkflow/{launchedWorkflowId}':
get:
operationId: getLaunchedWorkflowById
tags:
- LaunchedWorkflows
summary: Returns a LaunchedWorkflow resource based on id.
description: |
The LaunchedWorkflow resource with matching id is returned.
Attributes to include in the response can be specified with the attributes query parameter.
Attributes to exclude from the response can be specified with the excludedAttributes query parameter.
The schema related to LaunchedWorkflow is:
- **urn:ietf:params:scim:schemas:sailpoint:1.0:LaunchedWorkflow**
parameters:
- name: launchedWorkflowId
in: path
schema:
type: string
example: c0a8019c802d1e5a81802eb2b57e020f
description: id of LaunchedWorkflow resource.
required: true
- in: query
name: attributes
schema:
type: string
example: expiration
description: 'A comma-separated list of attributes to return in the response. This query parameter supersedes excludedAttributes, so providing the same attribute(s) to both will result in the attribute(s) being returned.'
- in: query
name: excludedAttributes
schema:
type: string
example: names
description: A comma-separated list of attributes to exclude from the response. **Some attributes cannot be excluded.**
responses:
'200':
description: Returns a single LaunchedWorkflow resource based on the id.
**LaunchedWorkflow responses include attributes from the TaskResult related to the Workflow execution.**
content:
application/json:
schema:
properties:
partitioned:
description: Flag to indicate this TaskResult is partitioned. (From the TaskResult used to launch the Workflow).
type: boolean
example: true
completed:
type: string
format: date-time
description: The completed DateTime of the TaskResult. (From the TaskResult used to launch the Workflow).
example: '2022-04-14T10:45:26.098-05:00'
type:
description: Type of the TaskResult. (From the TaskResult used to launch the Workflow).
type: string
example: Workflow
launched:
type: string
format: date-time
description: The launched DateTime of the TaskResult. (From the TaskResult used to launch the Workflow).
example: '2022-04-14T10:45:26.114-05:00'
pendingSignOffs:
description: The number of pending signoffs of this TaskResult. (From the TaskResult used to launch the Workflow).
type: integer
example: 2
workflowName:
description: Name of the Workflow to launch.
type: string
example: Update Account Group a2a
identityRequestId:
description: Id representing the identity request.
type: string
example: '0000000002'
workflowCaseId:
description: Id representing the workflow case (a running instance of a workflow).
type: string
example: 7f000001806719888180675c8f8a016a
workflowProcessId:
type: string
description: Id representing the workflow monitoring process log.
example: 7f000001806719888180675c8f8a0017b
retries:
description: The number of retries performed during the execution of provisioning activities.
type: integer
example: 1
approvalSet:
description: XML representation of approvals.
type: string
example: 'example: '
workflowSummary:
description: XML representation of the workflow summary.
type: string
example: 'example: ""'
input:
description: A list of input attributes of the Launched Workflow.
type: object
properties:
key:
description: The attribute key.
type: string
example: _caseName
value:
description: The attribute value.
type: string
example: WorkflowCaseRegistry
type:
description: The attribute type.
type: string
example: string
output:
description: A list of output attributes of the Launched Workflow.
type: object
properties:
key:
description: The attribute key.
type: string
example: workflowSummary
value:
description: The attribute value.
type: string
example: '\n \n \n \n\n'
type:
description: The attribute type.
type: string
example: application/xml
targetClass:
description: Target Class of the TaskResult. (From the TaskResult used to launch the Workflow).
type: string
example: Permission
name:
description: Name of the TaskResult. (From the TaskResult used to launch the Workflow).
type: string
example: Update Account Group a2a
messages:
description: List of messages of the TaskResult. (From the TaskResult used to launch the Workflow).
type: array
items:
example:
- Task executed successfully.
attributes:
description: A list of attributes of the TaskResult. (From the TaskResult used to launch the Workflow).
type: array
items:
properties:
key:
description: The attribute key.
type: string
example: Workflow Summary
value:
description: The attribute value.
type: string
example: '\n \n \n \n\n'
id:
description: Unique identifier of the TaskResult. (From the TaskResult used to launch the Workflow).
type: string
example: 7f00000180281df7818028c03252085c
completionStatus:
type: string
description: Completion Status of the TaskResult. (From the TaskResult used to launch the Workflow).
enum:
- Success
- Warning
- Error
- Terminated
- TempError
example: Success
taskDefinition:
type: string
description: Name of the TaskDefinition of the TaskResult. (From the TaskResult used to launch the Workflow).
example: Workflow Launcher
terminated:
description: Flag to indicate this TaskResult is terminated. (From the TaskResult used to launch the Workflow).
type: boolean
example: true
launcher:
description: Launcher of the TaskResult. (From the TaskResult used to launch the Workflow).
type: string
example: spadmin
meta:
type: object
properties:
created:
description: DateTime when the TaskResult was created. (From the TaskResult used to launch the Workflow).
type: string
format: date-time
example: '2022-04-14T10:44:54.834-05:00'
location:
description: URL to the TaskResult. (From the TaskResult used to launch the Workflow).
type: string
example: 'http://localhost:8080/identityiq/scim/v2/TaskResults/7f00000180281df7818028c03252085c'
lastModified:
description: DateTime of TaskResult last modification. (From the TaskResult used to launch the Workflow).
type: string
format: date-time
example: '2022-04-05T15:52:30.119-05:00'
version:
description: TaskResult version. (From the TaskResult used to launch the Workflow).
type: string
example: '"W"1649951094834"'
resourceType:
description: Resource type of the metadata subject. (From the TaskResult used to launch the Workflow).
type: string
example: TaskResult
/ObjectConfigs:
get:
operationId: getObjectConfigs
tags:
- ObjectConfig
summary: Returns all object of type ObjectConfig.
description: |
This endpoint returns all ObjectConfig resources.
Attributes to include in the response can be specified with the attributes query parameter.
Attributes to exclude from the response can be specified with the excludedAttributes query parameter.
The schema related to ObjectConfig is:
- **urn:ietf:params:scim:schemas:sailpoint:1.0:ObjectConfig**.
parameters:
- in: query
name: filter
schema:
type: string
example: name eq "identity"
description: 'Allows for query filters according to RFC-7644, Section 3.4.2.2 - not all operations are supported.'
- in: query
name: lookupByName
schema:
type: boolean
default: false
example: true
description: (OPTIONAL) Set to true if the ObjectConfig name is passed instead of the ObjectConfig id.
- in: query
name: sortBy
schema:
type: string
example: name
description: Allows sorting the results by a resource's attributes.
- in: query
name: sortOrder
schema:
type: string
default: ascending
example: descending
description: Determines what order to sort results in.
- in: query
name: startIndex
schema:
type: integer
example: 10
default: 1
description: Determines the starting index of the result set.
- in: query
name: count
schema:
type: integer
example: 10
default: 1000
description: Specifies the number of results per page.
- in: query
name: attributes
schema:
type: string
example: name
description: 'A comma-separated list of attributes to return in the response. This query parameter supersedes excludedAttributes, so providing the same attribute(s) to both will result in the attribute(s) being returned.'
- in: query
name: excludedAttributes
schema:
type: string
example: 'name, objectAttributes'
description: A comma-separated list of attributes to exclude from the response. **Some attributes cannot be excluded.**
responses:
'200':
description: Returned all SCIM resources for this endpoint.
content:
application/json:
schema:
properties:
totalResults:
description: Number of resources returned for this endpoint
type: integer
example: '1,'
startIndex:
description: The starting index of the resource set list. Can be specified with startIndex query parameter.
type: integer
example: 1
schemas:
description: SCIM Schema used for response.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:api:messages:2.0:ListResponse'
Resources:
type: array
items:
properties:
id:
description: Unique identifier of the ObjectConfig.
type: string
example: c0a8019c7fe11678817fe18984351477
name:
description: Name of the ObjectConfig.
type: string
example: Link
objectAttributes:
description: A list of attributes of the ObjectConfig.
type: array
items:
properties:
name:
description: The object attribute name.
type: string
example: inactive
displayName:
description: The display name of the object attribute.
type: string
example: attr_demoInactive
type:
description: The type of the object attribute.
type: string
example: boolean
multi:
description: A Boolean value indicating this is a multi-valued attribute.
type: boolean
example: false
defaultValue:
description: The default value of the object attribute.
type: string
example: 'false'
system:
description: A Boolean value indicating this is a system attribute that does not have a source and is not configurable.
type: boolean
example: true
standard:
description: 'A Boolean value indicating this is a standard attribute (i.e. manager, email, firstname, lastname).'
type: boolean
example: false
extendedNumber:
description: Integer value of the extended attribute column number in the database schema.
type: integer
example: 1
namedColumn:
description: A Boolean value indicating this attribute has a named column in the database schema.
type: boolean
example: false
ruleName:
description: Rule used to derive the value. Usually specified when there are no attributeSources defined.
type: string
example: lastLoginToDateRule
groupFactory:
description: A Boolean value indicating this attribute can be used in a group factory. Identity attributes only.
type: boolean
example: true
editMode:
description: Enumeration indicating whether this attribute allows modification.
type: string
enum:
- READONLY
- PERMANENT
- UNTILFEEDVALUECHANGES
example: READONLY
attributeSources:
description: Sources of values for this atribute. Identity attributes only.
type: array
items:
properties:
name:
description: The name of the attribute on the application.
type: string
example: app1_inactive
key:
description: Derived identifier for this source.
type: string
example: 'Active_Directory:app1_inactive'
instance:
description: Optional instance name for template applications.
type: string
example: test-environment
ruleName:
description: Rule used to derive the value.
type: string
example: attributeSource-aws-S3-rule
attributeTargets:
description: Targets of this attribute that should receive the value upon attribute synchronization. Identity attributes only.
type: array
items:
properties:
name:
description: The name of the attribute on the application.
type: string
example: app2_active
key:
description: Derived identifier for this target.
type: string
example: 'Composite_ERP_Global_Platform:app2_inactive'
instance:
description: Optional instance name for template applications.
type: string
example: continuous-integration-environment1
ruleName:
description: Rule used to derive the value.
type: string
example: attributeTarget-aws-S3-rule
provisionAllAccount:
description: Return whether to provision all accounts if an identity has multiple accounts on the target application. Identity attributes only.
type: boolean
example: false
meta:
description: Metadata for the ObjectConfig
type: array
items:
properties:
created:
description: Datetime when the ObjectConfig was created
type: string
example: '2022-03-31T14:52:40.245-05:00'
location:
description: URL to the ObjectConfig
type: string
example: 'http://localhost:8080/identityiq/scim/v2/ObjectConfig/7f00000180281df7818028be62ef00e9'
lastModified:
description: Datetime of ObjectConfig last modification
type: string
example: '2022-03-31T14:52:40.265-05:00'
version:
description: ObjectConfig version
type: string
example: '"W"1649951092552"'
resourceType:
description: Resource type of the metadata subject
type: string
example: ObjectConfig
application/scim+json:
schema:
properties:
totalResults:
description: Number of ObjectConfig resources returned.
type: integer
example: '1500,'
startIndex:
description: The starting index of the resource set list. Can be specified with startIndex query parameter.
type: integer
example: 1
schemas:
description: SCIM Schema used for response.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:api:messages:2.0:ListResponse'
Resources:
description: The SCIM resources returned for this endpoint.
type: array
items:
properties:
id:
description: Unique identifier of the ObjectConfig.
type: string
example: c0a8019c7fe11678817fe18984351477
name:
description: Name of the ObjectConfig.
type: string
example: Link
objectAttributes:
description: A list of attributes of the ObjectConfig.
type: array
items:
properties:
name:
description: The object attribute name.
type: string
example: inactive
displayName:
description: The display name of the object attribute.
type: string
example: attr_demoInactive
type:
description: The type of the object attribute.
type: string
example: boolean
multi:
description: A Boolean value indicating this is a multi-valued attribute.
type: boolean
example: false
defaultValue:
description: The default value of the object attribute.
type: string
example: 'false'
system:
description: A Boolean value indicating this is a system attribute that does not have a source and is not configurable.
type: boolean
example: true
standard:
description: 'A Boolean value indicating this is a standard attribute (i.e. manager, email, firstname, lastname).'
type: boolean
example: false
extendedNumber:
description: Integer value of the extended attribute column number in the database schema.
type: integer
example: 1
namedColumn:
description: A Boolean value indicating this attribute has a named column in the database schema.
type: boolean
example: false
ruleName:
description: Rule used to derive the value. Usually specified when there are no attributeSources defined.
type: string
example: lastLoginToDateRule
groupFactory:
description: A Boolean value indicating this attribute can be used in a group factory. Identity attributes only.
type: boolean
example: true
editMode:
description: Enumeration indicating whether this attribute allows modification.
type: string
enum:
- READONLY
- PERMANENT
- UNTILFEEDVALUECHANGES
example: READONLY
attributeSources:
description: Sources of values for this atribute. Identity attributes only.
type: array
items:
properties:
name:
description: The name of the attribute on the application.
type: string
example: app1_inactive
key:
description: Derived identifier for this source.
type: string
example: 'Active_Directory:app1_inactive'
instance:
description: Optional instance name for template applications.
type: string
example: test-environment
ruleName:
description: Rule used to derive the value.
type: string
example: attributeSource-aws-S3-rule
attributeTargets:
description: Targets of this attribute that should receive the value upon attribute synchronization. Identity attributes only.
type: array
items:
properties:
name:
description: The name of the attribute on the application.
type: string
example: app2_active
key:
description: Derived identifier for this target.
type: string
example: 'Composite_ERP_Global_Platform:app2_inactive'
instance:
description: Optional instance name for template applications.
type: string
example: continuous-integration-environment1
ruleName:
description: Rule used to derive the value.
type: string
example: attributeTarget-aws-S3-rule
provisionAllAccount:
description: Return whether to provision all accounts if an identity has multiple accounts on the target application. Identity attributes only.
type: boolean
example: false
meta:
description: Metadata for the ObjectConfig
type: array
items:
properties:
created:
description: Datetime when the ObjectConfig was created
type: string
example: '2022-03-31T14:52:40.245-05:00'
location:
description: URL to the ObjectConfig
type: string
example: 'http://localhost:8080/identityiq/scim/v2/ObjectConfig/7f00000180281df7818028be62ef00e9'
lastModified:
description: Datetime of ObjectConfig last modification
type: string
example: '2022-03-31T14:52:40.265-05:00'
version:
description: ObjectConfig version
type: string
example: '"W"1649951092552"'
resourceType:
description: Resource type of the metadata subject
type: string
example: ObjectConfig
'/ObjectConfig/{objectConfigId}':
get:
operationId: getObjectConfigById
tags:
- ObjectConfig
summary: Returns an ObjectConfig resource based on its name or id.
description: |
The ObjectConfig resource with matching name or id is returned.
Attributes to include in the response can be specified with the 'attributes' query parameter.
Attributes to exclude from the response can be specified with the 'excludedAttributes' query parameter.
The schema related to ObjectConfig is:
- **urn:ietf:params:scim:schemas:sailpoint:1.0:ObjectConfig**
parameters:
- name: objectConfigId
in: path
schema:
type: string
example: 7f00000180281df7818028be62e500e8
description: id of ObjectConfig resource.
required: true
- in: query
name: attributes
schema:
type: string
example: objectAttributes
description: 'A comma-separated list of attributes to return in the response. This query parameter supersedes excludedAttributes, so providing the same attribute(s) to both will result in the attribute(s) being returned.'
- in: query
name: excludedAttributes
schema:
type: string
example: name
description: A comma-separated list of attributes to exclude from the response. **Some attributes cannot be excluded.**
responses:
'200':
description: Returns a single ObjectConfig resource based on its name or id.
content:
application/json:
schema:
properties:
id:
description: Unique identifier of the ObjectConfig.
type: string
example: 7f00000180281df7818028be63aa00ef
name:
description: Name of the ObjectConfig.
type: string
example: Bundle
objectAttributes:
description: A list of attributes of the ObjectConfig.
type: array
items:
properties:
name:
description: The object attribute name.
type: string
example: StringAttr
displayName:
description: The display name of the object attribute.
type: string
example: attr_demoString
type:
description: The type of the object attribute.
type: string
example: string
multi:
description: A Boolean value indicating this is a multi-valued attribute.
type: boolean
example: false
defaultValue:
description: The default value of the object attribute.
type: string
example: None
system:
description: A Boolean value indicating this is a system attribute that does not have a source and is not configurable.
type: boolean
example: false
standard:
description: 'A Boolean value indicating this is a standard attribute (i.e. manager, email, firstname, lastname).'
type: boolean
example: false
extendedNumber:
description: Integer value of the extended attribute column number in the database schema.
type: integer
example: 2
namedColumn:
description: A Boolean value indicating this attribute has a named column in the database schema.
type: boolean
example: false
ruleName:
description: Rule used to derive the value. Usually specified when there are no attributeSources defined.
type: string
example: lastLoginToDate
groupFactory:
description: A Boolean value indicating this attribute can be used in a group factory. Identity attributes only.
type: boolean
example: true
editMode:
description: Enumeration indicating whether this attribute allows modification.
type: string
enum:
- READONLY
- PERMANENT
- UNTILFEEDVALUECHANGES
example: READONLY
attributeSources:
description: Sources of values for this atribute. Identity attributes only.
type: array
items:
properties:
name:
description: The name of the attribute on the application.
type: string
example: lastName
key:
description: Derived identifier for this source.
type: string
example: 'testInstancesApplication/inst2:lastName'
instance:
description: Optional instance name for template applications.
type: string
example: inst2
ruleName:
description: Rule used to derive the value.
type: string
example: Identity Attribute Rule - Type
attributeTargets:
description: Targets of this attribute that should receive the value upon attribute synchronization. Identity attributes only.
type: array
items:
properties:
name:
description: The name of the attribute on the application.
type: string
example: app2_active
key:
description: Derived identifier for this target.
type: string
example: 'Composite_ERP_Global_Platform:app2_inactive'
instance:
description: Optional instance name for template applications.
type: string
example: continuous-integration-environment1
ruleName:
description: Rule used to derive the value.
type: string
example: attributeTarget-aws-S3-rule
provisionAllAccount:
description: Return whether to provision all accounts if an identity has multiple accounts on the target application. Identity attributes only.
type: boolean
example: false
meta:
description: Metadata for the ObjectConfig
type: array
items:
properties:
created:
description: Datetime when the ObjectConfig was created
type: string
example: '2022-03-31T14:52:40.245-05:00'
location:
description: URL to the ObjectConfig
type: string
example: 'http://localhost:8080/identityiq/scim/v2/ObjectConfig/7f00000180281df7818028be62ef00e9'
lastModified:
description: Datetime of ObjectConfig last modification
type: string
example: '2022-03-31T14:52:40.265-05:00'
version:
description: ObjectConfig version
type: string
example: '"W"1649951092552"'
resourceType:
description: Resource type of the metadata subject
type: string
example: ObjectConfig
/PolicyViolations:
get:
operationId: getPolicyViolations
tags:
- PolicyViolations
summary: Returns all PolicyViolation resources.
description: This endpoint returns all PolicyViolation resources.
parameters:
- in: query
name: filter
schema:
type: string
example: constraintName eq "Mock Constraint"
description: 'Allows for query filters according to RFC-7644, Section 3.4.2.2 - not all operations are supported.'
- in: query
name: sortBy
schema:
type: string
example: constraintName
description: Allows sorting the results by a resource's attributes.
- in: query
name: sortOrder
schema:
type: string
example: descending
default: ascending
description: Determines what order to sort results in.
- in: query
name: startIndex
schema:
type: integer
example: 2313
default: 1
description: Determines the starting index of the result set.
- in: query
name: count
schema:
type: integer
example: 10
default: 1000
description: Specifies the number of results per page.
- in: query
name: attributes
schema:
type: string
example: 'policyName,constraintName'
description: 'A comma-separated list of attributes to return in the response. This query parameter supersedes excludedAttributes, so providing the same attribute(s) to both will result in the attribute(s) being returned.'
- in: query
name: excludedAttributes
schema:
type: string
example: 'policyName,constraintName'
description: A comma-separated list of attributes to exclude from the response. *Some attributes cannot be excluded.*
responses:
'200':
description: Returns all PolicyViolation resources.
content:
application/json:
schema:
properties:
totalResults:
description: Number of PolicyViolation resources returned
type: integer
example: '18,'
startIndex:
description: The starting index of the resource set list. Can be specified with startIndex query parameter.
type: integer
example: 1
schemas:
description: SCIM Schema used for response.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:api:messages:2.0:ListResponse'
Resources:
type: array
items:
properties:
id:
description: IdentityIQ id of the PolicyViolation.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
policyName:
description: Name of the Policy this PolicyViolation is associated with.
type: string
example: Entitlement Policy with Details
constraintName:
description: Name of the Constraint this PolicyViolation is associated with.
type: string
example: Entitlement Policy with Details
identity:
description: The Identity (User) that caused the PolicyViolation.
type: object
properties:
displayName:
description: Display name of the Identity that caused the PolicyViolation.
type: string
example: Bob Smith
value:
description: The id of the Identity which caused the PolicyViolation.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
$ref:
description: URI reference to the Identity (User).
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444'
owner:
description: The User that owns the Policy.
type: object
properties:
displayName:
description: Display name of the Policy owner.
type: string
example: Bob Smith
value:
description: The id of the Policy owner.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
$ref:
description: URI reference to the Policy owner.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444'
description:
description: Description of the PolicyViolation.
type: string
example: Production and development systems should not be available to one person.
status:
description: 'Status of the PolicyViolation. This can be Open, Mitigated, Remediated, or Delegated.'
type: string
example: Open
meta:
description: Metadata of the resource.
properties:
created:
description: Datetime this Resource was created.
type: string
format: date-time
example: '2022-02-11T01:34:04.074-05:00'
location:
description: The location of the resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0b4568a4fe7458c434ee77d1fbt156b'
lastModified:
description: Datetime the resource was last modified.
type: string
format: date-time
example: '2022-02-11T01:08:45.866-05:00'
version:
description: The version of the resource.
type: string
example: W/"1644561244074"
resourceType:
description: The SCIM resource type.
type: string
example: PolicyViolation
schemas:
description: The schemas involved in the SCIM resource.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:PolicyViolation'
application/scim+json:
schema:
properties:
totalResults:
description: Number of PolicyViolation resources returned.
type: integer
example: '1500,'
startIndex:
description: The starting index of the resource set list. Can be specified with startIndex query parameter.
type: integer
example: 1
schemas:
description: SCIM Schema used for response.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:api:messages:2.0:ListResponse'
Resources:
description: The SCIM resources returned for this endpoint.
type: array
items:
properties:
id:
description: IdentityIQ id of the PolicyViolation.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
policyName:
description: Name of the Policy this PolicyViolation is associated with.
type: string
example: Entitlement Policy with Details
constraintName:
description: Name of the Constraint this PolicyViolation is associated with.
type: string
example: Entitlement Policy with Details
identity:
description: The Identity (User) that caused the PolicyViolation.
type: object
properties:
displayName:
description: Display name of the Identity that caused the PolicyViolation.
type: string
example: Bob Smith
value:
description: The id of the Identity which caused the PolicyViolation.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
$ref:
description: URI reference to the Identity (User).
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444'
owner:
description: The User that owns the Policy.
type: object
properties:
displayName:
description: Display name of the Policy owner.
type: string
example: Bob Smith
value:
description: The id of the Policy owner.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
$ref:
description: URI reference to the Policy owner.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444'
description:
description: Description of the PolicyViolation.
type: string
example: Production and development systems should not be available to one person.
status:
description: 'Status of the PolicyViolation. This can be Open, Mitigated, Remediated, or Delegated.'
type: string
example: Open
meta:
description: Metadata of the resource.
properties:
created:
description: Datetime this Resource was created.
type: string
format: date-time
example: '2022-02-11T01:34:04.074-05:00'
location:
description: The location of the resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0b4568a4fe7458c434ee77d1fbt156b'
lastModified:
description: Datetime the resource was last modified.
type: string
format: date-time
example: '2022-02-11T01:08:45.866-05:00'
version:
description: The version of the resource.
type: string
example: W/"1644561244074"
resourceType:
description: The SCIM resource type.
type: string
example: PolicyViolation
schemas:
description: The schemas involved in the SCIM resource.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:PolicyViolation'
'/PolicyViolations/{policyViolationId}':
get:
operationId: getPolicyViolationById
tags:
- PolicyViolations
summary: Returns a PolicyViolation resource based on id.
description: The PolicyViolation resource with matching id is returned.
parameters:
- name: policyViolationId
in: path
schema:
type: string
description: The id of the PolicyViolation.
required: true
- in: query
name: attributes
schema:
type: string
example: 'policyName,constraintName'
description: 'A comma-separated list of attributes to return in the response. This query parameter supersedes excludedAttributes, so providing the same attribute(s) to both will result in the attribute(s) being returned.'
- in: query
name: excludedAttributes
schema:
type: string
example: 'policyName,constraintName'
description: A comma-separated list of attributes to exclude from the response. *Some attributes cannot be excluded.*
responses:
'200':
description: Returns a PolicyViolation resource based on the id.
content:
application/json:
schema:
properties:
id:
description: IdentityIQ id of the PolicyViolation.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
policyName:
description: Name of the Policy this PolicyViolation is associated with.
type: string
example: Entitlement Policy with Details
constraintName:
description: Name of the Constraint this PolicyViolation is associated with.
type: string
example: Entitlement Policy with Details
identity:
description: The Identity (User) that caused the PolicyViolation.
type: object
properties:
displayName:
description: Display name of the Identity that caused the PolicyViolation.
type: string
example: Bob Smith
value:
description: The id of the Identity which caused the PolicyViolation.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
$ref:
description: URI reference to the Identity (User).
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444'
owner:
description: The User that owns the Policy.
type: object
properties:
displayName:
description: Display name of the Policy owner.
type: string
example: Bob Smith
value:
description: The id of the Policy owner.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
$ref:
description: URI reference to the Policy owner.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444'
description:
description: Description of the PolicyViolation.
type: string
example: Production and development systems should not be available to one person.
status:
description: 'Status of the PolicyViolation. This can be Open, Mitigated, Remediated, or Delegated.'
type: string
example: Open
meta:
description: Metadata of the resource.
properties:
created:
description: Datetime this Resource was created.
type: string
format: date-time
example: '2022-02-11T01:34:04.074-05:00'
location:
description: The location of the resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0b4568a4fe7458c434ee77d1fbt156b'
lastModified:
description: Datetime the resource was last modified.
type: string
format: date-time
example: '2022-02-11T01:08:45.866-05:00'
version:
description: The version of the resource.
type: string
example: W/"1644561244074"
resourceType:
description: The SCIM resource type.
type: string
example: PolicyViolation
schemas:
description: The schemas involved in the SCIM resource.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:PolicyViolation'
application/scim+json:
schema:
properties:
id:
description: IdentityIQ id of the PolicyViolation.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
policyName:
description: Name of the Policy this PolicyViolation is associated with.
type: string
example: Entitlement Policy with Details
constraintName:
description: Name of the Constraint this PolicyViolation is associated with.
type: string
example: Entitlement Policy with Details
identity:
description: The Identity (User) that caused the PolicyViolation.
type: object
properties:
displayName:
description: Display name of the Identity that caused the PolicyViolation.
type: string
example: Bob Smith
value:
description: The id of the Identity which caused the PolicyViolation.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
$ref:
description: URI reference to the Identity (User).
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444'
owner:
description: The User that owns the Policy.
type: object
properties:
displayName:
description: Display name of the Policy owner.
type: string
example: Bob Smith
value:
description: The id of the Policy owner.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
$ref:
description: URI reference to the Policy owner.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444'
description:
description: Description of the PolicyViolation.
type: string
example: Production and development systems should not be available to one person.
status:
description: 'Status of the PolicyViolation. This can be Open, Mitigated, Remediated, or Delegated.'
type: string
example: Open
meta:
description: Metadata of the resource.
properties:
created:
description: Datetime this Resource was created.
type: string
format: date-time
example: '2022-02-11T01:34:04.074-05:00'
location:
description: The location of the resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0b4568a4fe7458c434ee77d1fbt156b'
lastModified:
description: Datetime the resource was last modified.
type: string
format: date-time
example: '2022-02-11T01:08:45.866-05:00'
version:
description: The version of the resource.
type: string
example: W/"1644561244074"
resourceType:
description: The SCIM resource type.
type: string
example: PolicyViolation
schemas:
description: The schemas involved in the SCIM resource.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:PolicyViolation'
/ResourceTypes:
get:
operationId: getResourceTypes
tags:
- ResourceTypes
summary: Returns all ResourceType resources.
description: 'All ResourceType resources are listed in the response. The common fields for each ResourceType entry are ''endpoint'', ''id'', ''name'', ''description'', ''schema'' and ''schemaExtensions''.'
responses:
'200':
description: Returns all ResourceType resources.
content:
application/json:
schema:
properties:
totalResults:
description: Number of ResourceType resources returned.
type: integer
example: 18
schemas:
description: The ResourceTypes type represented by URN used for this response.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:api:messages:2.0:ListResponse'
Resources:
type: array
items:
type: object
properties:
id:
description: ID of the ResourceType.
type: string
example: User
name:
description: Name of the ResourceType.
type: string
example: User
endpoint:
description: The ResourceType's HTTP addressable endpoint relative to the Base URL.
type: string
example: /Applications
description:
description: Description of the ResourceType.
type: string
example: User Account.
schema:
description: The primary/base schema URI of the ResourceType.
type: string
example: 'urn:ietf:params:scim:schemas:sailpoint:1.0:User'
schemaExtensions:
description: A list of URIs of the ResourceType's schema extensions.
type: array
items:
example:
- schema: 'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User'
required: true
- schema: 'urn:ietf:params:scim:schemas:sailpoint:1.0:User'
required: true
meta:
description: Metadata of the ResourceType.
type: object
properties:
location:
description: The location of the ResourceType.
type: string
example: 'http://localhost:8080/iiq/scim/v2/ResourceTypes/User'
resourceType:
description: The SCIM resource type.
type: string
example: ResourceType
schemas:
description: The schema for the ResourceType resource.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:core:2.0:ResourceType'
application/scim+json:
schema:
properties:
totalResults:
description: Number of Schema resources returned.
type: integer
example: 18
schemas:
description: The Schema type represented by URN used for this response.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:api:messages:2.0:ListResponse'
Resources:
type: array
items:
type: object
properties:
id:
description: ID of the ResourceType.
type: string
example: User
name:
description: Name of the ResourceType.
type: string
example: User
endpoint:
description: The ResourceType's HTTP addressable endpoint relative to the Base URL.
type: string
example: /Applications
description:
description: Description of the ResourceType.
type: string
example: User Account.
schema:
description: The primary/base schema URI of the ResourceType.
type: string
example: 'urn:ietf:params:scim:schemas:sailpoint:1.0:User'
schemaExtensions:
description: A list of URIs of the ResourceType's schema extensions.
type: array
items:
example:
- schema: 'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User'
required: true
- schema: 'urn:ietf:params:scim:schemas:sailpoint:1.0:User'
required: true
meta:
description: Metadata of the ResourceType.
type: object
properties:
location:
description: The location of the ResourceType.
type: string
example: 'http://localhost:8080/iiq/scim/v2/ResourceTypes/User'
resourceType:
description: The SCIM resource type.
type: string
example: ResourceType
schemas:
description: The schema for the ResourceType resource.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:core:2.0:ResourceType'
'/ResourceTypes/{resourceTypeId}':
get:
operationId: getResourceTypeById
tags:
- ResourceTypes
summary: Returns a ResourceType resource based on ID.
description: 'The ResourceType with the matching ID is returned. The ID is the URN of the SCIM resource. The common fields for each ResourceType entry are ''endpoint'', ''id'', ''name'', ''description'', ''schema'' and ''schemaExtensions''.'
parameters:
- name: resourceTypeId
in: path
schema:
type: string
description: ID of ResourceType resource.
required: true
responses:
'200':
description: Returns a single ResourceType resource based on the ID.
content:
application/json:
schema:
type: object
properties:
id:
description: ID of the ResourceType.
type: string
example: User
name:
description: Name of the ResourceType.
type: string
example: User
endpoint:
description: The ResourceType's HTTP addressable endpoint relative to the Base URL.
type: string
example: /Applications
description:
description: Description of the ResourceType.
type: string
example: User Account.
schema:
description: The primary/base schema URI of the ResourceType.
type: string
example: 'urn:ietf:params:scim:schemas:sailpoint:1.0:User'
schemaExtensions:
description: A list of URIs of the ResourceType's schema extensions.
type: array
items:
example:
- schema: 'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User'
required: true
- schema: 'urn:ietf:params:scim:schemas:sailpoint:1.0:User'
required: true
meta:
description: Metadata of the ResourceType.
type: object
properties:
location:
description: The location of the ResourceType.
type: string
example: 'http://localhost:8080/iiq/scim/v2/ResourceTypes/User'
resourceType:
description: The SCIM resource type.
type: string
example: ResourceType
schemas:
description: The schema for the ResourceType resource.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:core:2.0:ResourceType'
/Roles:
get:
operationId: getRoles
tags:
- Roles
summary: Returns all Role resources.
description: 'This endpoint returns all Role resources. Attributes to include in the response can be specified with the ''attributes'' query parameter. Attributes to exclude from the response can be specified with the ''excludedAttributes'' query parameter. The core schema is urn:ietf:params:scim:schemas:sailpoint:1.0:Role.'
parameters:
- in: query
name: filter
schema:
type: string
description: 'Allows for query filters according to RFC-7644, Section 3.4.2.2 - not all operations are supported.
**Example**: filter=name eq "Data Analyst"'
- in: query
name: sortBy
schema:
type: string
description: 'Allows sorting the results by a resource''s attributes.
**Example**: sortBy="name"'
- in: query
name: sortOrder
schema:
type: string
description: 'Determines what order to sort results in.
**Example**: sortOrder="descending"'
- in: query
name: startIndex
schema:
type: integer
description: 'Determines the starting index of the result set.
**Example**: startIndex=1100'
- in: query
name: count
schema:
type: integer
description: 'Specifies the number of results per page.
**Example**: count=10'
- in: query
name: attributes
schema:
type: string
description: 'The Role attributes to include in the response. The query parameter value is a comma-separated list of fields to be returned in the response for each Role.
**Example**: attributes=name,type,classifications
The attributes listed will be the only ones returned in the response, with the exception of id, schemas, and meta, which are always returned for a Role.'
- in: query
name: excludedAttributes
schema:
type: string
description: 'The Role attributes to exclude frome the response. The query parameter value is a comma-separated list of fields to be excluded from the response for each Role.
**Example**: excludedAttributes=permits,requirements,inheritance
The attributes listed will be the only ones excluded frome the response, with the exception of id, schemas, and meta, which are always returned for a Role.'
responses:
'200':
description: Returns all SCIM Role resources.
content:
application/json:
schema:
properties:
totalResults:
description: Number of Role resources returned
type: integer
example: '18,'
startIndex:
description: The starting index of the resource set list. Can be specified with startIndex query parameter.
type: integer
example: 1
schemas:
description: SCIM Schema used for response.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:api:messages:2.0:ListResponse'
Resources:
type: array
items:
properties:
id:
description: IIQ ID of the Role.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
name:
description: Unique name for the Role. This name MUST be unique across the entire set of Roles.
type: string
example: ADDirect-Production Manager
descriptions:
description: A list of localized descriptions of the Role.
type: array
example:
- locale: en_US
value: 'Directs production operations and processes for a plant, division, or company. Plans and maintains production schedules. Manages facilities and equipment maintenance.'
type:
description: The type of the Role.
type: object
example:
iiq: false
requirements: false
permits: false
displayName: IT
manualAssignment: false
name: it
autoAssignment: false
assignmentSelector: false
displayableName:
description: Displayable name of the Role.
type: string
example: Staging Test Engineer - IT
active:
description: Flag to indicate this Role is enabled or active.
type: boolean
example: true
activationDate:
description: The date the Role will turn from inactive/disabled to active/enabled.
type: string
format: date-time
example: '2022-02-11T01:08:45.866-05:00'
deactivationDate:
description: The date the Role will turn from active/enabled to inactive/disabled.
type: string
format: date-time
example: '2022-02-11T01:08:45.866-05:00'
owner:
description: The owner of the Role.
type: object
properties:
displayName:
description: Display name of the Role owner.
type: string
example: Lori Ferguson
value:
description: ID of the Role owner.
type: string
example: ac1301737f901991817f90d9eb050372
$ref:
description: URI reference of the Role owner resource.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Users/ac1301737f901991817f90d9eb050372'
inheritance:
description: Parent Roles this role inherits from.
type: array
properties:
displayName:
description: Display name of the parent Role.
type: string
example: Finance & Accounting
value:
description: ID of the parent Role.
type: string
example: ac1301737f901991817f90d9f054041c
$ref:
description: URI reference of the parent Role resource.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Roles/ac1301737f901991817f90d9f054041c'
requirements:
description: Roles this role requires. This is normally used with business roles to reference IT roles as a way of indicating which IT roles are required to support a business role.
type: array
properties:
displayName:
description: Display name of the required Role.
type: string
example: Accounting General Access - IT
value:
description: ID of the required Role.
type: string
example: ac1301737f901991817f90d9ed110387
$ref:
description: URI reference of the required Role resource.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Roles/ac1301737f901991817f90d9ed110387'
permits:
description: Roles this role permits. This is normally used with business roles to reference IT roles as a way of indicating which IT roles are allowed to support a business role.
type: array
properties:
displayName:
description: Display name of the permitted Role.
type: string
example: Accounts Payable Access - IT
value:
description: ID of the permitted Role.
type: string
example: ac1301737f901991817f90d9ed170388
$ref:
description: URI reference of the permitted Role resource.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Roles/ac1301737f901991817f90d9ed170388'
classifications:
description: Classifications of this Role.
type: array
example:
- effective: false
source: UI
classification:
displayName: Special2
origin: JDBCDirectDemoData
name: Special2
- effective: false
source: UI
classification:
displayName: Special7
origin: JDBCDirectDemoData
name: Special7
properties:
source:
description: The source of the ObjectClassification.
type: string
effective:
description: Flag indicating this is an effective Classification.
type: boolean
classification:
description: Classification of this Object.
type: object
properties:
name:
description: The name of the Classification.
type: string
displayName:
description: The displayName of the Classification.
type: string
origin:
description: The origin of the Classification.
type: string
type:
description: The type of the Classification. This can be used to group Classifications in/across different origins.
type: string
meta:
description: Metadata of the SCIM resource.
properties:
created:
description: Datetime this Role was created.
type: string
format: date-time
example: '2022-02-11T01:34:04.074-05:00'
location:
description: The location of the SCIM resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Roles/c0b4568a4fe7458c434ee77d1fbt156b'
lastModified:
description: Datetime the Role was last modified.
type: string
format: date-time
example: '2022-02-11T01:08:45.866-05:00'
version:
description: The version of the SCIM resource.
type: string
example: W/\"1644561244074\"
resourceType:
description: The SCIM resource type.
type: string
example: Role
schemas:
description: The schemas involved in the SCIM resource.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Role'
application/scim+json:
schema:
properties:
totalResults:
description: Number of Role resources returned.
type: integer
example: '1500,'
startIndex:
description: The starting index of the resource set list. Can be specified with startIndex query parameter.
type: integer
example: 1
schemas:
description: SCIM Schema used for response.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:api:messages:2.0:ListResponse'
Resources:
description: The SCIM resources returned for this endpoint.
type: array
items:
properties:
id:
description: IIQ ID of the Role.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
name:
description: Unique name for the Role. This name MUST be unique across the entire set of Roles.
type: string
example: ADDirect-Production Manager
descriptions:
description: A list of localized descriptions of the Role.
type: array
example:
- locale: en_US
value: 'Directs production operations and processes for a plant, division, or company. Plans and maintains production schedules. Manages facilities and equipment maintenance.'
type:
description: The type of the Role.
type: object
example:
iiq: false
requirements: false
permits: false
displayName: IT
manualAssignment: false
name: it
autoAssignment: false
assignmentSelector: false
displayableName:
description: Displayable name of the Role.
type: string
example: Staging Test Engineer - IT
active:
description: Flag to indicate this Role is enabled or active.
type: boolean
example: true
activationDate:
description: The date the Role will turn from inactive/disabled to active/enabled.
type: string
format: date-time
example: '2022-02-11T01:08:45.866-05:00'
deactivationDate:
description: The date the Role will turn from active/enabled to inactive/disabled.
type: string
format: date-time
example: '2022-02-11T01:08:45.866-05:00'
owner:
description: The owner of the Role.
type: object
properties:
displayName:
description: Display name of the Role owner.
type: string
example: Lori Ferguson
value:
description: ID of the Role owner.
type: string
example: ac1301737f901991817f90d9eb050372
$ref:
description: URI reference of the Role owner resource.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Users/ac1301737f901991817f90d9eb050372'
inheritance:
description: Parent Roles this role inherits from.
type: array
properties:
displayName:
description: Display name of the parent Role.
type: string
example: Finance & Accounting
value:
description: ID of the parent Role.
type: string
example: ac1301737f901991817f90d9f054041c
$ref:
description: URI reference of the parent Role resource.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Roles/ac1301737f901991817f90d9f054041c'
requirements:
description: Roles this role requires. This is normally used with business roles to reference IT roles as a way of indicating which IT roles are required to support a business role.
type: array
properties:
displayName:
description: Display name of the required Role.
type: string
example: Accounting General Access - IT
value:
description: ID of the required Role.
type: string
example: ac1301737f901991817f90d9ed110387
$ref:
description: URI reference of the required Role resource.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Roles/ac1301737f901991817f90d9ed110387'
permits:
description: Roles this role permits. This is normally used with business roles to reference IT roles as a way of indicating which IT roles are allowed to support a business role.
type: array
properties:
displayName:
description: Display name of the permitted Role.
type: string
example: Accounts Payable Access - IT
value:
description: ID of the permitted Role.
type: string
example: ac1301737f901991817f90d9ed170388
$ref:
description: URI reference of the permitted Role resource.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Roles/ac1301737f901991817f90d9ed170388'
classifications:
description: Classifications of this Role.
type: array
example:
- effective: false
source: UI
classification:
displayName: Special2
origin: JDBCDirectDemoData
name: Special2
- effective: false
source: UI
classification:
displayName: Special7
origin: JDBCDirectDemoData
name: Special7
properties:
source:
description: The source of the ObjectClassification.
type: string
effective:
description: Flag indicating this is an effective Classification.
type: boolean
classification:
description: Classification of this Object.
type: object
properties:
name:
description: The name of the Classification.
type: string
displayName:
description: The displayName of the Classification.
type: string
origin:
description: The origin of the Classification.
type: string
type:
description: The type of the Classification. This can be used to group Classifications in/across different origins.
type: string
meta:
description: Metadata of the SCIM resource.
properties:
created:
description: Datetime this Role was created.
type: string
format: date-time
example: '2022-02-11T01:34:04.074-05:00'
location:
description: The location of the SCIM resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Roles/c0b4568a4fe7458c434ee77d1fbt156b'
lastModified:
description: Datetime the Role was last modified.
type: string
format: date-time
example: '2022-02-11T01:08:45.866-05:00'
version:
description: The version of the SCIM resource.
type: string
example: W/\"1644561244074\"
resourceType:
description: The SCIM resource type.
type: string
example: Role
schemas:
description: The schemas involved in the SCIM resource.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Role'
'/Roles/{roleId}':
get:
operationId: getRole
tags:
- Roles
summary: Returns a Role resource based on ID or name.
description: 'The Role resource with matching ID or name is returned. Attributes to include in the response can be specified with the ''attributes'' query parameter. Attributes to exclude from the response can be specified with the ''excludedAttributes'' query parameter. The core schema is urn:ietf:params:scim:schemas:sailpoint:1.0:Role.'
parameters:
- name: roleId
in: path
schema:
type: string
description: ID or name of Role resource.
required: true
- in: query
name: lookupByName
schema:
type: boolean
description: 'A boolean value that determines if the Role resource will be looked up by name instead of Id (value in path parameter ''roleId''). Setting this query parameter to true will cause the value pulled from the ''roleId'' path parameter to be treated as a name when searching for the resource.
**Example**: scim/v2/Roles/**Data Analyst**?**lookupByName=true**'
- in: query
name: attributes
schema:
type: string
description: 'The Role attributes to include in the response. The query parameter value is a comma-separated list of fields to be returned in the response for each Role.
**Example**: attributes=name,type
The attributes listed will be the only ones returned in the response, with the exception of id, schemas, and meta, which are always returned for a Role.'
- in: query
name: excludedAttributes
schema:
type: string
description: 'The Role attributes to exclude frome the response. The query parameter value is a comma-separated list of fields to be excluded from the response for each Role.
**Example**: excludedAttributes=permits,requirements
The attributes listed will be the only ones excluded frome the response, with the exception of id, schemas, and meta, which are always returned for a Role.'
responses:
'200':
description: Returns a single Role resource based on the ID.
content:
application/json:
schema:
properties:
id:
description: IIQ ID of the Role.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
name:
description: Unique name for the Role. This name MUST be unique across the entire set of Roles.
type: string
example: ADDirect-Production Manager
descriptions:
description: A list of localized descriptions of the Role.
type: array
example:
- locale: en_US
value: 'Directs production operations and processes for a plant, division, or company. Plans and maintains production schedules. Manages facilities and equipment maintenance.'
type:
description: The type of the Role.
type: object
example:
iiq: false
requirements: false
permits: false
displayName: IT
manualAssignment: false
name: it
autoAssignment: false
assignmentSelector: false
displayableName:
description: Displayable name of the Role.
type: string
example: Staging Test Engineer - IT
active:
description: Flag to indicate this Role is enabled or active.
type: boolean
example: true
activationDate:
description: The date the Role will turn from inactive/disabled to active/enabled.
type: string
format: date-time
example: '2022-02-11T01:08:45.866-05:00'
deactivationDate:
description: The date the Role will turn from active/enabled to inactive/disabled.
type: string
format: date-time
example: '2022-02-11T01:08:45.866-05:00'
owner:
description: The owner of the Role.
type: object
properties:
displayName:
description: Display name of the Role owner.
type: string
example: Lori Ferguson
value:
description: ID of the Role owner.
type: string
example: ac1301737f901991817f90d9eb050372
$ref:
description: URI reference of the Role owner resource.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Users/ac1301737f901991817f90d9eb050372'
inheritance:
description: Parent Roles this role inherits from.
type: array
properties:
displayName:
description: Display name of the parent Role.
type: string
example: Finance & Accounting
value:
description: ID of the parent Role.
type: string
example: ac1301737f901991817f90d9f054041c
$ref:
description: URI reference of the parent Role resource.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Roles/ac1301737f901991817f90d9f054041c'
requirements:
description: Roles this role requires. This is normally used with business roles to reference IT roles as a way of indicating which IT roles are required to support a business role.
type: array
properties:
displayName:
description: Display name of the required Role.
type: string
example: Accounting General Access - IT
value:
description: ID of the required Role.
type: string
example: ac1301737f901991817f90d9ed110387
$ref:
description: URI reference of the required Role resource.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Roles/ac1301737f901991817f90d9ed110387'
permits:
description: Roles this role permits. This is normally used with business roles to reference IT roles as a way of indicating which IT roles are allowed to support a business role.
type: array
properties:
displayName:
description: Display name of the permitted Role.
type: string
example: Accounts Payable Access - IT
value:
description: ID of the permitted Role.
type: string
example: ac1301737f901991817f90d9ed170388
$ref:
description: URI reference of the permitted Role resource.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Roles/ac1301737f901991817f90d9ed170388'
classifications:
description: Classifications of this Role.
type: array
example:
- effective: false
source: UI
classification:
displayName: Special2
origin: JDBCDirectDemoData
name: Special2
- effective: false
source: UI
classification:
displayName: Special7
origin: JDBCDirectDemoData
name: Special7
properties:
source:
description: The source of the ObjectClassification.
type: string
effective:
description: Flag indicating this is an effective Classification.
type: boolean
classification:
description: Classification of this Object.
type: object
properties:
name:
description: The name of the Classification.
type: string
displayName:
description: The displayName of the Classification.
type: string
origin:
description: The origin of the Classification.
type: string
type:
description: The type of the Classification. This can be used to group Classifications in/across different origins.
type: string
meta:
description: Metadata of the SCIM resource.
properties:
created:
description: Datetime this Role was created.
type: string
format: date-time
example: '2022-02-11T01:34:04.074-05:00'
location:
description: The location of the SCIM resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Roles/c0b4568a4fe7458c434ee77d1fbt156b'
lastModified:
description: Datetime the Role was last modified.
type: string
format: date-time
example: '2022-02-11T01:08:45.866-05:00'
version:
description: The version of the SCIM resource.
type: string
example: W/\"1644561244074\"
resourceType:
description: The SCIM resource type.
type: string
example: Role
schemas:
description: The schemas involved in the SCIM resource.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Role'
/Schemas:
get:
operationId: getSchemas
tags:
- Schemas
summary: Returns all Schema resources.
description: All Schema resources are listed in the response. The 'attributes' field holds the schema-specific attributes which differ depending on Schema type.
responses:
'200':
description: Returns all Schema resources.
content:
application/json:
schema:
properties:
totalResults:
description: Number of Schemas returned.
type: integer
example: 18
schemas:
description: The Schema type used for this response.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:api:messages:2.0:ListResponse'
Resources:
type: array
items:
type: object
properties:
id:
description: The id of the Schema. The id is the SCIM URN of the Schema.
type: string
example: 'urn:ietf:params:scim:schemas:sailpoint:1.0:User'
name:
description: Name of the Schema.
type: string
example: User
description:
description: Description of the Schema.
type: string
example: Schema for a SCIM User.
attributes:
description: Attributes used to describe this Schema.
type: array
items:
properties:
uniqueness:
description: 'Determines whether there can be other Schema resources with the same value for this attribute. ''none'' means there is no concern for uniqueness, ''server'' means the uniqueness of this attribute should be guaranteed for this type of resource, and ''global'' means the uniqueness should be guaranteed across all resources.'
type: string
example: none
name:
description: Name of the attribute.
type: string
example: displayName
description:
description: Description of the attribute.
type: string
example: Display name of the User.
mutability:
description: 'Indicates the ability to change this attribute. Possible values are ''readOnly'', ''readWrite'', and ''writeOnly''.'
type: string
example: readOnly
type:
description: 'Defined as ''simple'' or ''complex'', where simple indicates attribute values stored as strings, integers, etc., and complex indicates object-based values.'
type: string
example: string
multiValued:
description: Describes whether this attribute is allowed multiple values.
type: boolean
example: false
caseExact:
description: True if attribute value is case-sensitive; false otherwise.
type: boolean
example: false
returned:
description: 'Dictates whether the attribute should be returned in a SCIM response body. Can be ''always'', ''default'', ''request'', or ''never''.'
type: string
example: default
required:
description: True if this attribute is required for this Schema; false otherwise.
type: boolean
example: false
canonicalValues:
description: List of canonical values that could be used to supplement attribute.
type: array
items:
type: string
example:
- httpbasic
- httpdigest
- oauth
subAttributes:
description: 'Only required if ''complex'' is specified for ''type''. If this attribute is of ''complex'' type, an array of objects can be stored in ''subAttributes'' with attributes relevant to the respective Schema.'
type: array
items:
additionalProperties:
anyOf:
- type: object
meta:
description: Metadata of the Schema.
type: object
properties:
location:
description: The location of the Schema.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Schemas/7f0123417e941b00007f9db3702906cb'
version:
description: The version of the Schema.
type: string
example: W"1647617443639"
resourceType:
description: The SCIM resource type.
type: string
example: Schema
schemas:
description: The schema for the Schema resource.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:core:2.0:Schema'
application/scim+json:
schema:
properties:
totalResults:
description: Number of Schemas returned.
type: integer
example: 18
schemas:
description: The Schema type used for this response.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:api:messages:2.0:ListResponse'
Resources:
type: array
items:
type: object
properties:
id:
description: The id of the Schema. The id is the SCIM URN of the Schema.
type: string
example: 'urn:ietf:params:scim:schemas:sailpoint:1.0:User'
name:
description: Name of the Schema.
type: string
example: User
description:
description: Description of the Schema.
type: string
example: Schema for a SCIM User.
attributes:
description: Attributes used to describe this Schema.
type: array
items:
properties:
uniqueness:
description: 'Determines whether there can be other Schema resources with the same value for this attribute. ''none'' means there is no concern for uniqueness, ''server'' means the uniqueness of this attribute should be guaranteed for this type of resource, and ''global'' means the uniqueness should be guaranteed across all resources.'
type: string
example: none
name:
description: Name of the attribute.
type: string
example: displayName
description:
description: Description of the attribute.
type: string
example: Display name of the User.
mutability:
description: 'Indicates the ability to change this attribute. Possible values are ''readOnly'', ''readWrite'', and ''writeOnly''.'
type: string
example: readOnly
type:
description: 'Defined as ''simple'' or ''complex'', where simple indicates attribute values stored as strings, integers, etc., and complex indicates object-based values.'
type: string
example: string
multiValued:
description: Describes whether this attribute is allowed multiple values.
type: boolean
example: false
caseExact:
description: True if attribute value is case-sensitive; false otherwise.
type: boolean
example: false
returned:
description: 'Dictates whether the attribute should be returned in a SCIM response body. Can be ''always'', ''default'', ''request'', or ''never''.'
type: string
example: default
required:
description: True if this attribute is required for this Schema; false otherwise.
type: boolean
example: false
canonicalValues:
description: List of canonical values that could be used to supplement attribute.
type: array
items:
type: string
example:
- httpbasic
- httpdigest
- oauth
subAttributes:
description: 'Only required if ''complex'' is specified for ''type''. If this attribute is of ''complex'' type, an array of objects can be stored in ''subAttributes'' with attributes relevant to the respective Schema.'
type: array
items:
additionalProperties:
anyOf:
- type: object
meta:
description: Metadata of the Schema.
type: object
properties:
location:
description: The location of the Schema.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Schemas/7f0123417e941b00007f9db3702906cb'
version:
description: The version of the Schema.
type: string
example: W"1647617443639"
resourceType:
description: The SCIM resource type.
type: string
example: Schema
schemas:
description: The schema for the Schema resource.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:core:2.0:Schema'
'/Schemas/{schemaId}':
get:
operationId: getSchemaById
tags:
- Schemas
summary: Returns a Schema based on id.
description: The Schema with the matching id is returned. The id is the URN of the SCIM resource. The 'attributes' field holds the schema-specific attributes which differ depending on Schema type.
parameters:
- name: schemaId
in: path
schema:
type: string
description: The id of the Schema.
required: true
responses:
'200':
description: Returns a single Schema based on the id.
content:
application/json:
schema:
type: object
properties:
id:
description: The id of the Schema. The id is the SCIM URN of the Schema.
type: string
example: 'urn:ietf:params:scim:schemas:sailpoint:1.0:User'
name:
description: Name of the Schema.
type: string
example: User
description:
description: Description of the Schema.
type: string
example: Schema for a SCIM User.
attributes:
description: Attributes used to describe this Schema.
type: array
items:
properties:
uniqueness:
description: 'Determines whether there can be other Schema resources with the same value for this attribute. ''none'' means there is no concern for uniqueness, ''server'' means the uniqueness of this attribute should be guaranteed for this type of resource, and ''global'' means the uniqueness should be guaranteed across all resources.'
type: string
example: none
name:
description: Name of the attribute.
type: string
example: displayName
description:
description: Description of the attribute.
type: string
example: Display name of the User.
mutability:
description: 'Indicates the ability to change this attribute. Possible values are ''readOnly'', ''readWrite'', and ''writeOnly''.'
type: string
example: readOnly
type:
description: 'Defined as ''simple'' or ''complex'', where simple indicates attribute values stored as strings, integers, etc., and complex indicates object-based values.'
type: string
example: string
multiValued:
description: Describes whether this attribute is allowed multiple values.
type: boolean
example: false
caseExact:
description: True if attribute value is case-sensitive; false otherwise.
type: boolean
example: false
returned:
description: 'Dictates whether the attribute should be returned in a SCIM response body. Can be ''always'', ''default'', ''request'', or ''never''.'
type: string
example: default
required:
description: True if this attribute is required for this Schema; false otherwise.
type: boolean
example: false
canonicalValues:
description: List of canonical values that could be used to supplement attribute.
type: array
items:
type: string
example:
- httpbasic
- httpdigest
- oauth
subAttributes:
description: 'Only required if ''complex'' is specified for ''type''. If this attribute is of ''complex'' type, an array of objects can be stored in ''subAttributes'' with attributes relevant to the respective Schema.'
type: array
items:
additionalProperties:
anyOf:
- type: object
meta:
description: Metadata of the Schema.
type: object
properties:
location:
description: The location of the Schema.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Schemas/7f0123417e941b00007f9db3702906cb'
version:
description: The version of the Schema.
type: string
example: W"1647617443639"
resourceType:
description: The SCIM resource type.
type: string
example: Schema
schemas:
description: The schema for the Schema resource.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:core:2.0:Schema'
/ServiceProviderConfig:
description: Schema for representing the service provider's configuration
get:
operationId: ServiceProviderConfigGet
tags:
- ServiceProviderConfig
summary: Returns all ServiceProviderConfig resources.
description: |
This endpoint returns all ServiceProviderConfig resources.
Attributes to include in the response can be specified with the 'attributes' query parameter.
Attributes to exclude from the response can be specified with the 'excludedAttributes' query parameter.
The schema related to ServiceProviderConfig is:
- **urn:ietf:params:scim:schemas:sailpoint:2.0:ServiceProviderConfig**
responses:
'200':
description: Returned all SCIM resources for this endpoint.
content:
application/json:
schema:
properties:
totalResults:
description: Number of resources returned for this endpoint.
type: integer
example: '1,'
startIndex:
description: The starting index of the resource set list. Can be specified with startIndex query parameter.
type: integer
example: 1
schemas:
description: SCIM Schema used for response.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:api:messages:2.0:ListResponse'
Resources:
type: array
items:
required:
- patch
- etag
- bulk
- filter
- changePassword
- sort
- authenticationSchemes
properties:
documentationUri:
description: An HTTP addressable URL pointing to the service provider's human consumable help documentation.
type: string
example: 'https://community.sailpoint.com/community/identityiq/product-downloads'
patch:
description: A complex type that specifies PATCH configuration options.
type: object
required:
- supported
properties:
supported:
type: boolean
description: Boolean value specifying whether the operation is supported.
example: false
etag:
description: A complex type that specifies ETAG configuration options.
type: object
required:
- supported
properties:
supported:
description: Boolean value specifying whether the operation is supported.
type: boolean
bulk:
description: A complex type that specifies ETAG configuration options.
type: object
required:
- supported
- maxOperations
- maxPayloadSize
properties:
supported:
description: Boolean value specifying whether the operation is supported.
type: boolean
example: false
maxOperations:
description: An integer value specifying the maximum number of operations.
type: integer
example: 3
maxPayloadSize:
description: An integer value specifying the maximum payload size in bytes.
type: integer
example: 128
filter:
description: A complex type that specifies FILTER options.
type: object
required:
- supported
- maxResults
properties:
supported:
description: Boolean value specifying whether the operation is supported.
type: boolean
example: true
maxResults:
description: Integer value specifying the maximum number of resources returned in a response.
type: integer
example: 10
changePassword:
description: A complex type that specifies change password options.
type: object
required:
- supported
properties:
supported:
description: Boolean value specifying whether the operation is supported.
type: boolean
example: false
sort:
description: A complex type that specifies sort result options.
type: object
required:
- supported
properties:
supported:
description: Boolean value specifying whether the operation is supported.
type: boolean
example: false
authenticationSchemes:
description: A complex type that specifies supported Authentication Scheme properties.
type: object
required:
- name
- description
- type
properties:
name:
description: 'The common authentication scheme name; e.g., HTTP Basic.'
type: string
example: HTTP Basic
description:
description: A description of the authentication scheme.
type: string
example: Authentication Scheme using the Http Basic Standard.
specUri:
description: An HTTP addressable URL pointing to the Authentication Scheme's specification.
type: string
example: 'http://www.ietf.org/rfc/rfc2617.txt'
documentationUri:
description: An HTTP addressable URL pointing to the Authentication Scheme's usage documentation.
type: string
example: 'https://community.sailpoint.com/community/identityiq/product-downloads'
type:
type: string
description: The authentication scheme.
enum:
- oauth
- oauth2
- oauthbearertoken
- httpbasic
- httpdigest
example: oauthbearertoken
meta:
type: object
properties:
location:
type: string
description: URL to ServiceProviderConfig resource.
example: 'http://localhost:8080/identityiq/scim/v2/ServiceProviderConfig'
resourceType:
type: string
description: Resource type of the metadata subject.
example: ServiceProviderConfig
application/scim+json:
schema:
properties:
maxResults:
description: Number of ServiceProviderConfig resources returned.
type: integer
example: '1500,'
supported:
type: boolean
example: true
schemas:
description: SCIM Schema used for response.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:api:messages:2.0:ListResponse'
Resources:
description: The SCIM resources returned for this endpoint.
type: array
items:
required:
- patch
- etag
- bulk
- filter
- changePassword
- sort
- authenticationSchemes
properties:
documentationUri:
description: An HTTP addressable URL pointing to the service provider's human consumable help documentation.
type: string
example: 'https://community.sailpoint.com/community/identityiq/product-downloads'
patch:
description: A complex type that specifies PATCH configuration options.
type: object
required:
- supported
properties:
supported:
type: boolean
description: Boolean value specifying whether the operation is supported.
example: false
etag:
description: A complex type that specifies ETAG configuration options.
type: object
required:
- supported
properties:
supported:
description: Boolean value specifying whether the operation is supported.
type: boolean
bulk:
description: A complex type that specifies ETAG configuration options.
type: object
required:
- supported
- maxOperations
- maxPayloadSize
properties:
supported:
description: Boolean value specifying whether the operation is supported.
type: boolean
example: false
maxOperations:
description: An integer value specifying the maximum number of operations.
type: integer
example: 3
maxPayloadSize:
description: An integer value specifying the maximum payload size in bytes.
type: integer
example: 128
filter:
description: A complex type that specifies FILTER options.
type: object
required:
- supported
- maxResults
properties:
supported:
description: Boolean value specifying whether the operation is supported.
type: boolean
example: true
maxResults:
description: Integer value specifying the maximum number of resources returned in a response.
type: integer
example: 10
changePassword:
description: A complex type that specifies change password options.
type: object
required:
- supported
properties:
supported:
description: Boolean value specifying whether the operation is supported.
type: boolean
example: false
sort:
description: A complex type that specifies sort result options.
type: object
required:
- supported
properties:
supported:
description: Boolean value specifying whether the operation is supported.
type: boolean
example: false
authenticationSchemes:
description: A complex type that specifies supported Authentication Scheme properties.
type: object
required:
- name
- description
- type
properties:
name:
description: 'The common authentication scheme name; e.g., HTTP Basic.'
type: string
example: HTTP Basic
description:
description: A description of the authentication scheme.
type: string
example: Authentication Scheme using the Http Basic Standard.
specUri:
description: An HTTP addressable URL pointing to the Authentication Scheme's specification.
type: string
example: 'http://www.ietf.org/rfc/rfc2617.txt'
documentationUri:
description: An HTTP addressable URL pointing to the Authentication Scheme's usage documentation.
type: string
example: 'https://community.sailpoint.com/community/identityiq/product-downloads'
type:
type: string
description: The authentication scheme.
enum:
- oauth
- oauth2
- oauthbearertoken
- httpbasic
- httpdigest
example: oauthbearertoken
meta:
type: object
properties:
location:
type: string
description: URL to ServiceProviderConfig resource.
example: 'http://localhost:8080/identityiq/scim/v2/ServiceProviderConfig'
resourceType:
type: string
description: Resource type of the metadata subject.
example: ServiceProviderConfig
/TaskResults:
get:
operationId: TaskResultsGet
tags:
- TaskResults
summary: Returns all TaskResult resources.
description: |
This endpoint returns all TaskResult resources.
Attributes to include in the response can be specified with the 'attributes' query parameter.
Attributes to exclude from the response can be specified with the 'excludedAttributes' query parameter.
The schema related to TaskResult is:
- **urn:ietf:params:scim:schemas:sailpoint:1.0:TaskResult**
parameters:
- in: query
name: filter
schema:
type: string
example: name eq "AdminsAggTask"
description: 'Allows for query filters according to RFC-7644, Section 3.4.2.2 - not all operations are supported.'
- in: query
name: lookupByName
schema:
type: boolean
default: false
example: true
description: '**(OPTIONAL)** Set to true if the TaskResult name is passed instead of the TaskResult id.'
- in: query
name: sortBy
schema:
type: string
example: launched
description: Allows sorting the results by a resource's attributes.
- in: query
name: sortOrder
schema:
type: string
default: ascending
example: descending
description: Determines what order to sort results in.
- in: query
name: startIndex
schema:
type: integer
example: 10
default: 1
description: Determines the starting index of the result set.
- in: query
name: count
schema:
type: integer
example: 5
default: 1000
description: Specifies the number of results per page.
- in: query
name: attributes
schema:
type: string
example: 'completionStatus, attributes'
description: 'A comma-separated list of attributes to return in the response. This query parameter supersedes excludedAttributes, so providing the same attribute(s) to both will result in the attribute(s) being returned.'
- in: query
name: excludedAttributes
schema:
type: string
example: 'taskDefinition, host'
description: A comma-separated list of attributes to exclude from the response. **Some attributes cannot be excluded.**
responses:
'200':
description: Returned all SCIM resources for this endpoint.
content:
application/json:
schema:
properties:
totalResults:
description: Number of resources returned for this endpoint
type: integer
example: '1,'
startIndex:
description: The starting index of the resource set list. Can be specified with startIndex query parameter.
type: integer
example: 1
schemas:
description: SCIM Schema used for response.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:api:messages:2.0:ListResponse'
Resources:
type: array
items:
properties:
id:
description: Unique identifier of the TaskResult.
type: string
example: 7f00000180281df7818028c03252085c
name:
description: Name of the TaskResult.
type: string
example: Aggregate HR Authoritative
type:
description: Type of the TaskResult.
type: string
example: AccountAggregation
completionStatus:
type: string
description: Completion Status of the TaskResult.
enum:
- Success
- Warning
- Error
- Terminated
- TempError
example: Success
launcher:
description: Launcher of the TaskResult.
type: string
example: spadmin
host:
description: Host of the TaskResult.
type: string
example: centos-server.local
progress:
description: Progress of the TaskResult.
type: string
example: Launched 2 partitions.
targetClass:
description: Target Class of the TaskResult.
type: string
example: Permission
targetName:
description: Target Name of the Task Result.
type: string
example: PAM Credential Container
terminated:
description: Flag to indicate this TaskResult is terminated.
type: boolean
example: true
partitioned:
description: Flag to indicate this TaskResult is partitioned.
type: boolean
example: true
launched:
type: string
format: date-time
description: The launched DateTime of the TaskResult.
example: '2022-04-14T10:45:26.114-05:00'
completed:
type: string
format: date-time
description: The completed DateTime of the TaskResult.
example: '2022-04-14T10:45:26.098-05:00'
expiration:
type: string
format: date-time
description: The expiration DateTime of the TaskResult.
example: '2022-05-03T16:40:34.271-05:00'
verified:
type: string
format: date-time
description: The verification DateTime of the TaskResult.
example: '2022-05-03T16:40:34.271-05:00'
percentageComplete:
type: integer
description: The percentage completed of this TaskResult.
example: 55
pendingSignOffs:
description: The number of pending signoffs of this TaskResult.
type: integer
example: 2
taskDefinition:
type: string
description: Name of the TaskDefinition of the TaskResult.
example: Aggregate HR Authoritative
taskSchedule:
description: Name of the TaskSchedule of the TaskResult.
type: string
example: Perform maintenance
attributes:
description: A list of attributes of the TaskResult.
type: array
items:
properties:
key:
description: The attribute key.
type: string
example: total
value:
description: The attribute value.
type: string
example: '3'
messages:
description: List of messages of the TaskResult.
type: array
items:
example:
- 'Unathorized access to database in server: 192.100.1.25'
meta:
type: object
properties:
created:
description: DateTime when the TaskResult was created.
type: string
format: date-time
example: '2022-04-14T10:44:54.834-05:00'
location:
description: URL to the TaskResult.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/TaskResults/7f00000180281df7818028c03252085c'
lastModified:
description: DateTime of TaskResult last modification.
type: string
format: date-time
example: '2022-04-05T15:52:30.119-05:00'
version:
description: TaskResult version.
type: string
example: '"W"1649951094834"'
resourceType:
description: Resource type of the metadata subject.
type: string
example: TaskResult
schemas:
type: array
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:TaskResult'
application/scim+json:
schema:
properties:
totalResults:
description: Number of TaskResult resources returned.
type: integer
example: '1500,'
startIndex:
description: The starting index of the resource set list. Can be specified with startIndex query parameter.
type: integer
example: 1
schemas:
description: SCIM Schema used for response.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:api:messages:2.0:ListResponse'
Resources:
description: The SCIM resources returned for this endpoint.
type: array
items:
properties:
id:
description: Unique identifier of the TaskResult.
type: string
example: 7f00000180281df7818028c03252085c
name:
description: Name of the TaskResult.
type: string
example: Aggregate HR Authoritative
type:
description: Type of the TaskResult.
type: string
example: AccountAggregation
completionStatus:
type: string
description: Completion Status of the TaskResult.
enum:
- Success
- Warning
- Error
- Terminated
- TempError
example: Success
launcher:
description: Launcher of the TaskResult.
type: string
example: spadmin
host:
description: Host of the TaskResult.
type: string
example: centos-server.local
progress:
description: Progress of the TaskResult.
type: string
example: Launched 2 partitions.
targetClass:
description: Target Class of the TaskResult.
type: string
example: Permission
targetName:
description: Target Name of the Task Result.
type: string
example: PAM Credential Container
terminated:
description: Flag to indicate this TaskResult is terminated.
type: boolean
example: true
partitioned:
description: Flag to indicate this TaskResult is partitioned.
type: boolean
example: true
launched:
type: string
format: date-time
description: The launched DateTime of the TaskResult.
example: '2022-04-14T10:45:26.114-05:00'
completed:
type: string
format: date-time
description: The completed DateTime of the TaskResult.
example: '2022-04-14T10:45:26.098-05:00'
expiration:
type: string
format: date-time
description: The expiration DateTime of the TaskResult.
example: '2022-05-03T16:40:34.271-05:00'
verified:
type: string
format: date-time
description: The verification DateTime of the TaskResult.
example: '2022-05-03T16:40:34.271-05:00'
percentageComplete:
type: integer
description: The percentage completed of this TaskResult.
example: 55
pendingSignOffs:
description: The number of pending signoffs of this TaskResult.
type: integer
example: 2
taskDefinition:
type: string
description: Name of the TaskDefinition of the TaskResult.
example: Aggregate HR Authoritative
taskSchedule:
description: Name of the TaskSchedule of the TaskResult.
type: string
example: Perform maintenance
attributes:
description: A list of attributes of the TaskResult.
type: array
items:
properties:
key:
description: The attribute key.
type: string
example: total
value:
description: The attribute value.
type: string
example: '3'
messages:
description: List of messages of the TaskResult.
type: array
items:
example:
- 'Unathorized access to database in server: 192.100.1.25'
meta:
type: object
properties:
created:
description: DateTime when the TaskResult was created.
type: string
format: date-time
example: '2022-04-14T10:44:54.834-05:00'
location:
description: URL to the TaskResult.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/TaskResults/7f00000180281df7818028c03252085c'
lastModified:
description: DateTime of TaskResult last modification.
type: string
format: date-time
example: '2022-04-05T15:52:30.119-05:00'
version:
description: TaskResult version.
type: string
example: '"W"1649951094834"'
resourceType:
description: Resource type of the metadata subject.
type: string
example: TaskResult
schemas:
type: array
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:TaskResult'
'/TaskResults/{taskResultId}':
get:
operationId: getTaskResultById
tags:
- TaskResults
summary: Returns a TaskResult resource based on id.
description: |
The TaskResult resource with matching id is returned.
Attributes to include in the response can be specified with the attributes query parameter.
Attributes to exclude from the response can be specified with the excludedAttributes query parameter.
The schema related to TaskResult is:
- **urn:ietf:params:scim:schemas:sailpoint:1.0:TaskResult**
parameters:
- name: taskResultId
in: path
schema:
type: string
example: c0a8019c802d1e5a81802eb2b57e020f
description: id of TaskResult resource.
required: true
- in: query
name: attributes
schema:
type: string
example: host
description: 'A comma-separated list of attributes to return in the response. This query parameter supersedes excludedAttributes, so providing the same attribute(s) to both will result in the attribute(s) being returned.'
- in: query
name: excludedAttributes
schema:
type: string
example: 'name, messages'
description: A comma-separated list of attributes to exclude from the response. **Some attributes cannot be excluded.**
responses:
'200':
description: Returns a single TaskResult resource based on the id.
content:
application/json:
schema:
properties:
id:
description: Unique identifier of the TaskResult.
type: string
example: c0a8019c80761c398180856488d2051d
name:
description: Name of the TaskResult.
type: string
example: Aggregate Composite Application
type:
description: Type of the TaskResult.
type: string
example: AccountAggregation
completionStatus:
type: string
description: Completion Status of the TaskResult.
enum:
- Success
- Warning
- Error
- Terminated
- TempError
example: Success
launcher:
description: Launcher of the TaskResult.
type: string
example: james.smith
host:
description: Host of the TaskResult.
type: string
example: mandrake.testdomain.com
progress:
description: Progress of the TaskResult.
type: string
example: 3/5 tasks completed.
targetClass:
description: Target Class of the TaskResult.
type: string
example: Permission
targetName:
description: Target Name of the Task Result.
type: string
example: Adam.Kennedy
terminated:
description: Flag to indicate this TaskResult is terminated.
type: boolean
example: false
partitioned:
description: Flag to indicate this TaskResult is partitioned.
type: boolean
example: true
launched:
type: string
format: date-time
description: The launched DateTime of the TaskResult.
example: '2022-05-02T10:30:00.014-05:00'
completed:
type: string
format: date-time
description: The completed DateTime of the TaskResult.
example: '2022-05-02T10:30:00.035-05:00'
expiration:
type: string
format: date-time
description: The expiration DateTime of the TaskResult.
example: '2022-05-03T16:40:34.271-05:00'
verified:
type: string
format: date-time
description: The verification DateTime of the TaskResult.
example: '2022-05-03T16:40:34.271-05:00'
percentageComplete:
type: integer
description: The percentage completed of this TaskResult.
example: 30
pendingSignOffs:
description: The number of pending signoffs of this TaskResult.
type: integer
example: 0
taskDefinition:
type: string
description: Name of the TaskDefinition of the TaskResult.
example: Workflow Launcher
taskSchedule:
description: Name of the TaskSchedule of the TaskResult.
type: string
example: Perform Identity Request Maintenance
attributes:
description: A list of attributes of the TaskResult.
type: array
items:
properties:
key:
description: The attribute key.
type: string
example: inactiveWorkItemsForwarded
value:
description: The attribute value.
type: string
example: '0'
messages:
description: List of messages of the TaskResult.
type: array
items:
example:
- Partition 2 is pending.
meta:
type: object
properties:
created:
description: DateTime when the TaskResult was created.
type: string
format: date-time
example: '2022-05-02T10:30:00.018-05:00'
location:
description: URL to the TaskResult.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/TaskResults/c0a8019c80761c398180856488d2051d'
lastModified:
description: DateTime of TaskResult last modification.
type: string
format: date-time
example: '2022-05-02T10:30:00.036-05:00'
version:
description: TaskResult version.
type: string
example: W"1651505400036"
resourceType:
description: Resource type of the metadata subject.
type: string
example: TaskResult
schemas:
type: array
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:TaskResult'
/Users:
get:
operationId: getUsers
tags:
- Users
summary: Returns all User resources.
description: 'This endpoint returns all User resources. There are attributes marked as ''returned only by request'', such as **roles**, which must be provided as part of the **attributes** query parameter in order to be included in the response.'
parameters:
- in: query
name: filter
schema:
type: string
example: location eq "Raleigh" and name.givenName sw "j" and name.familyName sw "s"
description: 'Allows for query filters according to RFC-7644, Section 3.4.2.2 - not all operations are supported.'
- in: query
name: sortBy
schema:
type: string
example: userName
description: Allows sorting the results by a resource's attributes.
- in: query
name: sortOrder
schema:
type: string
example: descending
default: ascending
description: Determines what order to sort results in.
- in: query
name: startIndex
schema:
type: integer
example: 2313
default: 1
description: Determines the starting index of the result set.
- in: query
name: count
schema:
type: integer
example: 10
default: 1000
description: Specifies the number of results per page.
- in: query
name: attributes
schema:
type: string
example: 'userName,nativeIdentity'
description: 'A comma-separated list of attributes to return in the response. This query parameter supersedes excludedAttributes, so providing the same attribute(s) to both will result in the attribute(s) being returned.'
- in: query
name: excludedAttributes
schema:
type: string
example: 'userName,manuallyCorrelated'
description: A comma-separated list of attributes to exclude from the response. *Some attributes cannot be excluded.*
responses:
'200':
description: Returns all SCIM User resources.
content:
application/json:
schema:
properties:
totalResults:
description: Number of User resources returned
type: integer
example: 18
startIndex:
description: The starting index of the resource set list. Can be specified with startIndex query parameter.
type: integer
example: 1
schemas:
description: SCIM Schema used for response.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:api:messages:2.0:ListResponse'
Resources:
type: array
items:
properties:
id:
description: IdentityIQ id of the User.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
userName:
description: Unique identifier for the User. Typically used to directly authenticate to the service provider. Each User MUST include a non-empty userName value. This identifier MUST be unique across the entire set of Users. Cannot be changed.
type: string
example: Mock.User
name:
description: 'The components of the User’s real name. Providers may return just the full name as a single string in the formatted sub-attribute, or they MAY return just the individual component attributes using the other sub-attributes, or they MAY return both. If both variants are returned, they SHOULD be describing the same name, with the formatted name indicating how the component attributes should be combined.'
properties:
formatted:
description: 'The full name, including all middle names, titles, and suffixes as appropriate, formatted for display.'
type: string
example: 'Ms. Barbara J Jensen, III'
familyName:
description: 'The family name of the User, or Last Name in most Western languages'
type: string
example: Jensen
givenName:
description: 'The given name of the User, or First Name in most Western languages'
type: string
example: Barbara
displayName:
description: 'The name of the User, suitable for display to end-users. The name should be the full name of the User being described.'
type: string
example: Barbara Jensen
userType:
description: 'The type of the User, identifying the relationship between the organization and the User.'
type: string
example: employee
active:
description: A Boolean value indicating the User’s administrative status.
type: boolean
example: true
emails:
description: 'Email addresses for the user. The value SHOULD be canonicalized by the Service Provider, e.g., bjensen@example.com instead of bjensen@EXAMPLE.COM. Canonical Type values of work, home, and other.'
type: array
items:
properties:
type:
description: 'Type of email address (work, home, other).'
type: string
example: work
value:
description: Canonicalized email address.
type: string
format: email
example: Barbara.Jensen@example.com
primary:
description: A Boolean value indicating the primary e-mail address. The primary attribute value 'true' MUST appear no more than once.
type: boolean
example: true
'urn:ietf:params:scim:schemas:sailpoint:1.0:User':
description: Additional attributes of the User.
type: object
properties:
accounts:
description: Simple representation of the Account (or Link) ResourceType.
type: array
items:
properties:
displayName:
description: The display name of the Account.
type: string
example: Bob.Smith
value:
description: The id of the SCIM resource representing the Account.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
$ref:
description: The URI of the SCIM resource representing the Account.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Accounts/c0a7778b7ef71e79817ee74e6a1f0444'
entitlements:
description: Entitlements of the User. Returned in response only if requested using the 'attributes' query parameter.
type: array
items:
properties:
value:
description: The value of the Entitlement.
type: string
example: groupmbr
display:
description: The display name of the Entitlement.
type: string
example: HelpDesk
type:
description: 'The type of Entitlement (Entitlement, Permission, etc.).'
type: string
example: Permission
application:
description: The name of the Application this Entitlement applies to.
type: string
example: ADMockApp
accountName:
description: The account this Entitlement was sourced from.
type: string
example: 'CN=Barbara Jensen,OU=Taipei,OU=Asia-Pacific,DC=example,DC=com'
$ref:
description: The URI of the SCIM resource representing the Entitlement.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Entitlements/c0a7777a7f74744d817e74fc12362c67'
roles:
description: Roles of the User. Returned only if requested. Returned in response only if requested using the 'attributes' query parameter.
type: array
items:
properties:
value:
description: The value of the Role.
type: string
example: detectedRoles
display:
description: The display name of the Role.
type: string
example: User - IT
type:
description: 'The type of Role (IT, Business, etc.).'
type: string
example: it
acquired:
description: Indicates how this Role was acquired. Assigned or Detected.
type: string
example: Assigned
application:
description: The name of the Application where this Role came from.
type: string
example: Active_Directory
accountName:
description: The name of the Account this Role was sourced from.
type: string
example: 'CN=Barbara Jensen,OU=Taipei,OU=Asia-Pacific,DC=example,DC=com'
$ref:
description: The URI of the SCIM resource representing the Role.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Roles/c0a7777a7f74744d817e74fc12362c67'
capabilities:
description: Capabilities assigned to this User.
type: array
items:
type: string
example: ['SystemAdministrator']
riskScore:
description: Composite Risk Score of this User.
type: integer
example: 125
isManager:
description: A Boolean value that determines if this User is a manager.
type: boolean
example: false
administrator:
description: The Administrator of the RPA or Service Account. This attribute is only applicable if the User type is RPA/Bots or Service.
properties:
displayName:
description: The display name of the Administrator of RPA user or Service account.
type: string
example: Bob Smith
value:
description: The id of the SCIM resource representing the Administrator of RPA user or Service account.
type: string
example: c0a7777a7f74744d817e74fc12362c67O
$ref:
description: The URI of the SCIM resource representing the Administrator of RPA user or Service Account.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7777a7f74744d817e74fc12362c67'
softwareVersion:
description: The software version of the RPA/Bots.
type: string
example: '7.3'
empId:
description: Employee id associated with this User.
type: string
example: 1b2a3c
dn:
description: Distinguished name for this User.
type: string
example: 'cn=Bob Smith,ou=services'
region:
description: The region this User is assigned to.
type: string
example: Americas
regionOwner:
description: The User who owns the region that this resource (User) belongs to.
properties:
displayName:
description: Display name of the region owner.
type: string
example: Joe Smith
value:
description: The id of the region owner.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
$ref:
description: URI reference of the region owner resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0b4568a4fe7458c434ee77d1fbt156b'
location:
description: The location this User is assigned to.
type: string
example: Singapore
locationOwner:
description: The User who owns the location that this resource (User) belongs to.
type: object
properties:
displayName:
description: Display name of the location owner.
type: string
example: Bob Smith
value:
description: The id of the location owner.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
$ref:
description: URI reference to the location owner resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444'
Department:
description: Department this User is assigned to.
type: string
example: Regional Operations
costcenter:
description: Cost centers this User is associated with.
type: array
items:
type: string
example:
- CC01
- DD02
jobtitle:
description: Job title given to this User.
type: string
example: Internal Audit Manager
lastRefresh:
description: Datetime representation of the last refresh for this User.
type: string
format: date-time
'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User':
description: Enterprise User Schema. Contains the manager of the User.
properties:
manager:
description: Manager of the User.
properties:
displayName:
description: Display name of the User's manager.
type: string
example: Bob Smith
value:
description: The id of the SCIM resource representing the User’s manager.
type: string
example: c7a7347a7fe71e69077ee75f5d1f1237
$ref:
description: The URI of the SCIM resource representing the User’s manager.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c7a7347a7fe71e69077ee75f5d1f1237'
meta:
description: Metadata of the resource.
properties:
created:
description: Datetime this resource was created.
type: string
format: date-time
example: '2022-02-11T01:34:04.074-05:00'
location:
description: The location of the resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0b4568a4fe7458c434ee77d1fbt156b'
lastModified:
description: Datetime the resource was last modified.
type: string
format: date-time
example: '2022-02-11T01:08:45.866-05:00'
version:
description: The version of the resource.
type: string
example: W"1644561244074"
resourceType:
description: The SCIM resource type.
type: string
example: User
schemas:
description: The schemas involved in the SCIM resource.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:User'
- 'urn:ietf:params:scim:schemas:core:2.0:User'
- 'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User'
application/scim+json:
schema:
properties:
totalResults:
description: Number of User resources returned.
type: integer
example: '1500,'
startIndex:
description: The starting index of the resource set list. Can be specified with startIndex query parameter.
type: integer
example: 1
schemas:
description: SCIM Schema used for response.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:api:messages:2.0:ListResponse'
Resources:
description: The SCIM resources returned for this endpoint.
type: array
items:
properties:
id:
description: IdentityIQ id of the User.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
userName:
description: Unique identifier for the User. Typically used to directly authenticate to the service provider. Each User MUST include a non-empty userName value. This identifier MUST be unique across the entire set of Users. Cannot be changed.
type: string
example: Mock.User
name:
description: 'The components of the User’s real name. Providers may return just the full name as a single string in the formatted sub-attribute, or they MAY return just the individual component attributes using the other sub-attributes, or they MAY return both. If both variants are returned, they SHOULD be describing the same name, with the formatted name indicating how the component attributes should be combined.'
properties:
formatted:
description: 'The full name, including all middle names, titles, and suffixes as appropriate, formatted for display.'
type: string
example: 'Ms. Barbara J Jensen, III'
familyName:
description: 'The family name of the User, or Last Name in most Western languages'
type: string
example: Jensen
givenName:
description: 'The given name of the User, or First Name in most Western languages'
type: string
example: Barbara
displayName:
description: 'The name of the User, suitable for display to end-users. The name should be the full name of the User being described.'
type: string
example: Barbara Jensen
userType:
description: 'The type of the User, identifying the relationship between the organization and the User.'
type: string
example: employee
active:
description: A Boolean value indicating the User’s administrative status.
type: boolean
example: true
emails:
description: 'Email addresses for the user. The value SHOULD be canonicalized by the Service Provider, e.g., bjensen@example.com instead of bjensen@EXAMPLE.COM. Canonical Type values of work, home, and other.'
type: array
items:
properties:
type:
description: 'Type of email address (work, home, other).'
type: string
example: work
value:
description: Canonicalized email address.
type: string
format: email
example: Barbara.Jensen@example.com
primary:
description: A Boolean value indicating the primary e-mail address. The primary attribute value 'true' MUST appear no more than once.
type: boolean
example: 'true'
'urn:ietf:params:scim:schemas:sailpoint:1.0:User':
description: Additional attributes of the User.
type: object
properties:
accounts:
description: Simple representation of the Account (or Link) ResourceType.
type: array
items:
properties:
displayName:
description: The display name of the Account.
type: string
example: Bob.Smith
value:
description: The id of the SCIM resource representing the Account.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
$ref:
description: The URI of the SCIM resource representing the Account.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Accounts/c0a7778b7ef71e79817ee74e6a1f0444'
entitlements:
description: Entitlements of the User. Returned in response only if requested using the 'attributes' query parameter.
type: array
items:
properties:
value:
description: The value of the Entitlement.
type: string
example: groupmbr
display:
description: The display name of the Entitlement.
type: string
example: HelpDesk
type:
description: 'The type of Entitlement (Entitlement, Permission, etc.).'
type: string
example: Permission
application:
description: The name of the Application this Entitlement applies to.
type: string
example: ADMockApp
accountName:
description: The account this Entitlement was sourced from.
type: string
example: 'CN=Barbara Jensen,OU=Taipei,OU=Asia-Pacific,DC=example,DC=com'
$ref:
description: The URI of the SCIM resource representing the Entitlement.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Entitlements/c0a7777a7f74744d817e74fc12362c67'
roles:
description: Roles of the User. Returned only if requested. Returned in response only if requested using the 'attributes' query parameter.
type: array
items:
properties:
value:
description: The value of the Role.
type: string
example: detectedRoles
display:
description: The display name of the Role.
type: string
example: User - IT
type:
description: 'The type of Role (IT, Business, etc.).'
type: string
example: it
acquired:
description: Indicates how this Role was acquired. Assigned or Detected.
type: string
example: Assigned
application:
description: The name of the Application where this Role came from.
type: string
example: Active_Directory
accountName:
description: The name of the Account this Role was sourced from.
type: string
example: 'CN=Barbara Jensen,OU=Taipei,OU=Asia-Pacific,DC=example,DC=com'
$ref:
description: The URI of the SCIM resource representing the Role.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Roles/c0a7777a7f74744d817e74fc12362c67'
capabilities:
description: Capabilities assigned to this User.
type: array
items:
type: string
example: '["SystemAdministrator"]'
riskScore:
description: Composite Risk Score of this User.
type: integer
example: 125
isManager:
description: A Boolean value that determines if this User is a manager.
type: boolean
example: false
administrator:
description: The Administrator of the RPA or Service Account. This attribute is only applicable if the User type is RPA/Bots or Service.
properties:
displayName:
description: The display name of the Administrator of RPA user or Service account.
type: string
example: Bob Smith
value:
description: The id of the SCIM resource representing the Administrator of RPA user or Service account.
type: string
example: c0a7777a7f74744d817e74fc12362c67O
$ref:
description: The URI of the SCIM resource representing the Administrator of RPA user or Service Account.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7777a7f74744d817e74fc12362c67'
softwareVersion:
description: The software version of the RPA/Bots.
type: string
example: '7.3'
empId:
description: Employee id associated with this User.
type: string
example: 1b2a3c
dn:
description: Distinguished name for this User.
type: string
example: 'cn=Bob Smith,ou=services'
region:
description: The region this User is assigned to.
type: string
example: Americas
regionOwner:
description: The User who owns the region that this resource (User) belongs to.
properties:
displayName:
description: Display name of the region owner.
type: string
example: Joe Smith
value:
description: The id of the region owner.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
$ref:
description: URI reference of the region owner resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0b4568a4fe7458c434ee77d1fbt156b'
location:
description: The location this User is assigned to.
type: string
example: Singapore
locationOwner:
description: The User who owns the location that this resource (User) belongs to.
type: object
properties:
displayName:
description: Display name of the location owner.
type: string
example: Bob Smith
value:
description: The id of the location owner.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
$ref:
description: URI reference to the location owner resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444'
Department:
description: Department this User is assigned to.
type: string
example: Regional Operations
costcenter:
description: Cost centers this User is associated with.
type: array
items:
type: string
example:
- CC01
- DD02
jobtitle:
description: Job title given to this User.
type: string
example: Internal Audit Manager
lastRefresh:
description: Datetime representation of the last refresh for this User.
type: string
format: date-time
'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User':
description: Enterprise User Schema. Contains the manager of the User.
properties:
manager:
description: Manager of the User.
properties:
displayName:
description: Display name of the User's manager.
type: string
example: Bob Smith
value:
description: The id of the SCIM resource representing the User’s manager.
type: string
example: c7a7347a7fe71e69077ee75f5d1f1237
$ref:
description: The URI of the SCIM resource representing the User’s manager.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c7a7347a7fe71e69077ee75f5d1f1237'
meta:
description: Metadata of the resource.
properties:
created:
description: Datetime this resource was created.
type: string
format: date-time
example: '2022-02-11T01:34:04.074-05:00'
location:
description: The location of the resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0b4568a4fe7458c434ee77d1fbt156b'
lastModified:
description: Datetime the resource was last modified.
type: string
format: date-time
example: '2022-02-11T01:08:45.866-05:00'
version:
description: The version of the resource.
type: string
example: W"1644561244074"
resourceType:
description: The SCIM resource type.
type: string
example: User
schemas:
description: The schemas involved in the SCIM resource.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:User'
- 'urn:ietf:params:scim:schemas:core:2.0:User'
- 'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User'
post:
operationId: createUser
tags:
- Users
summary: Creates a User.
description: 'The endpoint used to create a User resource. There are attributes marked as ''returned only by request'', such as **roles**, which must be provided as part of the **attributes** query parameter in order to be included in the response.'
parameters:
- in: query
name: attributes
schema:
type: string
example: 'userName,nativeIdentity'
description: 'A comma-separated list of attributes to return in the response. This query parameter supersedes excludedAttributes, so providing the same attribute(s) to both will result in the attribute(s) being returned.'
- in: query
name: excludedAttributes
schema:
type: string
example: 'userName,manuallyCorrelated'
description: A comma-separated list of attributes to exclude from the response. *Some attributes cannot be excluded.*
requestBody:
required: true
content:
application/scim+json:
schema:
properties:
userName:
description: Unique identifier for the User. Typically used to directly authenticate to the service provider. Each User MUST include a non-empty userName value. This identifier MUST be unique across the entire set of Users. This attribute cannot be changed.
type: string
example: Mock.User
name:
description: 'The components of the User’s real name. Providers may return just the full name as a single string in the formatted sub-attribute, or they MAY return just the individual component attributes using the other sub-attributes, or they MAY return both. If both variants are returned, they SHOULD be describing the same name, with the formatted name indicating how the component attributes should be combined.'
properties:
formatted:
description: 'The full name, including all middle names, titles, and suffixes as appropriate, formatted for display.'
type: string
example: 'Ms. Barbara J Jensen, III'
familyName:
description: 'The family name of the User, or Last Name in most Western languages'
type: string
example: Jensen
givenName:
description: 'The given name of the User, or First Name in most Western languages'
type: string
example: Barbara
displayName:
description: 'The name of the User, suitable for display to end-users. The name should be the full name of the User being described.'
type: string
example: Barbara Jensen
userType:
description: 'The type of the User, identifying the relationship between the organization and the User.'
type: string
example: employee
active:
description: A Boolean value indicating the User’s administrative status.
type: boolean
example: true
password:
description: The User's case-sensitive cleartext password. This attribute is intended to be used as a means to specify an initial password when creating a new User or to reset an existing User's password. This attribute will never be returned in a response.
type: string
emails:
description: 'Email addresses for the user. The value SHOULD be canonicalized by the Service Provider, e.g., bjensen@example.com instead of bjensen@EXAMPLE.COM. Canonical Type values of work, home, and other.'
type: array
items:
properties:
type:
description: 'Type of email address (work, home, other).'
type: string
example: work
value:
description: Canonicalized email address.
type: string
format: email
example: Barbara.Jensen@example.com
primary:
description: A Boolean value indicating the primary e-mail address. The primary attribute value 'true' MUST appear no more than once.
type: boolean
example: 'true'
'urn:ietf:params:scim:schemas:sailpoint:1.0:User':
properties:
capabilities:
description: Capabilities assigned to this User.
type: array
items:
type: string
example: '["SystemAdministrator"]'
administrator:
description: The Administrator of the RPA or Service Account. This attribute is only applicable if the User type is RPA/Bots or Service.
properties:
displayName:
description: The display name of the Administrator of RPA user or Service account.
type: string
example: Bob Smith
value:
description: The id of the SCIM resource representing the Administrator of RPA user or Service account.
type: string
example: c0a7777a7f74744d817e74fc12362c67O
$ref:
description: The URI of the SCIM resource representing the Administrator of RPA user or Service Account.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7777a7f74744d817e74fc12362c67'
softwareVersion:
description: The software version of the RPA/Bots.
type: string
example: '7.3'
empId:
description: Employee id associated with this User.
type: string
example: 1b2a3c
dn:
description: Distinguished name for this User.
type: string
example: 'cn=Bob Smith,ou=services'
region:
description: The region this User is assigned to.
type: string
example: Americas
regionOwner:
description: The User who owns the region that this resource (User) belongs to.
properties:
displayName:
description: Display name of the region owner.
type: string
example: Joe Smith
value:
description: The id of the region owner.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
$ref:
description: URI reference of the region owner resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0b4568a4fe7458c434ee77d1fbt156b'
location:
description: The location this User is assigned to.
type: string
example: Singapore
locationOwner:
description: The User who owns the location that this resource (User) belongs to.
type: object
properties:
displayName:
description: Display name of the location owner.
type: string
example: Bob Smith
value:
description: The id of the location owner.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
$ref:
description: URI reference to the location owner resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444'
Department:
description: Department this User is assigned to.
type: string
example: Regional Operations
costcenter:
description: Cost centers this User is associated with.
type: array
items:
type: string
example:
- CC01
- DD02
jobtitle:
description: Job title given to this User.
type: string
example: Internal Audit Manager
'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User':
description: Enterprise User Schema. Contains the manager of the User.
properties:
manager:
description: Manager of the user.
properties:
displayName:
description: Display name of the manager.
type: string
example: Bob Smith
value:
description: The id of the manager.
type: string
example: c7a7347a7fe71e69077ee75f5d1f1237
$ref:
description: Reference to the manager resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c7a7347a7fe71e69077ee75f5d1f1237'
required:
- userName
'*/*':
schema:
properties:
userName:
description: Unique identifier for the User. Typically used to directly authenticate to the service provider. Each User MUST include a non-empty userName value. This identifier MUST be unique across the entire set of Users. This attribute cannot be changed.
type: string
example: Mock.User
name:
description: 'The components of the User’s real name. Providers may return just the full name as a single string in the formatted sub-attribute, or they MAY return just the individual component attributes using the other sub-attributes, or they MAY return both. If both variants are returned, they SHOULD be describing the same name, with the formatted name indicating how the component attributes should be combined.'
properties:
formatted:
description: 'The full name, including all middle names, titles, and suffixes as appropriate, formatted for display.'
type: string
example: 'Ms. Barbara J Jensen, III'
familyName:
description: 'The family name of the User, or Last Name in most Western languages'
type: string
example: Jensen
givenName:
description: 'The given name of the User, or First Name in most Western languages'
type: string
example: Barbara
displayName:
description: 'The name of the User, suitable for display to end-users. The name should be the full name of the User being described.'
type: string
example: Barbara Jensen
userType:
description: 'The type of the User, identifying the relationship between the organization and the User.'
type: string
example: employee
active:
description: A Boolean value indicating the User’s administrative status.
type: boolean
example: true
password:
description: The User's case-sensitive cleartext password. This attribute is intended to be used as a means to specify an initial password when creating a new User or to reset an existing User's password. This attribute will never be returned in a response.
type: string
emails:
description: 'Email addresses for the user. The value SHOULD be canonicalized by the Service Provider, e.g., bjensen@example.com instead of bjensen@EXAMPLE.COM. Canonical Type values of work, home, and other.'
type: array
items:
properties:
type:
description: 'Type of email address (work, home, other).'
type: string
example: work
value:
description: Canonicalized email address.
type: string
format: email
example: Barbara.Jensen@example.com
primary:
description: A Boolean value indicating the primary e-mail address. The primary attribute value 'true' MUST appear no more than once.
type: boolean
example: 'true'
'urn:ietf:params:scim:schemas:sailpoint:1.0:User':
properties:
capabilities:
description: Capabilities assigned to this User.
type: array
items:
type: string
example: '["SystemAdministrator"]'
administrator:
description: The Administrator of the RPA or Service Account. This attribute is only applicable if the User type is RPA/Bots or Service.
properties:
displayName:
description: The display name of the Administrator of RPA user or Service account.
type: string
example: Bob Smith
value:
description: The id of the SCIM resource representing the Administrator of RPA user or Service account.
type: string
example: c0a7777a7f74744d817e74fc12362c67O
$ref:
description: The URI of the SCIM resource representing the Administrator of RPA user or Service Account.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7777a7f74744d817e74fc12362c67'
softwareVersion:
description: The software version of the RPA/Bots.
type: string
example: '7.3'
empId:
description: Employee id associated with this User.
type: string
example: 1b2a3c
dn:
description: Distinguished name for this User.
type: string
example: 'cn=Bob Smith,ou=services'
region:
description: The region this User is assigned to.
type: string
example: Americas
regionOwner:
description: The User who owns the region that this resource (User) belongs to.
properties:
displayName:
description: Display name of the region owner.
type: string
example: Joe Smith
value:
description: The id of the region owner.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
$ref:
description: URI reference of the region owner resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0b4568a4fe7458c434ee77d1fbt156b'
location:
description: The location this User is assigned to.
type: string
example: Singapore
locationOwner:
description: The User who owns the location that this resource (User) belongs to.
type: object
properties:
displayName:
description: Display name of the location owner.
type: string
example: Bob Smith
value:
description: The id of the location owner.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
$ref:
description: URI reference to the location owner resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444'
Department:
description: Department this User is assigned to.
type: string
example: Regional Operations
costcenter:
description: Cost centers this User is associated with.
type: array
items:
type: string
example:
- CC01
- DD02
jobtitle:
description: Job title given to this User.
type: string
example: Internal Audit Manager
'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User':
description: Enterprise User Schema. Contains the manager of the User.
properties:
manager:
description: Manager of the user.
properties:
displayName:
description: Display name of the manager.
type: string
example: Bob Smith
value:
description: The id of the manager.
type: string
example: c7a7347a7fe71e69077ee75f5d1f1237
$ref:
description: Reference to the manager resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c7a7347a7fe71e69077ee75f5d1f1237'
required:
- userName
responses:
'201':
description: Creates a User and returns the resultant User.
content:
application/json:
schema:
properties:
id:
description: IdentityIQ id of the User.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
userName:
description: Unique identifier for the User. Typically used to directly authenticate to the service provider. Each User MUST include a non-empty userName value. This identifier MUST be unique across the entire set of Users. Cannot be changed.
type: string
example: Mock.User
name:
description: 'The components of the User’s real name. Providers may return just the full name as a single string in the formatted sub-attribute, or they MAY return just the individual component attributes using the other sub-attributes, or they MAY return both. If both variants are returned, they SHOULD be describing the same name, with the formatted name indicating how the component attributes should be combined.'
properties:
formatted:
description: 'The full name, including all middle names, titles, and suffixes as appropriate, formatted for display.'
type: string
example: 'Ms. Barbara J Jensen, III'
familyName:
description: 'The family name of the User, or Last Name in most Western languages'
type: string
example: Jensen
givenName:
description: 'The given name of the User, or First Name in most Western languages'
type: string
example: Barbara
displayName:
description: 'The name of the User, suitable for display to end-users. The name should be the full name of the User being described.'
type: string
example: Barbara Jensen
userType:
description: 'The type of the User, identifying the relationship between the organization and the User.'
type: string
example: employee
active:
description: A Boolean value indicating the User’s administrative status.
type: boolean
example: true
emails:
description: 'Email addresses for the user. The value SHOULD be canonicalized by the Service Provider, e.g., bjensen@example.com instead of bjensen@EXAMPLE.COM. Canonical Type values of work, home, and other.'
type: array
items:
properties:
type:
description: 'Type of email address (work, home, other).'
type: string
example: work
value:
description: Canonicalized email address.
type: string
format: email
example: Barbara.Jensen@example.com
primary:
description: A Boolean value indicating the primary e-mail address. The primary attribute value 'true' MUST appear no more than once.
type: boolean
example: 'true'
'urn:ietf:params:scim:schemas:sailpoint:1.0:User':
description: Additional attributes of the User.
type: object
properties:
accounts:
description: Simple representation of the Account (or Link) ResourceType.
type: array
items:
properties:
displayName:
description: The display name of the Account.
type: string
example: Bob.Smith
value:
description: The id of the SCIM resource representing the Account.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
$ref:
description: The URI of the SCIM resource representing the Account.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Accounts/c0a7778b7ef71e79817ee74e6a1f0444'
entitlements:
description: Entitlements of the User. Returned in response only if requested using the 'attributes' query parameter.
type: array
items:
properties:
value:
description: The value of the Entitlement.
type: string
example: groupmbr
display:
description: The display name of the Entitlement.
type: string
example: HelpDesk
type:
description: 'The type of Entitlement (Entitlement, Permission, etc.).'
type: string
example: Permission
application:
description: The name of the Application this Entitlement applies to.
type: string
example: ADMockApp
accountName:
description: The account this Entitlement was sourced from.
type: string
example: 'CN=Barbara Jensen,OU=Taipei,OU=Asia-Pacific,DC=example,DC=com'
$ref:
description: The URI of the SCIM resource representing the Entitlement.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Entitlements/c0a7777a7f74744d817e74fc12362c67'
roles:
description: Roles of the User. Returned only if requested. Returned in response only if requested using the 'attributes' query parameter.
type: array
items:
properties:
value:
description: The value of the Role.
type: string
example: detectedRoles
display:
description: The display name of the Role.
type: string
example: User - IT
type:
description: 'The type of Role (IT, Business, etc.).'
type: string
example: it
acquired:
description: Indicates how this Role was acquired. Assigned or Detected.
type: string
example: Assigned
application:
description: The name of the Application where this Role came from.
type: string
example: Active_Directory
accountName:
description: The name of the Account this Role was sourced from.
type: string
example: 'CN=Barbara Jensen,OU=Taipei,OU=Asia-Pacific,DC=example,DC=com'
$ref:
description: The URI of the SCIM resource representing the Role.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Roles/c0a7777a7f74744d817e74fc12362c67'
capabilities:
description: Capabilities assigned to this User.
type: array
items:
type: string
example: '["SystemAdministrator"]'
riskScore:
description: Composite Risk Score of this User.
type: integer
example: 125
isManager:
description: A Boolean value that determines if this User is a manager.
type: boolean
example: false
administrator:
description: The Administrator of the RPA or Service Account. This attribute is only applicable if the User type is RPA/Bots or Service.
properties:
displayName:
description: The display name of the Administrator of RPA user or Service account.
type: string
example: Bob Smith
value:
description: The id of the SCIM resource representing the Administrator of RPA user or Service account.
type: string
example: c0a7777a7f74744d817e74fc12362c67O
$ref:
description: The URI of the SCIM resource representing the Administrator of RPA user or Service Account.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7777a7f74744d817e74fc12362c67'
softwareVersion:
description: The software version of the RPA/Bots.
type: string
example: '7.3'
empId:
description: Employee id associated with this User.
type: string
example: 1b2a3c
dn:
description: Distinguished name for this User.
type: string
example: 'cn=Bob Smith,ou=services'
region:
description: The region this User is assigned to.
type: string
example: Americas
regionOwner:
description: The User who owns the region that this resource (User) belongs to.
properties:
displayName:
description: Display name of the region owner.
type: string
example: Joe Smith
value:
description: The id of the region owner.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
$ref:
description: URI reference of the region owner resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0b4568a4fe7458c434ee77d1fbt156b'
location:
description: The location this User is assigned to.
type: string
example: Singapore
locationOwner:
description: The User who owns the location that this resource (User) belongs to.
type: object
properties:
displayName:
description: Display name of the location owner.
type: string
example: Bob Smith
value:
description: The id of the location owner.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
$ref:
description: URI reference to the location owner resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444'
Department:
description: Department this User is assigned to.
type: string
example: Regional Operations
costcenter:
description: Cost centers this User is associated with.
type: array
items:
type: string
example:
- CC01
- DD02
jobtitle:
description: Job title given to this User.
type: string
example: Internal Audit Manager
lastRefresh:
description: Datetime representation of the last refresh for this User.
type: string
format: date-time
'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User':
description: Enterprise User Schema. Contains the manager of the User.
properties:
manager:
description: Manager of the User.
properties:
displayName:
description: Display name of the User's manager.
type: string
example: Bob Smith
value:
description: The id of the SCIM resource representing the User’s manager.
type: string
example: c7a7347a7fe71e69077ee75f5d1f1237
$ref:
description: The URI of the SCIM resource representing the User’s manager.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c7a7347a7fe71e69077ee75f5d1f1237'
meta:
description: Metadata of the resource.
properties:
created:
description: Datetime this resource was created.
type: string
format: date-time
example: '2022-02-11T01:34:04.074-05:00'
location:
description: The location of the resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0b4568a4fe7458c434ee77d1fbt156b'
lastModified:
description: Datetime the resource was last modified.
type: string
format: date-time
example: '2022-02-11T01:08:45.866-05:00'
version:
description: The version of the resource.
type: string
example: W"1644561244074"
resourceType:
description: The SCIM resource type.
type: string
example: User
schemas:
description: The schemas involved in the SCIM resource.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:User'
- 'urn:ietf:params:scim:schemas:core:2.0:User'
- 'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User'
'409':
description: Returned if userName is not unique.
content:
application/json:
schema:
properties:
schemas:
description: SCIM Schemas used in response.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:api:messages:2.0:Error'
scimType:
description: Type of problem that exists for request.
type: string
example: uniqueness
detail:
description: Explanation for the the problem with the request.
type: string
example: 'Resource already exists:Mock.User'
status:
description: HTTP status code of the response.
type: string
example: '409'
'/Users/{userId}':
get:
operationId: getUserById
tags:
- Users
summary: Returns a User resource based on id.
description: 'The User resource with matching id is returned. There are attributes marked as ''returned only by request'', such as **roles**, which must be provided as part of the **attributes** query parameter in order to be included in the response.'
parameters:
- name: userId
in: path
schema:
type: string
example: c7c7777c7ef77e77777ee77e7a1f0444
description: 'The id of User resource. If **lookupByName** is set to **true**, this path parameter should be set to the **userName** of the User.'
required: true
- in: query
name: attributes
schema:
type: string
example: 'userName,nativeIdentity'
description: 'A comma-separated list of attributes to return in the response. This query parameter supersedes excludedAttributes, so providing the same attribute(s) to both will result in the attribute(s) being returned.'
- in: query
name: excludedAttributes
schema:
type: string
example: 'userName,manuallyCorrelated'
description: A comma-separated list of attributes to exclude from the response. *Some attributes cannot be excluded.*
- in: query
name: lookupByName
schema:
type: boolean
example: false
default: false
description: 'A boolean value that determines if the User resource will be looked up by userName instead of userId (value in path parameter ''userId''). Setting this query parameter to true will cause the value pulled from the ''userId'' path parameter to be treated as a userName when searching for the resource.
**Example**: scim/v2/Users/**Mock.User**?**lookupByName=true**'
responses:
'200':
description: Returns a single User resource based on the id.
content:
application/json:
schema:
properties:
id:
description: IdentityIQ id of the User.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
userName:
description: Unique identifier for the User. Typically used to directly authenticate to the service provider. Each User MUST include a non-empty userName value. This identifier MUST be unique across the entire set of Users. Cannot be changed.
type: string
example: Mock.User
name:
description: 'The components of the User’s real name. Providers may return just the full name as a single string in the formatted sub-attribute, or they MAY return just the individual component attributes using the other sub-attributes, or they MAY return both. If both variants are returned, they SHOULD be describing the same name, with the formatted name indicating how the component attributes should be combined.'
properties:
formatted:
description: 'The full name, including all middle names, titles, and suffixes as appropriate, formatted for display.'
type: string
example: 'Ms. Barbara J Jensen, III'
familyName:
description: 'The family name of the User, or Last Name in most Western languages'
type: string
example: Jensen
givenName:
description: 'The given name of the User, or First Name in most Western languages'
type: string
example: Barbara
displayName:
description: 'The name of the User, suitable for display to end-users. The name should be the full name of the User being described.'
type: string
example: Barbara Jensen
userType:
description: 'The type of the User, identifying the relationship between the organization and the User.'
type: string
example: employee
active:
description: A Boolean value indicating the User’s administrative status.
type: boolean
example: true
emails:
description: 'Email addresses for the user. The value SHOULD be canonicalized by the Service Provider, e.g., bjensen@example.com instead of bjensen@EXAMPLE.COM. Canonical Type values of work, home, and other.'
type: array
items:
properties:
type:
description: 'Type of email address (work, home, other).'
type: string
example: work
value:
description: Canonicalized email address.
type: string
format: email
example: Barbara.Jensen@example.com
primary:
description: A Boolean value indicating the primary e-mail address. The primary attribute value 'true' MUST appear no more than once.
type: boolean
example: 'true'
'urn:ietf:params:scim:schemas:sailpoint:1.0:User':
description: Additional attributes of the User.
type: object
properties:
accounts:
description: Simple representation of the Account (or Link) ResourceType.
type: array
items:
properties:
displayName:
description: The display name of the Account.
type: string
example: Bob.Smith
value:
description: The id of the SCIM resource representing the Account.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
$ref:
description: The URI of the SCIM resource representing the Account.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Accounts/c0a7778b7ef71e79817ee74e6a1f0444'
capabilities:
description: Capabilities assigned to this User.
type: array
items:
type: string
example: '["SystemAdministrator"]'
riskScore:
description: Composite Risk Score of this User.
type: integer
example: 125
isManager:
description: A Boolean value that determines if this User is a manager.
type: boolean
example: false
administrator:
description: The Administrator of the RPA or Service Account. This attribute is only applicable if the User type is RPA/Bots or Service.
properties:
displayName:
description: The display name of the Administrator of RPA user or Service account.
type: string
example: Bob Smith
value:
description: The id of the SCIM resource representing the Administrator of RPA user or Service account.
type: string
example: c0a7777a7f74744d817e74fc12362c67O
$ref:
description: The URI of the SCIM resource representing the Administrator of RPA user or Service Account.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7777a7f74744d817e74fc12362c67'
softwareVersion:
description: The software version of the RPA/Bots.
type: string
example: '7.3'
empId:
description: Employee id associated with this User.
type: string
example: 1b2a3c
dn:
description: Distinguished name for this User.
type: string
example: 'cn=Bob Smith,ou=services'
region:
description: The region this User is assigned to.
type: string
example: Americas
regionOwner:
description: The User who owns the region that this resource (User) belongs to.
properties:
displayName:
description: Display name of the region owner.
type: string
example: Joe Smith
value:
description: The id of the region owner.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
$ref:
description: URI reference of the region owner resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0b4568a4fe7458c434ee77d1fbt156b'
location:
description: The location this User is assigned to.
type: string
example: Singapore
locationOwner:
description: The User who owns the location that this resource (User) belongs to.
type: object
properties:
displayName:
description: Display name of the location owner.
type: string
example: Bob Smith
value:
description: The id of the location owner.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
$ref:
description: URI reference to the location owner resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444'
Department:
description: Department this User is assigned to.
type: string
example: Regional Operations
costcenter:
description: Cost centers this User is associated with.
type: array
items:
type: string
example:
- CC01
- DD02
jobtitle:
description: Job title given to this User.
type: string
example: Internal Audit Manager
lastRefresh:
description: Datetime representation of the last refresh for this User.
type: string
format: date-time
'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User':
description: Enterprise User Schema. Contains the manager of the User.
properties:
manager:
description: Manager of the User.
properties:
displayName:
description: Display name of the User's manager.
type: string
example: Bob Smith
value:
description: The id of the SCIM resource representing the User’s manager.
type: string
example: c7a7347a7fe71e69077ee75f5d1f1237
$ref:
description: The URI of the SCIM resource representing the User’s manager.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c7a7347a7fe71e69077ee75f5d1f1237'
meta:
description: Metadata of the resource.
properties:
created:
description: Datetime this resource was created.
type: string
format: date-time
example: '2022-02-11T01:34:04.074-05:00'
location:
description: The location of the resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0b4568a4fe7458c434ee77d1fbt156b'
lastModified:
description: Datetime the resource was last modified.
type: string
format: date-time
example: '2022-02-11T01:08:45.866-05:00'
version:
description: The version of the resource.
type: string
example: W"1644561244074"
resourceType:
description: The SCIM resource type.
type: string
example: User
schemas:
description: The schemas involved in the SCIM resource.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:User'
- 'urn:ietf:params:scim:schemas:core:2.0:User'
- 'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User'
application/scim+json:
schema:
properties:
id:
description: IdentityIQ id of the User.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
userName:
description: Unique identifier for the User. Typically used to directly authenticate to the service provider. Each User MUST include a non-empty userName value. This identifier MUST be unique across the entire set of Users. Cannot be changed.
type: string
example: Mock.User
name:
description: 'The components of the User’s real name. Providers may return just the full name as a single string in the formatted sub-attribute, or they MAY return just the individual component attributes using the other sub-attributes, or they MAY return both. If both variants are returned, they SHOULD be describing the same name, with the formatted name indicating how the component attributes should be combined.'
properties:
formatted:
description: 'The full name, including all middle names, titles, and suffixes as appropriate, formatted for display.'
type: string
example: 'Ms. Barbara J Jensen, III'
familyName:
description: 'The family name of the User, or Last Name in most Western languages'
type: string
example: Jensen
givenName:
description: 'The given name of the User, or First Name in most Western languages'
type: string
example: Barbara
displayName:
description: 'The name of the User, suitable for display to end-users. The name should be the full name of the User being described.'
type: string
example: Barbara Jensen
userType:
description: 'The type of the User, identifying the relationship between the organization and the User.'
type: string
example: employee
active:
description: A Boolean value indicating the User’s administrative status.
type: boolean
example: true
emails:
description: 'Email addresses for the user. The value SHOULD be canonicalized by the Service Provider, e.g., bjensen@example.com instead of bjensen@EXAMPLE.COM. Canonical Type values of work, home, and other.'
type: array
items:
properties:
type:
description: 'Type of email address (work, home, other).'
type: string
example: work
value:
description: Canonicalized email address.
type: string
format: email
example: Barbara.Jensen@example.com
primary:
description: A Boolean value indicating the primary e-mail address. The primary attribute value 'true' MUST appear no more than once.
type: boolean
example: 'true'
'urn:ietf:params:scim:schemas:sailpoint:1.0:User':
description: Additional attributes of the User.
type: object
properties:
accounts:
description: Simple representation of the Account (or Link) ResourceType.
type: array
items:
properties:
displayName:
description: The display name of the Account.
type: string
example: Bob.Smith
value:
description: The id of the SCIM resource representing the Account.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
$ref:
description: The URI of the SCIM resource representing the Account.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Accounts/c0a7778b7ef71e79817ee74e6a1f0444'
entitlements:
description: Entitlements of the User. Returned in response only if requested using the 'attributes' query parameter.
type: array
items:
properties:
value:
description: The value of the Entitlement.
type: string
example: groupmbr
display:
description: The display name of the Entitlement.
type: string
example: HelpDesk
type:
description: 'The type of Entitlement (Entitlement, Permission, etc.).'
type: string
example: Permission
application:
description: The name of the Application this Entitlement applies to.
type: string
example: ADMockApp
accountName:
description: The account this Entitlement was sourced from.
type: string
example: 'CN=Barbara Jensen,OU=Taipei,OU=Asia-Pacific,DC=example,DC=com'
$ref:
description: The URI of the SCIM resource representing the Entitlement.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Entitlements/c0a7777a7f74744d817e74fc12362c67'
roles:
description: Roles of the User. Returned only if requested. Returned in response only if requested using the 'attributes' query parameter.
type: array
items:
properties:
value:
description: The value of the Role.
type: string
example: detectedRoles
display:
description: The display name of the Role.
type: string
example: User - IT
type:
description: 'The type of Role (IT, Business, etc.).'
type: string
example: it
acquired:
description: Indicates how this Role was acquired. Assigned or Detected.
type: string
example: Assigned
application:
description: The name of the Application where this Role came from.
type: string
example: Active_Directory
accountName:
description: The name of the Account this Role was sourced from.
type: string
example: 'CN=Barbara Jensen,OU=Taipei,OU=Asia-Pacific,DC=example,DC=com'
$ref:
description: The URI of the SCIM resource representing the Role.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Roles/c0a7777a7f74744d817e74fc12362c67'
capabilities:
description: Capabilities assigned to this User.
type: array
items:
type: string
example: '["SystemAdministrator"]'
riskScore:
description: Composite Risk Score of this User.
type: integer
example: 125
isManager:
description: A Boolean value that determines if this User is a manager.
type: boolean
example: false
administrator:
description: The Administrator of the RPA or Service Account. This attribute is only applicable if the User type is RPA/Bots or Service.
properties:
displayName:
description: The display name of the Administrator of RPA user or Service account.
type: string
example: Bob Smith
value:
description: The id of the SCIM resource representing the Administrator of RPA user or Service account.
type: string
example: c0a7777a7f74744d817e74fc12362c67O
$ref:
description: The URI of the SCIM resource representing the Administrator of RPA user or Service Account.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7777a7f74744d817e74fc12362c67'
softwareVersion:
description: The software version of the RPA/Bots.
type: string
example: '7.3'
empId:
description: Employee id associated with this User.
type: string
example: 1b2a3c
dn:
description: Distinguished name for this User.
type: string
example: 'cn=Bob Smith,ou=services'
region:
description: The region this User is assigned to.
type: string
example: Americas
regionOwner:
description: The User who owns the region that this resource (User) belongs to.
properties:
displayName:
description: Display name of the region owner.
type: string
example: Joe Smith
value:
description: The id of the region owner.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
$ref:
description: URI reference of the region owner resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0b4568a4fe7458c434ee77d1fbt156b'
location:
description: The location this User is assigned to.
type: string
example: Singapore
locationOwner:
description: The User who owns the location that this resource (User) belongs to.
type: object
properties:
displayName:
description: Display name of the location owner.
type: string
example: Bob Smith
value:
description: The id of the location owner.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
$ref:
description: URI reference to the location owner resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444'
Department:
description: Department this User is assigned to.
type: string
example: Regional Operations
costcenter:
description: Cost centers this User is associated with.
type: array
items:
type: string
example:
- CC01
- DD02
jobtitle:
description: Job title given to this User.
type: string
example: Internal Audit Manager
lastRefresh:
description: Datetime representation of the last refresh for this User.
type: string
format: date-time
'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User':
description: Enterprise User Schema. Contains the manager of the User.
properties:
manager:
description: Manager of the User.
properties:
displayName:
description: Display name of the User's manager.
type: string
example: Bob Smith
value:
description: The id of the SCIM resource representing the User’s manager.
type: string
example: c7a7347a7fe71e69077ee75f5d1f1237
$ref:
description: The URI of the SCIM resource representing the User’s manager.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c7a7347a7fe71e69077ee75f5d1f1237'
meta:
description: Metadata of the resource.
properties:
created:
description: Datetime this resource was created.
type: string
format: date-time
example: '2022-02-11T01:34:04.074-05:00'
location:
description: The location of the resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0b4568a4fe7458c434ee77d1fbt156b'
lastModified:
description: Datetime the resource was last modified.
type: string
format: date-time
example: '2022-02-11T01:08:45.866-05:00'
version:
description: The version of the resource.
type: string
example: W"1644561244074"
resourceType:
description: The SCIM resource type.
type: string
example: User
schemas:
description: The schemas involved in the SCIM resource.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:User'
- 'urn:ietf:params:scim:schemas:core:2.0:User'
- 'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User'
put:
operationId: updateUser
tags:
- Users
summary: Updates an existing User.
description: 'The endpoint used to update a User resource. There are attributes marked as ''returned only by request'', such as **roles**, which must be provided as part of the **attributes** query parameter in order to be included in the response.
In order for Lifecycle Events to have access to previous Identity values, a new IdentityArchive object is created and saved to the database. This feature is turned on by default and *could* have an impact on the overall performance of the SCIM update. It is not expected for the impact of this change to be noticeable, but in cases where it is, and when configured Lifecycle Events are not dependent on the previous Identity attributes, the creation of the IdentityArchive object during a SCIM update is configurable. By default, the IdentityArchive creation during a SCIM update is enabled. To disable the creation of the IdentityArchive object during SCIM updates, the following attribute can be set on the SystemConfiguration object:
**<entry key="scimTriggerSnapshots" value="false">**'
parameters:
- name: userId
in: path
schema:
type: string
example: c7c7777c7ef77e77777ee77e7a1f0444
description: 'The id of User resource. If **lookupByName** is set to **true**, this path parameter should be set to the **userName** of the User.'
required: true
- in: query
name: attributes
schema:
type: string
description: 'A comma-separated list of attributes to return in the response. This query parameter supersedes excludedAttributes, so providing the same attribute(s) to both will result in the attribute(s) being returned.'
- in: query
name: excludedAttributes
schema:
type: string
description: A comma-separated list of attributes to exclude from the response. *Some attributes cannot be excluded.*
- in: query
name: lookupByName
schema:
type: boolean
example: false
default: false
description: 'A boolean value that determines if the User resource will be looked up by userName instead of userId (value in path parameter ''userId''). Setting this query parameter to true will cause the value pulled from the ''userId'' path parameter to be treated as a userName when searching for the resource.
**Example**: scim/v2/Users/**Mock.User**?**lookupByName=true**'
requestBody:
required: true
content:
application/scim+json:
schema:
properties:
userName:
description: Unique identifier for the User. Typically used to directly authenticate to the service provider. Each User MUST include a non-empty userName value. This identifier MUST be unique across the entire set of Users. This attribute cannot be changed.
type: string
example: Mock.User
name:
description: 'The components of the User’s real name. Providers may return just the full name as a single string in the formatted sub-attribute, or they MAY return just the individual component attributes using the other sub-attributes, or they MAY return both. If both variants are returned, they SHOULD be describing the same name, with the formatted name indicating how the component attributes should be combined.'
properties:
formatted:
description: 'The full name, including all middle names, titles, and suffixes as appropriate, formatted for display.'
type: string
example: 'Ms. Barbara J Jensen, III'
familyName:
description: 'The family name of the User, or Last Name in most Western languages'
type: string
example: Jensen
givenName:
description: 'The given name of the User, or First Name in most Western languages'
type: string
example: Barbara
displayName:
description: 'The name of the User, suitable for display to end-users. The name should be the full name of the User being described.'
type: string
example: Barbara Jensen
userType:
description: 'The type of the User, identifying the relationship between the organization and the User.'
type: string
example: employee
active:
description: A Boolean value indicating the User’s administrative status.
type: boolean
example: true
password:
description: The User's case-sensitive cleartext password. This attribute is intended to be used as a means to specify an initial password when creating a new User or to reset an existing User's password. This attribute will never be returned in a response.
type: string
emails:
description: 'Email addresses for the user. The value SHOULD be canonicalized by the Service Provider, e.g., bjensen@example.com instead of bjensen@EXAMPLE.COM. Canonical Type values of work, home, and other.'
type: array
items:
properties:
type:
description: 'Type of email address (work, home, other).'
type: string
example: work
value:
description: Canonicalized email address.
type: string
format: email
example: Barbara.Jensen@example.com
primary:
description: A Boolean value indicating the primary e-mail address. The primary attribute value 'true' MUST appear no more than once.
type: boolean
example: 'true'
'urn:ietf:params:scim:schemas:sailpoint:1.0:User':
properties:
capabilities:
description: Capabilities assigned to this User.
type: array
items:
type: string
example: '["SystemAdministrator"]'
administrator:
description: The Administrator of the RPA or Service Account. This attribute is only applicable if the User type is RPA/Bots or Service.
properties:
displayName:
description: The display name of the Administrator of RPA user or Service account.
type: string
example: Bob Smith
value:
description: The id of the SCIM resource representing the Administrator of RPA user or Service account.
type: string
example: c0a7777a7f74744d817e74fc12362c67O
$ref:
description: The URI of the SCIM resource representing the Administrator of RPA user or Service Account.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7777a7f74744d817e74fc12362c67'
softwareVersion:
description: The software version of the RPA/Bots.
type: string
example: '7.3'
empId:
description: Employee id associated with this User.
type: string
example: 1b2a3c
dn:
description: Distinguished name for this User.
type: string
example: 'cn=Bob Smith,ou=services'
region:
description: The region this User is assigned to.
type: string
example: Americas
regionOwner:
description: The User who owns the region that this resource (User) belongs to.
properties:
displayName:
description: Display name of the region owner.
type: string
example: Joe Smith
value:
description: The id of the region owner.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
$ref:
description: URI reference of the region owner resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0b4568a4fe7458c434ee77d1fbt156b'
location:
description: The location this User is assigned to.
type: string
example: Singapore
locationOwner:
description: The User who owns the location that this resource (User) belongs to.
type: object
properties:
displayName:
description: Display name of the location owner.
type: string
example: Bob Smith
value:
description: The id of the location owner.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
$ref:
description: URI reference to the location owner resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444'
Department:
description: Department this User is assigned to.
type: string
example: Regional Operations
costcenter:
description: Cost centers this User is associated with.
type: array
items:
type: string
example:
- CC01
- DD02
jobtitle:
description: Job title given to this User.
type: string
example: Internal Audit Manager
'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User':
description: Enterprise User Schema. Contains the manager of the User.
properties:
manager:
description: Manager of the user.
properties:
displayName:
description: Display name of the manager.
type: string
example: Bob Smith
value:
description: The id of the manager.
type: string
example: c7a7347a7fe71e69077ee75f5d1f1237
$ref:
description: Reference to the manager resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c7a7347a7fe71e69077ee75f5d1f1237'
required:
- userName
'*/*':
schema:
properties:
userName:
description: Unique identifier for the User. Typically used to directly authenticate to the service provider. Each User MUST include a non-empty userName value. This identifier MUST be unique across the entire set of Users. This attribute cannot be changed.
type: string
example: Mock.User
name:
description: 'The components of the User’s real name. Providers may return just the full name as a single string in the formatted sub-attribute, or they MAY return just the individual component attributes using the other sub-attributes, or they MAY return both. If both variants are returned, they SHOULD be describing the same name, with the formatted name indicating how the component attributes should be combined.'
properties:
formatted:
description: 'The full name, including all middle names, titles, and suffixes as appropriate, formatted for display.'
type: string
example: 'Ms. Barbara J Jensen, III'
familyName:
description: 'The family name of the User, or Last Name in most Western languages'
type: string
example: Jensen
givenName:
description: 'The given name of the User, or First Name in most Western languages'
type: string
example: Barbara
displayName:
description: 'The name of the User, suitable for display to end-users. The name should be the full name of the User being described.'
type: string
example: Barbara Jensen
userType:
description: 'The type of the User, identifying the relationship between the organization and the User.'
type: string
example: employee
active:
description: A Boolean value indicating the User’s administrative status.
type: boolean
example: true
password:
description: The User's case-sensitive cleartext password. This attribute is intended to be used as a means to specify an initial password when creating a new User or to reset an existing User's password. This attribute will never be returned in a response.
type: string
emails:
description: 'Email addresses for the user. The value SHOULD be canonicalized by the Service Provider, e.g., bjensen@example.com instead of bjensen@EXAMPLE.COM. Canonical Type values of work, home, and other.'
type: array
items:
properties:
type:
description: 'Type of email address (work, home, other).'
type: string
example: work
value:
description: Canonicalized email address.
type: string
format: email
example: Barbara.Jensen@example.com
primary:
description: A Boolean value indicating the primary e-mail address. The primary attribute value 'true' MUST appear no more than once.
type: boolean
example: 'true'
'urn:ietf:params:scim:schemas:sailpoint:1.0:User':
properties:
capabilities:
description: Capabilities assigned to this User.
type: array
items:
type: string
example: '["SystemAdministrator"]'
administrator:
description: The Administrator of the RPA or Service Account. This attribute is only applicable if the User type is RPA/Bots or Service.
properties:
displayName:
description: The display name of the Administrator of RPA user or Service account.
type: string
example: Bob Smith
value:
description: The id of the SCIM resource representing the Administrator of RPA user or Service account.
type: string
example: c0a7777a7f74744d817e74fc12362c67O
$ref:
description: The URI of the SCIM resource representing the Administrator of RPA user or Service Account.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7777a7f74744d817e74fc12362c67'
softwareVersion:
description: The software version of the RPA/Bots.
type: string
example: '7.3'
empId:
description: Employee id associated with this User.
type: string
example: 1b2a3c
dn:
description: Distinguished name for this User.
type: string
example: 'cn=Bob Smith,ou=services'
region:
description: The region this User is assigned to.
type: string
example: Americas
regionOwner:
description: The User who owns the region that this resource (User) belongs to.
properties:
displayName:
description: Display name of the region owner.
type: string
example: Joe Smith
value:
description: The id of the region owner.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
$ref:
description: URI reference of the region owner resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0b4568a4fe7458c434ee77d1fbt156b'
location:
description: The location this User is assigned to.
type: string
example: Singapore
locationOwner:
description: The User who owns the location that this resource (User) belongs to.
type: object
properties:
displayName:
description: Display name of the location owner.
type: string
example: Bob Smith
value:
description: The id of the location owner.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
$ref:
description: URI reference to the location owner resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444'
Department:
description: Department this User is assigned to.
type: string
example: Regional Operations
costcenter:
description: Cost centers this User is associated with.
type: array
items:
type: string
example:
- CC01
- DD02
jobtitle:
description: Job title given to this User.
type: string
example: Internal Audit Manager
'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User':
description: Enterprise User Schema. Contains the manager of the User.
properties:
manager:
description: Manager of the user.
properties:
displayName:
description: Display name of the manager.
type: string
example: Bob Smith
value:
description: The id of the manager.
type: string
example: c7a7347a7fe71e69077ee75f5d1f1237
$ref:
description: Reference to the manager resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c7a7347a7fe71e69077ee75f5d1f1237'
required:
- userName
responses:
'200':
description: Updates an existing User and returns that User.
content:
application/json:
schema:
properties:
id:
description: IdentityIQ id of the User.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
userName:
description: Unique identifier for the User. Typically used to directly authenticate to the service provider. Each User MUST include a non-empty userName value. This identifier MUST be unique across the entire set of Users. Cannot be changed.
type: string
example: Mock.User
name:
description: 'The components of the User’s real name. Providers may return just the full name as a single string in the formatted sub-attribute, or they MAY return just the individual component attributes using the other sub-attributes, or they MAY return both. If both variants are returned, they SHOULD be describing the same name, with the formatted name indicating how the component attributes should be combined.'
properties:
formatted:
description: 'The full name, including all middle names, titles, and suffixes as appropriate, formatted for display.'
type: string
example: 'Ms. Barbara J Jensen, III'
familyName:
description: 'The family name of the User, or Last Name in most Western languages'
type: string
example: Jensen
givenName:
description: 'The given name of the User, or First Name in most Western languages'
type: string
example: Barbara
displayName:
description: 'The name of the User, suitable for display to end-users. The name should be the full name of the User being described.'
type: string
example: Barbara Jensen
userType:
description: 'The type of the User, identifying the relationship between the organization and the User.'
type: string
example: employee
active:
description: A Boolean value indicating the User’s administrative status.
type: boolean
example: true
emails:
description: 'Email addresses for the user. The value SHOULD be canonicalized by the Service Provider, e.g., bjensen@example.com instead of bjensen@EXAMPLE.COM. Canonical Type values of work, home, and other.'
type: array
items:
properties:
type:
description: 'Type of email address (work, home, other).'
type: string
example: work
value:
description: Canonicalized email address.
type: string
format: email
example: Barbara.Jensen@example.com
primary:
description: A Boolean value indicating the primary e-mail address. The primary attribute value 'true' MUST appear no more than once.
type: boolean
example: 'true'
'urn:ietf:params:scim:schemas:sailpoint:1.0:User':
description: Additional attributes of the User.
type: object
properties:
accounts:
description: Simple representation of the Account (or Link) ResourceType.
type: array
items:
properties:
displayName:
description: The display name of the Account.
type: string
example: Bob.Smith
value:
description: The id of the SCIM resource representing the Account.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
$ref:
description: The URI of the SCIM resource representing the Account.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Accounts/c0a7778b7ef71e79817ee74e6a1f0444'
entitlements:
description: Entitlements of the User. Returned in response only if requested using the 'attributes' query parameter.
type: array
items:
properties:
value:
description: The value of the Entitlement.
type: string
example: groupmbr
display:
description: The display name of the Entitlement.
type: string
example: HelpDesk
type:
description: 'The type of Entitlement (Entitlement, Permission, etc.).'
type: string
example: Permission
application:
description: The name of the Application this Entitlement applies to.
type: string
example: ADMockApp
accountName:
description: The account this Entitlement was sourced from.
type: string
example: 'CN=Barbara Jensen,OU=Taipei,OU=Asia-Pacific,DC=example,DC=com'
$ref:
description: The URI of the SCIM resource representing the Entitlement.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Entitlements/c0a7777a7f74744d817e74fc12362c67'
roles:
description: Roles of the User. Returned only if requested. Returned in response only if requested using the 'attributes' query parameter.
type: array
items:
properties:
value:
description: The value of the Role.
type: string
example: detectedRoles
display:
description: The display name of the Role.
type: string
example: User - IT
type:
description: 'The type of Role (IT, Business, etc.).'
type: string
example: it
acquired:
description: Indicates how this Role was acquired. Assigned or Detected.
type: string
example: Assigned
application:
description: The name of the Application where this Role came from.
type: string
example: Active_Directory
accountName:
description: The name of the Account this Role was sourced from.
type: string
example: 'CN=Barbara Jensen,OU=Taipei,OU=Asia-Pacific,DC=example,DC=com'
$ref:
description: The URI of the SCIM resource representing the Role.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Roles/c0a7777a7f74744d817e74fc12362c67'
capabilities:
description: Capabilities assigned to this User.
type: array
items:
type: string
example: '["SystemAdministrator"]'
riskScore:
description: Composite Risk Score of this User.
type: integer
example: 125
isManager:
description: A Boolean value that determines if this User is a manager.
type: boolean
example: false
administrator:
description: The Administrator of the RPA or Service Account. This attribute is only applicable if the User type is RPA/Bots or Service.
properties:
displayName:
description: The display name of the Administrator of RPA user or Service account.
type: string
example: Bob Smith
value:
description: The id of the SCIM resource representing the Administrator of RPA user or Service account.
type: string
example: c0a7777a7f74744d817e74fc12362c67O
$ref:
description: The URI of the SCIM resource representing the Administrator of RPA user or Service Account.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7777a7f74744d817e74fc12362c67'
softwareVersion:
description: The software version of the RPA/Bots.
type: string
example: '7.3'
empId:
description: Employee id associated with this User.
type: string
example: 1b2a3c
dn:
description: Distinguished name for this User.
type: string
example: 'cn=Bob Smith,ou=services'
region:
description: The region this User is assigned to.
type: string
example: Americas
regionOwner:
description: The User who owns the region that this resource (User) belongs to.
properties:
displayName:
description: Display name of the region owner.
type: string
example: Joe Smith
value:
description: The id of the region owner.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
$ref:
description: URI reference of the region owner resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0b4568a4fe7458c434ee77d1fbt156b'
location:
description: The location this User is assigned to.
type: string
example: Singapore
locationOwner:
description: The User who owns the location that this resource (User) belongs to.
type: object
properties:
displayName:
description: Display name of the location owner.
type: string
example: Bob Smith
value:
description: The id of the location owner.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
$ref:
description: URI reference to the location owner resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444'
Department:
description: Department this User is assigned to.
type: string
example: Regional Operations
costcenter:
description: Cost centers this User is associated with.
type: array
items:
type: string
example:
- CC01
- DD02
jobtitle:
description: Job title given to this User.
type: string
example: Internal Audit Manager
lastRefresh:
description: Datetime representation of the last refresh for this User.
type: string
format: date-time
'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User':
description: Enterprise User Schema. Contains the manager of the User.
properties:
manager:
description: Manager of the User.
properties:
displayName:
description: Display name of the User's manager.
type: string
example: Bob Smith
value:
description: The id of the SCIM resource representing the User’s manager.
type: string
example: c7a7347a7fe71e69077ee75f5d1f1237
$ref:
description: The URI of the SCIM resource representing the User’s manager.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c7a7347a7fe71e69077ee75f5d1f1237'
meta:
description: Metadata of the resource.
properties:
created:
description: Datetime this resource was created.
type: string
format: date-time
example: '2022-02-11T01:34:04.074-05:00'
location:
description: The location of the resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0b4568a4fe7458c434ee77d1fbt156b'
lastModified:
description: Datetime the resource was last modified.
type: string
format: date-time
example: '2022-02-11T01:08:45.866-05:00'
version:
description: The version of the resource.
type: string
example: W"1644561244074"
resourceType:
description: The SCIM resource type.
type: string
example: User
schemas:
description: The schemas involved in the SCIM resource.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:User'
- 'urn:ietf:params:scim:schemas:core:2.0:User'
- 'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User'
delete:
operationId: deleteUser
tags:
- Users
summary: Deletes an existing User.
description: The endpoint used to delete a User resource. **This is not reversible.**
parameters:
- name: userId
in: path
schema:
type: string
example: c7c7777c7ef77e77777ee77e7a1f0444
description: 'The id of User resource. If **lookupByName** is set to **true**, this path parameter should be set to the **userName** of the User.'
required: true
- in: query
name: lookupByName
schema:
type: boolean
example: false
default: false
description: 'A boolean value that determines if the User resource will be looked up by userName instead of userId (value in path parameter ''userId''). Setting this query parameter to true will cause the value pulled from the ''userId'' path parameter to be treated as a userName when searching for the resource.
**Example**: scim/v2/Users/**Mock.User**?**lookupByName=true**'
responses:
'204':
description: Returns a 204 with no response body if delete was successful.
/Workflows:
get:
operationId: WorkflowsGet
tags:
- Workflows
summary: Returns all Workflow resources.
description: |
This endpoint returns all Workflow resources.
Attributes to include in the response can be specified with the 'attributes' query parameter.
Attributes to exclude from the response can be specified with the 'excludedAttributes' query parameter.
The schema related to Workflow is:
- **urn:ietf:params:scim:schemas:sailpoint:1.0:Workflow**
parameters:
- in: query
name: filter
schema:
type: string
example: name eq "Do Provisioning Forms"
description: 'Allows for query filters according to RFC-7644, Section 3.4.2.2 - not all operations are supported.'
- in: query
name: lookupByName
schema:
type: boolean
default: false
example: true
description: '**(OPTIONAL)** Set to true if the Workflows name is passed instead of the Workflow id.'
- in: query
name: sortBy
schema:
type: string
example: name
description: Allows sorting the results by a resource's attributes.
- in: query
name: sortOrder
schema:
type: string
default: ascending
example: descending
description: Determines what order to sort results in.
- in: query
name: startIndex
schema:
type: integer
example: 15
default: 1
description: Determines the starting index of the result set.
- in: query
name: count
schema:
type: integer
example: 15
default: 1000
description: Specifies the number of results per page.
- in: query
name: attributes
schema:
type: string
example: name
description: 'A comma-separated list of attributes to return in the response. This query parameter supersedes excludedAttributes, so providing the same attribute(s) to both will result in the attribute(s) being returned.'
- in: query
name: excludedAttributes
schema:
type: string
example: 'name, type'
description: A comma-separated list of attributes to exclude from the response. **Some attributes cannot be excluded.**
responses:
'200':
description: Returned all SCIM resources for this endpoint.
content:
application/json:
schema:
properties:
totalResults:
description: Number of resources returned for this endpoint.
type: integer
example: '1,'
startIndex:
description: The starting index of the resource set list. Can be specified with startIndex query parameter.
type: integer
example: 1
schemas:
description: SCIM Schema used for response.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:api:messages:2.0:ListResponse'
Resources:
type: array
items:
required:
- name
properties:
id:
description: Unique identifier of the Workflow.
type: string
example: 7f00000180281df7818028bf977502f3
name:
description: Name of the Workflow.
type: string
example: Identity Request Approve Identity Changes
description:
description: Description of the Workflow.
type: string
example: |2
The subprocess that drives the Create and Update Identity workflows.
This is different then the Identity Request Approve subprocess because this
approval process produces a form with the approval so that
approvers can update values while approving.
This subprocess builds the form necessary for the editable approvals
and then assimilates that data entered back to the plan, which
can be returned from the subprocess.
type:
description: Type of the Workflow.
type: string
enum:
- Batch Provisioning
- Scheduled Assignment
- Scheduled Role Activation
- Managed Attribute
- Identity Correlation
- Identity Event
- Identity Lifecycle
- Identity Update
- Identity Refresh
- LCM Identity
- LCM Provisioning
- LCM Registration
- Policy Violation
- Role Modeler
- Subprocess
- Password Intercept
- Alert
- Attribute Sync
example: Subprocess
handler:
description: Handler of the Workflow.
type: string
example: sailpoint.api.StandardWorkflowHandler
meta:
type: object
properties:
created:
description: DateTime when the Workflow was created.
type: string
example: '2022-04-14T10:44:46.453-05:00'
location:
description: URL to the Workflow.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Workflows/7f00000180281df7818028bf977502f3'
lastModified:
description: DateTime of Workflow last modification.
type: string
example: '2022-05-05T15:52:30.119-05:00'
version:
description: Workflow version.
type: string
example: W"1649951086453"
resourceType:
description: Resource type of the metadata subject.
type: string
example: Workflow
application/scim+json:
schema:
properties:
totalResults:
description: Number of Workflow resources returned.
type: integer
example: '1500,'
startIndex:
description: The starting index of the resource set list. Can be specified with startIndex query parameter.
type: integer
example: 1
schemas:
description: SCIM Schema used for response.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:api:messages:2.0:ListResponse'
Resources:
description: The SCIM resources returned for this endpoint.
type: array
items:
required:
- name
properties:
id:
description: Unique identifier of the Workflow.
type: string
example: 7f00000180281df7818028bf977502f3
name:
description: Name of the Workflow.
type: string
example: Identity Request Approve Identity Changes
description:
description: Description of the Workflow.
type: string
example: |2
The subprocess that drives the Create and Update Identity workflows.
This is different then the Identity Request Approve subprocess because this
approval process produces a form with the approval so that
approvers can update values while approving.
This subprocess builds the form necessary for the editable approvals
and then assimilates that data entered back to the plan, which
can be returned from the subprocess.
type:
description: Type of the Workflow.
type: string
enum:
- Batch Provisioning
- Scheduled Assignment
- Scheduled Role Activation
- Managed Attribute
- Identity Correlation
- Identity Event
- Identity Lifecycle
- Identity Update
- Identity Refresh
- LCM Identity
- LCM Provisioning
- LCM Registration
- Policy Violation
- Role Modeler
- Subprocess
- Password Intercept
- Alert
- Attribute Sync
example: Subprocess
handler:
description: Handler of the Workflow.
type: string
example: sailpoint.api.StandardWorkflowHandler
meta:
type: object
properties:
created:
description: DateTime when the Workflow was created.
type: string
example: '2022-04-14T10:44:46.453-05:00'
location:
description: URL to the Workflow.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Workflows/7f00000180281df7818028bf977502f3'
lastModified:
description: DateTime of Workflow last modification.
type: string
example: '2022-05-05T15:52:30.119-05:00'
version:
description: Workflow version.
type: string
example: W"1649951086453"
resourceType:
description: Resource type of the metadata subject.
type: string
example: Workflow
'/Workflows/{workflowId}':
get:
operationId: getWorkflowById
tags:
- Workflows
summary: Returns a Workflow resource based on id.
description: |
The Workflow resource with matching id is returned.
Attributes to include in the response can be specified with the attributes query parameter.
Attributes to exclude from the response can be specified with the excludedAttributes query parameter.
The schema related to Workflow is:
- **urn:ietf:params:scim:schemas:sailpoint:1.0:Workflow**
parameters:
- name: workflowId
in: path
schema:
type: string
example: c0a8019c802d1e5a81802eb2b57e020f
description: id of Workflow resource.
required: true
- in: query
name: attributes
schema:
type: string
example: 'name, type'
description: 'A comma-separated list of attributes to return in the response. This query parameter supersedes excludedAttributes, so providing the same attribute(s) to both will result in the attribute(s) being returned.'
- in: query
name: excludedAttributes
schema:
type: string
example: 'name, handler'
description: A comma-separated list of attributes to exclude from the response. **Some attributes cannot be excluded.**
responses:
'200':
description: Returns a single Workflow resource based on the id.
content:
application/json:
schema:
required:
- name
properties:
id:
description: Unique identifier of the Workflow.
type: string
example: 7f00000180281df7818028be6a9c01a3
name:
description: Name of the Workflow.
type: string
example: Aggregate Correlated Applications
description:
description: Description of the Workflow.
type: string
example: Library for Steps.
type:
type: string
description: Type of the Workflow.
enum:
- Batch Provisioning
- Scheduled Assignment
- Scheduled Role Activation
- Managed Attribute
- Identity Correlation
- Identity Event
- Identity Lifecycle
- Identity Update
- Identity Refresh
- LCM Identity
- LCM Provisioning
- LCM Registration
- Policy Violation
- Role Modeler
- Subprocess
- Password Intercept
- Alert
- Attribute Sync
example: Step Library
handler:
description: Handler of the Workflow.
type: string
example: sailpoint.api.StandardWorkflowHandler
meta:
type: object
properties:
created:
description: DateTime when the Workflow was created.
type: string
format: date-time
example: '2022-04-14T10:43:29.436-05:00'
location:
description: URL to the Workflow.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Workflows/7f00000180281df7818028be6a9c01a3'
lastModified:
description: DateTime of Workflow last modification.
type: string
format: date-time
example: '2022-05-05T15:52:30.119-05:00'
version:
description: Workflow version.
type: string
example: '"W"1649951094834"'
resourceType:
description: Resource type of the metadata subject.
type: string
example: Workflow
components:
securitySchemes:
basicAuth:
type: http
scheme: basic
schemas:
accountPostRequest:
properties:
identity:
required:
- value
description: The corresponding User object of the Account.
properties:
userName:
description: The identity name of the Account User.
type: string
example: Barbara.Jensen
displayName:
description: The displayable name of the Account User.
type: string
example: Barbara Jensen
value:
description: IdentityIQ identifier for the Account User.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
ref:
description: The URI of the SCIM resource representing the Account User.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444'
application:
required:
- value
description: The corresponding Application object of the Account.
properties:
displayName:
description: The displayable name of the Account Application.
type: string
example: Mock Application1
value:
description: IdentityIQ identifier for the Account Application.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
ref:
description: The URI of the SCIM resource representing the Account Application.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Applications/c0a7778b7ef71e79817ee74e6a1f0444'
nativeIdentity:
description: The Account unique identifier associated with the native application. This field is immutable.
type: string
example: a1b2c3
displayName:
description: 'The name of the Account, suitable for display to end-users.'
type: string
example: Barbara Jensen
instance:
description: The instance identifier of the Account. This field is immutable.
type: string
example: mockInstance
password:
description: 'The password of the Account, used in created or changing the Account password. This attribute is write-only and will never be returned in a response.'
type: string
example: useStrongPwd123!
currentPassword:
description: 'The current password of the Account, used in created or changing the Account password. This attribute is write-only and will never be returned in a response.'
type: string
example: useStrongPwd123!
'urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:APPLICATION NAME:account':
description: 'Provide the name of Application that corresponds to this Account in APPLICATION NAME. This field contains an object structure dependent on the Application that the Account applies to.
Example: urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:**My Application1**:account: { "department": "IT"}'
type: object
additionalProperties: true
active:
description: Flag to indicate this account is enabled or disabled.
type: boolean
example: true
locked:
description: 'Flag to indicate this account is locked. An account may be unlocked by setting this attribute to false, but can not be locked by setting a false value to true.'
type: boolean
example: true
required:
- identity
- application
- nativeIdentity
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:APPLICATION NAME:account'
accountResponse:
properties:
id:
description: IdentityIQ id of the Account.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
identity:
description: The corresponding User object of the Account.
properties:
userName:
description: The identity name of the Account User.
type: string
example: Barbara.Jensen
displayName:
description: The displayable name of the Account User.
type: string
example: Barbara Jensen
value:
description: IdentityIQ identifier for the Account User.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
ref:
description: The URI of the SCIM resource representing the Account User.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444'
application:
description: The corresponding Application object of the Account.
properties:
displayName:
description: The displayable name of the Account Application.
type: string
example: Mock Application1
value:
description: IdentityIQ identifier for the Account Application.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
ref:
description: The URI of the SCIM resource representing the Account Application.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Applications/c0a7778b7ef71e79817ee74e6a1f0444'
nativeIdentity:
description: The Account unique identifier associated with the native application. This field is immutable.
type: string
example: a1b2c3
displayName:
description: 'The name of the Account, suitable for display to end-users.'
type: string
example: Barbara Jensen
instance:
description: The instance identifier of the Account. This field is immutable.
type: string
example: null
uuid:
description: The UUID of the Account.
type: string
example: '{f99999ff-f000-444b-b6ae-4443dd6cd6ed}'
'urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:APPLICATION NAME:account':
description: 'Provide the name of Application that corresponds to this Account in APPLICATION NAME. This field contains an object structure dependent on the Application that the Account applies to.
Example: urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:**My Application1**:account: { "department": "IT"}'
type: object
additionalProperties: true
active:
description: Flag to indicate this account is enabled or disabled.
type: boolean
example: true
locked:
description: 'Flag to indicate this account is locked. An account may be unlocked by setting this attribute to false, but can not be locked by setting a false value to true.'
type: boolean
example: true
manuallyCorrelated:
description: Flag to indicate this account has been manually correlated in the UI.
type: boolean
example: true
hasEntitlements:
description: Flag to indicate this account has one or more entitlement attributes.
type: boolean
example: true
lastRefresh:
description: Datetime representation of the last refresh for this Account.
type: string
format: date-time
lastTargetAggregation:
description: Datetime representation of last targeted aggregation for the Account.
type: string
format: date-time
meta:
description: Metadata of the SCIM resource.
properties:
created:
description: Datetime this resource was created.
type: string
format: date-time
example: '2022-02-11T01:34:04.074-05:00'
location:
description: The location of the resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Accounts/c0b4568a4fe7458c434ee77d1fbt156b'
lastModified:
description: Datetime the resource was last modified.
type: string
format: date-time
example: '2022-02-11T01:08:45.866-05:00'
version:
description: The version of the SCIM resource.
type: string
example: W"1644561244074"
resourceType:
description: The resource type.
type: string
example: Account
schemas:
description: The schemas involved in the SCIM resource.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Account'
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:Mock Application:account'
SailPoint-Alert-Schema:
description: 'Attributes for schema: urn:ietf:params:scim:schemas:sailpoint:1.0:Alert'
type: object
properties:
id:
description: Unique identifier of the Alert.
type: string
example: c0a8019c7fe11678817fe18984351477
name:
description: 'Name of the Alert, auto-generated by the SCIM Server.'
type: string
example: Low-Level Alert
displayName:
description: Display name of the Alert.
type: string
example: Auto-generated low level alert.
type:
description: Type of the Alert.
type: string
example: Business Process Alert.
attributes:
type: array
description: A list of attributes of the Alert.
items:
properties:
key:
description: The attribute key.
type: string
example: Active
value:
description: The attribute value.
type: string
example: 'False'
application:
description: The corresponding Application object of the Alert.
type: array
items:
properties:
value:
description: The Application associated with the Alert.
type: string
example: ADDirectDemoData
$ref:
description: The URI of the SCIM resource representating the Alert application.
type: object
example: 'http://localhost:8080/identityiq/scim/v2/Applications/7f00000180281df7818028bfed10a75a'
displayName:
description: The name of the Alert Application. OPTIONAL and READ-ONLY.
type: string
example: Active Directory Demo Data
actions:
description: Not empty if action was taken on the Alert.
type: array
items:
properties:
type:
description: The type of action performed as a result of the Alert.
type: string
enum:
- WORKFLOW
- CERTIFICATION
- NOTIFICATION
example: WORKFLOW
alertDefinitionName:
description: The name of the Alert Definition that triggered the action.
type: string
example: lowSeverityAlertDefinition
resultId:
description: 'Typically actions create other objects, a certificationId or workflowId as a result of the action taken.'
type: string
example: 7f00000180281df7818028c109ea1742
result:
description: The Task Result of the Alert.
type: array
items:
properties:
name:
description: The name of the Task Result for the Alert action.
type: string
workflowName:
description: The name of the Workflow used in the Alert action task result.
type: string
example: LCM Provisioning
notifications:
description: Notifications to send when a Alert action is generated.
type: array
items:
properties:
name:
description: The name of configured notifications for Alert action results.
type: string
example: lowLevelAlertNotification
displayName:
description: Display name for the Alert action notification.
type: string
example: lowLevelAlert result notification
emailAddresses:
description: A list of email addresses to send an Alert action notification.
type: string
example: 'amanda.ross@demoexample.com, alice.ford@demoexample.com'
alertDate:
description: 'The Alert DateTime, this could have different meanings based on the type of alert.'
type: string
format: date-time
example: '2022-03-31T14:52:40.265-05:00'
lastProcessed:
description: 'The DateTime of the last time the Alert was processed, this does not indicate the system took action on the Alert.'
type: string
format: date-time
example: '2022-03-31T14:52:40.260-05:00'
nativeId:
description: Unique Identifier of the Alert in the native system.
type: string
example: 420bebfb-c87a-406f-930c-29e06feb47bc
targetId:
description: Unique Identifier of the target object which caused the Alert.
type: string
example: c0a8019c7fe51750817fe634a6b10171
targetType:
description: The type of SailPointObject the target is.
type: string
example: Certification
targetDisplayName:
description: User friendly display name of the target object.
type: string
example: Manager Certification
meta:
type: object
properties:
created:
description: DateTime when the Alert was created.
type: string
format: date-time
example: '2022-04-15T14:28:25.471-05:00'
lastModified:
description: DateTime of Alert last modification.
type: string
example: '2022-04-05T15:52:30.119-05:00'
location:
description: URL to the Alert.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Alerts/c0a8019c802d1e5a81802eb2b57e020f'
version:
description: Alert version.
type: string
example: W"1650050905471"
resourceType:
description: Resource type of the metadata subject.
type: string
example: Alert
SailPoint-AlertInput-Schema:
description: 'Alert input object, used to pass arguments to Alert related operations. Attributes as specified in schema: urn:ietf:params:scim:schemas:sailpoint:1.0:AlertInput'
type: object
properties:
input:
description: A list of arguments to provide during real-time alert processing.
type: array
items:
properties:
key:
description: The attribute key.
type: string
example: renewThreshold
value:
description: The attribute value.
type: string
example: '100'
type:
description: The attribute type.
type: string
example: integer
aggregationTaskInput:
description: A list of arguments to provide to the alert aggregation task.
type: array
items:
properties:
key:
description: The attribute key.
type: string
example: promoteAttributes
value:
description: The attribute value.
type: string
example: 'false'
type:
description: The attribute type.
type: string
example: boolean
processorTaskInput:
description: A list of arguments to provide to the alert processor task.
type: array
items:
properties:
key:
description: The attribute key.
type: string
example: promoteAttributes
value:
description: The attribute value.
type: string
example: 'false'
type:
description: The attribute type.
type: string
example: boolean
alertGetResponse:
properties:
id:
description: Unique identifier of the Alert.
type: string
example: c0a8019c7fe11678817fe18984351477
name:
description: 'Name of the Alert, auto-generated by the SCIM Server.'
type: string
example: '0000000001'
displayName:
description: Display name of the Alert.
type: string
example: Hello World!
type:
description: Type of the Alert.
type: string
example: Permission
attributes:
description: A list of attributes of the Alert.
type: array
items:
properties:
value:
description: The attribute value.
type: string
example: Grackle5.Test.Sailpoint.com
key:
description: The attribute key.
type: string
example: bamName
application:
description: The corresponding Application object of the Alert.
type: object
properties:
value:
description: The Application associated with the Alert.
type: string
example: Active_Directory
$ref:
description: The URI of the SCIM resource representating the Alert application.
type: object
example: 'http://localhost:8080/identityiq/scim/v2/Applications/7f00000180281df7818028bfed100826'
displayName:
description: The name of the Alert Application.
type: string
example: Active_Directory
actions:
description: Not empty if action was taken on the Alert.
type: array
items:
properties:
type:
description: The type of action performed as a result of the Alert.
type: string
enum:
- WORKFLOW
- CERTIFICATION
- NOTIFICATION
example: WORKFLOW
alertDefinitionName:
description: The name of the Alert Definition that triggered the action.
type: string
example: lowSeverityAlertDefinition
resultId:
description: 'Typically actions create other objects, a certificationId or workflowId as a result of the action taken.'
type: string
example: 7f00000180281df7818028c109ea1742
result:
description: The Task Result of the Alert.
type: array
items:
properties:
name:
description: The name of the Task Result for the Alert action.
type: string
workflowName:
description: The name of the Workflow used in the Alert action task result.
type: string
example: LCM Provisioning
notifications:
description: Notifications to send when a Alert action is generated.
type: array
items:
properties:
name:
description: The name of configured notifications for Alert action results.
type: string
example: lowLevelAlertNotification
displayName:
description: Display name for the Alert action notification.
type: string
example: lowLevelAlert result notification
emailAddresses:
description: A list of email addresses to send an Alert action notification.
type: string
example: 'amanda.ross@demoexample.com, alice.ford@demoexample.com'
alertDate:
description: 'The Alert DateTime, this could have different meanings based on the type of alert.'
type: string
format: date-time
example: '2022-03-31T14:52:40.265-05:00'
lastProcessed:
description: 'The DateTime of the last time the alert was processed, this does not indicate the system took action on the Alert.'
type: string
format: date-time
example: '2022-03-31T14:52:40.260-05:00'
nativeId:
description: Unique Identifier of the Alert in the native system.
type: string
example: 420bebfb-c87a-406f-930c-29e06feb47bc
targetId:
description: Unique Identifier of the target object which caused the Alert.
type: string
example: c0a8019c7fe51750817fe634a6b10171
targetType:
description: The type of SailPointObject the target is.
type: string
example: Certification
targetDisplayName:
description: User friendly display name of the target object.
type: string
example: Manager Certification
meta:
description: Metadata for the Alert.
type: array
items:
properties:
created:
description: DateTime when the Alert was created.
type: string
format: date-time
example: '2022-03-31T14:52:40.245-05:00'
location:
description: URL to the Alert.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Alerts/c0a8019c7fe11678817fe18984351477'
lastModified:
description: DateTime of Alert last modification.
type: string
format: date-time
example: '2022-03-31T14:52:40.265-05:00'
version:
description: Alert version.
type: string
example: W"1650050901217"
resourceType:
description: Resource type of the metadata subject.
type: string
example: Alert
schemas:
description: A list of the schemas used for Alerts.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:AlertInput'
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Alert'
alertPostRequestBody:
properties:
displayName:
description: Display name of the Alert.
type: string
example: Confidential File Opened
type:
description: Type of the Alert.
type: string
example: alert
attributes:
description: A list of attributes of the Alert.
type: array
items:
properties:
key:
description: The attribute key.
type: string
example: userFullName
value:
description: The attribute value.
type: string
example: TEST/Anne.Arnold
alertDate:
description: 'The Alert DateTime, this could have different meanings based on the type of alert.'
type: string
format: date-time
example: '2022-05-04T13:24:09.661-05:00'
nativeId:
description: Unique Identifier of the Alert in the native system.
type: string
example: '2351234513245349'
targetId:
description: Unique Identifier of the target object which caused the Alert.
type: string
example: 2c9091d24f65486f014f6568be4400f7
targetType:
description: The type of SailPointObject the target is.
type: string
example: Identity
targetDisplayName:
description: User friendly display name of the target object.
type: string
example: Anne.Arnold
application:
description: The corresponding Application object of the Alert.
type: object
properties:
displayName:
description: The name of the Alert Application. OPTIONAL and READ-ONLY.
type: string
example: JDBCDirectAlerts
value:
description: The Application associated with the Alert.
type: string
example: 7f00000180281df7818028bfed100826
$ref:
description: The URI of the SCIM resource representating the Alert application.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Applications/7f00000180281df7818028bfed100826'
alertByIdGetBody:
properties:
id:
description: Unique identifier of the Alert.
type: string
example: c0a8019c7ffa186e817ffb80170a0195
name:
description: 'Name of the Alert, auto-generated by the SCIM Server.'
type: string
example: '0000000002'
displayName:
description: Display name of the Alert.
type: string
example: Workflow Alert
type:
description: Type of the Alert.
type: string
example: Business Process Alert
attributes:
description: A list of attributes of the Alert.
type: array
items:
properties:
value:
description: The attribute value.
type: string
example: Windows File Server (Agent)
key:
description: The attribute key.
type: string
example: applicationType
application:
description: The corresponding Application object of the Alert.
type: array
items:
properties:
value:
description: The Application associated with the Alert.
type: string
example: SAP
$ref:
description: The URI of the SCIM resource representating the Alert application.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Applications/7f00000180281df7818028bfed100826'
displayName:
description: The name of the Alert Application. OPTIONAL and READ-ONLY.
type: string
example: SAP Financial App
actions:
description: Alert actions.
type: array
items:
properties:
type:
description: The type of action performed as a result of the Alert.
type: string
enum:
- WORKFLOW
- CERTIFICATION
- NOTIFICATION
example: Certification
alertDefinitionName:
description: The name of the Alert Definition that triggered the action.
type: string
example: certLauncher
resultId:
description: 'Typically actions create other objects, a certificationId or workflowId as a result of the action taken.'
type: string
example: 7f00000180281df7818028c109ea1742
result:
description: The Task Result of the Alert.
type: array
items:
properties:
name:
description: The name of the Task Result for the Alert action.
type: string
example: Alert 0000000001 Certification Result
workflowName:
description: The name of the Workflow used in the Alert action task result.
type: string
example: refreshCerficationSchedule
notifications:
type: array
description: Notifications to send when a Alert action is generated.
items:
properties:
name:
description: The name of configured notifications for Alert action results.
type: string
example: 000000009
displayName:
description: Display name for the Alert action notification.
type: string
example: Certification Refresh Notification for James.Smith
emailAddresses:
description: A list of email addresses to send an Alert action notification.
type: string
example: james.smith@demoexample.com
alertDate:
description: 'The Alert DateTime, this could have different meanings based on the type of alert.'
type: string
format: date-time
example: '2022-03-31T14:52:40.265-05:00'
lastProcessed:
description: 'The DateTime of the last time the Alert was processed, this does not indicate the system took action on the Alert.'
type: string
format: date-time
example: '2022-03-31T14:52:40.260-05:00'
nativeId:
description: Unique Identifier of the Alert in the native system.
type: string
example: 420bebfb-c87a-406f-930c-29e06feb47bc
targetId:
description: Unique Identifier of the target object which caused the Alert.
type: string
example: c0a8019c7fe51750817fe634a6b10171
targetType:
description: The type of SailPointObject the target is.
type: string
example: Certification
targetDisplayName:
description: User friendly display name of the target object.
type: string
example: Manager Certification
meta:
type: object
properties:
created:
description: DateTime when the Alert was created.
type: string
format: date-time
example: '2022-04-05T15:52:30.090-05:00'
location:
description: URL to the Alert.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Alerts/c0a8019c7ffa186e817ffb80170a0195'
lastModified:
description: DateTime of Alert last modification.
type: string
format: date-time
example: '2022-04-05T15:52:30.119-05:00'
version:
description: Alert version.
type: string
example: W"1649191950119"
resourceType:
description: Resource type of the metadata subject.
type: string
example: Alert
applicationResponse:
properties:
id:
description: IdentityIQ id of the Application.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
name:
description: Unique name for the Application. This name MUST be unique across the entire set of Applications.
type: string
example: Active Directory
descriptions:
description: A list of localized descriptions of the Application.
type: array
example:
- locale: en_US
value: The main Active_Directory domain data for the corporate network.
type:
description: The type of the Application.
type: string
example: Active Directory - Direct
features:
description: A list of features of the Application.
type: array
example:
- - DIRECT_PERMISSIONS
- NO_RANDOM_ACCESS
- DISCOVER_SCHEMA
owner:
description: The owner of the Application.
type: object
properties:
displayName:
description: Display name of the application owner.
type: string
example: Joe Smith
value:
description: id of the application owner.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
$ref:
description: URI reference of the application owner resource.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Users/c0b4568a4fe7458c434ee77d1fbt156b'
applicationSchemas:
description: List of the Application Schemas.
type: object
properties:
value:
description: The urn of the Application Schema.
type: string
example: 'urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:Active Directory:account'
type:
description: 'The type of Application Schema (account, group, etc.).'
type: string
example: account
$ref:
description: The URI of the SCIM resource representing the Entitlement.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Schemas/urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:Active%20Directory:account'
meta:
description: Metadata of the SCIM resource.
properties:
created:
description: Datetime this Application was created.
type: string
format: date-time
example: '2022-02-11T01:34:04.074-05:00'
location:
description: The location of the SCIM resource.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Applications/c0b4568a4fe7458c434ee77d1fbt156b'
lastModified:
description: Datetime the Application was last modified.
type: string
format: date-time
example: '2022-02-11T01:08:45.866-05:00'
version:
description: The version of the SCIM resource.
type: string
example: W"1644561244074"
resourceType:
description: The SCIM resource type.
type: string
example: Application
schemas:
description: The schemas involved in the SCIM resource.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Application'
checkedPolicyViolationsPostRequest:
type: object
properties:
identity:
description: An identity for whom access is requested on the provisioning simulation
type: string
example:
identity: Ryan.Russell
plan:
description: A provisioning plan detailing the access to request on the simulation
type: object
properties:
value:
type: object
properties:
accounts:
type: array
items:
type: object
properties:
op:
description: The operation to perform on the provisioning.
type: string
example: Modify
instance:
type: string
example: 'null'
description: A particular instance to provision this access to
application:
type: string
example: Active_Directory
description: The application that owns the access items in the request
attributes:
type: array
items:
type: object
properties:
op:
description: The operation to perform on the access item.
type: string
example: Add
name:
description: The type of access item to provision.
type: string
example: groupmbr
value:
description: The name of the access item to provision.
type: string
example: UnixAdministration
type:
type: string
example: application/sailpoint.object.ProvisioningPlan+json
policies:
description: A list of policies to check for new policy violations on the access provisioned by the simulation.
type: array
items:
type: string
example:
- SOD Policy
- Entitlement Policy
- RandomPolicyNotExisting
checkedPolicyViolationResponse:
type: object
properties:
identity:
description: An identity for whom access was requested on the provisioning simulation
type: string
example:
identity: Ryan.Russell
meta:
type: object
properties:
resourceType:
description: ''
type: string
example: CheckedPolicyViolation
violations:
type: array
items:
properties:
entitlements:
description: An array of the entitlements used in the provisioning simulation.
type: array
items:
type: string
example:
- a2a
- a2b
- benefits
policyName:
description: The name of the policy that conflicted with the access items provisioned in the simulation causing policy violation.
type: string
example: SOD Policy
policyType:
description: The type of the policy that conflicted with the access items provisioned in the simulation causing policy violation(s).
type: string
example: SOD
description:
description: The description of the policy violation(s) caused by the access provisioned in the simulation.
type: string
example: Security design should not be combined with administrative permissions.
constraintName:
description: The specific constraint in the policy that conflicted with the access items provisioned in the simulation.
type: string
example: ' IT SOD-117'
leftBundles:
description: The left set of entitlements defined in the policy constraint in order to check against another set of entitlements for compliance.
type: array
items:
type: string
example:
- Security Architect - IT
rightBundles:
description: The right set of entitlements defined in the policy constraint in order to check against another set of entitlements for compliance.
type: array
items:
type: string
example:
- Unix Administrator - IT
schemas:
description: The SCIM schema for Checked Policy Violations.
type: array
items:
type: string
example: 'urn:ietf:params:scim:schemas:sailpoint:1.0:CheckedPolicyViolation'
policies:
description: The set of policies used to check for conflicting access in the provisioning simulation
type: array
items:
type: string
example:
- SOD Policy
- Entitlement Policy
- RandomPolicyNotExisting
plan:
description: A provisioning plan detailing the access to request on the simulation
type: object
properties:
value:
type: object
properties:
accounts:
type: array
items:
type: object
properties:
op:
description: The operation performed on the access in the provisioning simulation.
type: string
example: Modify
instance:
type: string
example: 'null'
description: A particular instance to provision this access to
application:
type: string
example: Active_Directory
description: The application that owns the access provisioned in the simulation.
attributes:
type: array
items:
type: object
properties:
op:
description: The operation performed on the access in the provisioning simulation.
type: string
example: Add
name:
description: The type of provisioned access.
type: string
example: groupmbr
value:
description: The name of the provisioned access items.
type: string
example: UnixAdministration
type:
type: string
example: application/sailpoint.object.ProvisioningPlan+json
SailPoint-Entitlement-Schema:
description: 'Attributes for schema: urn:ietf:params:scim:schemas:sailpoint:1.0:Entitlement'
type: object
properties:
id:
description: Unique identifier of the Entitlement.
type: string
example: c0a8019c7fe11678817fe18984351477
descriptions:
description: A list of localized descriptions of the Entitlement.
items:
type: array
properties:
locale:
description: The locale associated with this Entitlement description.
type: string
example: en_US
value:
description: The description in localized form.
type: string
example: **Card Reader Directory** target friendly description
displayableName:
description: Displayable name of the Entitlement.
type: string
example: Boolean
type:
description: Type of the Entitlement.
type: string
example: Permission
application:
description: The corresponding Application object of the Entitlement.
type: array
items:
properties:
value:
description: The Application associated with the Entitlement.
type: string
example: ADDirectDemoData
$ref:
description: The URI of the SCIM resource representating the Entitlement application.
type: object
example: 'http://localhost:8080/identityiq/scim/v2/Applications/7f00000180281df7818028bfed100826'
displayName:
description: The name of the Entitlement Application. OPTIONAL and READ-ONLY.
type: string
example: Active Directory Demo Data
owner:
description: The owner of the Entitlement.
type: array
items:
properties:
value:
description: The id of the SCIM resource representing the Entitlement Owner.
type: string
example: 7f00000180281df7818028bfb0d103c7
$ref:
description: The URI of the SCIM resource representing the Entitlement Owner.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Users/7f00000180281df7818028bfb0d103c7'
displayName:
description: The displayName of the Entitlement Owner. OPTIONAL and READ-ONLY.
type: string
example: Debra Wood
requestable:
description: Flag to indicate this entitlement is requestable.
type: boolean
example: false
aggregated:
description: Flag to indicate this entitlement has been aggregated.
type: boolean
example: true
attribute:
description: Attribute of the Entitlement.
type: string
example: Employee Data
value:
description: Attribute value of the Entitlement.
type: string
example: a2a
lastRefresh:
description: The DateTime when the Entitlement was refreshed.
type: string
format: date-time
example: '2022-04-14T10:44:54.880-05:00'
lastTargetAggregation:
description: The date aggregation was last targeted of the Entitlement.
type: string
format: date-time
example: '2022-04-14T10:48:01.907-05:00'
classifications:
description: Classifications of this Entitlement.
type: object
items:
required:
- classification
properties:
source:
description: The source of the ObjectClassification.
type: string
example: IdentityAI
effective:
description: Flag indicating this is an effective Classification.
type: boolean
example: false
classification:
description: Classification of this object.
type: array
items:
properties:
name:
description: The name of the Classification.
type: string
example: structuralDesign1
displayName:
description: The displayName of the Classification.
type: string
example: Structural Design
origin:
description: The origin of the Classification.
type: string
example: Source Templates
type:
description: The type of the Classification.
type: string
example: aggregation
meta:
type: object
properties:
resourceType:
example: Schema
entitleAuth:
description: This is an Extended Attribute from Managed Attribute used to describe the authorization level of an Entitlement.
type: string
enum:
- HIGH
- MEDIUM
- LOW
- NONE
example: HIGH
entDate:
description: This is an Extended Attribute from Managed Attribute. The Entitlement DateTime.
type: string
format: date-time
example: '2022-04-14T10:44:54.741-05:00'
active:
description: This is an Extended Attribute from Managed Attribute. Describes if an Entitlement is active.
type: boolean
example: true
rank:
description: This is an Extended Attribute from Managed Attribute.
type: integer
example: 1
rule:
description: This is an Extended Attribute from Managed Attribute. Used to specify a Rule object for the Entitlement.
type: string
example: EntitlementOwnerRule
reviewer:
description: This is an Extended Attribute from Managed Attribute. The Identity that reviewed the Entitlement.
type: object
properties:
displayName:
description: Display name of the Entitlement reviewer.
type: string
example: Debra Wood
value:
description: id of the Entitlement reviewer.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
$ref:
description: URI reference of the Entitlement reviewer resource.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Users/c0b4568a4fe7458c434ee77d1fbt156b'
email:
description: This is an Extended Attribute from Managed Attribute. Used to specify the Entitlement owner email.
type: string
example: test@example.com
entitlementGetResponse:
properties:
id:
description: Unique identifier of the Entitlement.
type: string
example: 7f00000180281df7818028bfb83204dc
descriptions:
description: A list of localized descriptions of the Entitlement.
type: object
properties:
locale:
description: The locale associated with this Entitlement description.
type: string
example: en_GB
value:
description: The description in localized form.
type: string
example: **AP_Logins** Target Friendly Description
displayName:
description: Displayable name of the Entitlement.
type: string
example: AP_Logins
type:
description: Type of the Entitlement.
type: string
example: Permission
application:
description: The corresponding Application object of the Entitlement.
type: array
items:
properties:
value:
description: The Application associated with the Entitlement.
type: string
example: 7f00000180281df7818028bfac5a0367
$ref:
description: The URI of the SCIM resource representating the Entitlement application.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Applications/7f00000180281df7818028bfed100826'
displayName:
description: The name of the Entitlement Application. OPTIONAL and READ-ONLY.
type: string
example: Oracle_DB_oasis
owner:
description: The owner of the Entitlement.
type: array
items:
properties:
value:
description: The id of the SCIM resource representing the Entitlement Owner.
type: string
example: 7f00000180281df7818028bfb0d103c7
$ref:
description: The URI of the SCIM resource representing the Entitlement Owner.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Users/7f00000180281df7818028bfb0d103c7'
displayName:
description: The displayName of the Entitlement Owner. OPTIONAL and READ-ONLY.
type: string
example: Debra Wood
requestable:
description: Flag to indicate this entitlement is requestable.
type: boolean
example: true
aggregated:
description: Flag to indicate this entitlement has been aggregated.
type: boolean
example: true
attribute:
description: Attribute of the Entitlement.
type: string
example: AP_Logins
value:
description: Attribute value of the Entitlement.
type: string
example: 'CN=AP_Logins,OU=Security,OU=Permissions,DC=test,DC=sailpoint,DC=com'
lastRefresh:
description: The DateTime when the Entitlement was refreshed.
type: string
format: date-time
example: '2022-04-14T10:48:01.907-05:00'
lastTargetAggregation:
description: The date aggregation was last targeted of the Entitlement.
type: string
format: date-time
example: '2022-04-14T10:48:01.907-05:00'
classifications:
description: Classifications of this Entitlement.
type: object
required:
- classification
properties:
source:
description: The source of the ObjectClassification.
type: string
example: UI
effective:
description: Flag indicating this is an effective Classification.
type: boolean
example: false
classification:
description: Classification of this object.
type: object
properties:
name:
description: The name of the classification.
type: string
example: ClassificationB
displayName:
description: The display name of the classification.
type: string
example: ClassB
origin:
description: The origin of the Classification.
type: string
example: PAMSource
type:
description: The type of the Classification.
type: string
example: Aggregation
meta:
type: object
properties:
created:
description: DateTime when the Entitlement was created.
type: string
format: date-time
example: '2022-04-14T10:44:54.834-05:00'
location:
description: URL to the Entitlement.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Entitlements/7f00000180281df7818028bfb83204dc'
lastModified:
description: DateTime of Entitlement last modification.
type: string
format: date-time
example: '2022-04-05T15:52:30.119-05:00'
version:
description: Entitlement version.
type: string
example: '"W"1649951094834"'
resourceType:
description: Resource type of the metadata subject.
type: string
example: Entitlement
schemas:
type: array
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Entitlement'
entitleAuth:
description: This is an Extended Attribute from Managed Attribute used to describe the authorization level of an Entitlement.
type: string
example: Low
entDate:
description: This is an Extended Attribute from Managed Attribute. The Entitlement DateTime.
type: string
format: date-time
example: '2022-04-14T10:44:54.738-05:00'
active:
description: This is an Extended Attribute from Managed Attribute. Describes if an Entitlement is active.
type: boolean
example: false
rank:
description: This is an Extended Attribute from Managed Attribute.
type: integer
example: 3
rule:
description: This is an Extended Attribute from Managed Attribute. Used to specify a Rule object for the Entitlement.
type: string
example: APLogin-Contractors-Rule
reviewer:
description: This is an Extended Attribute from Managed Attribute. The Identity that reviewed the Entitlement.
type: object
properties:
displayName:
description: Display name of the Entitlement reviewer.
type: string
example: Dan Patrick
value:
description: id of the Entitlement reviewer.
type: string
example: c0b4568a4fe7458c434ee77f2fad267c
$ref:
description: URI reference of the Entitlement reviewer resource.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Users/c0b4568a4fe7458c434ee77f2fad267c'
email:
description: This is an Extended Attribute from Managed Attribute. Used to specify the Entitlement owner email.
type: string
example: dpatrick@demoexample.com
entitlementByIdGetBody:
properties:
id:
description: Unique identifier of the Entitlement.
type: string
example: 7f00000180281df7818028bfb7d204c1
descriptions:
description: A list of localized descriptions of the Entitlement.
type: object
properties:
locale:
description: The locale associated with this Entitlement description.
type: string
example: en_US
value:
description: The description in localized form.
type: string
example: **Employee Database** target friendly description
displayableName:
description: Displayable name of the Entitlement.
type: string
example: a2a
type:
description: Type of the Entitlement.
type: string
example: group
application:
description: The corresponding Application object of the Entitlement.
type: array
items:
properties:
value:
description: The Application associated with the Entitlement.
type: string
example: 7f00000180281df7818028bfed100826
$ref:
description: The URI of the SCIM resource representating the Entitlement application.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Applications/7f00000180281df7818028bfed100826'
displayName:
description: The name of the Entitlement Application. OPTIONAL and READ-ONLY.
type: string
example: SAP
owner:
description: The owner of the Entitlement.
type: array
items:
properties:
value:
description: The id of the SCIM resource representing the Entitlement Owner.
type: string
example: 7f00000180281df7818028bfab930361
$ref:
description: The URI of the SCIM resource representing the Entitlement Owner.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Users/7f00000180281df7818028bfab930361'
displayName:
description: The displayName of the Entitlement Owner. OPTIONAL and READ-ONLY.
type: string
example: Mary Johnson
requestable:
description: Flag to indicate this entitlement is requestable.
type: boolean
example: true
aggregated:
description: Flag to indicate this entitlement has been aggregated.
type: boolean
example: true
attribute:
description: Attribute of the Entitlement.
type: string
example: memberOf
value:
description: Attribute value of the Entitlement.
type: string
example: 'CN=a2a,OU=HierarchicalGroups,OU=DemoData,DC=test,DC=sailpoint,DC=com'
lastRefresh:
description: The DateTime when the Entitlement was refreshed.
format: date-time
type: string
example: '2022-04-14T10:48:01.907-05:00'
lastTargetAggregation:
description: The date aggregation was last targeted of the Entitlement.
type: string
format: date-time
example: '2022-04-14T10:48:01.907-05:00'
classifications:
description: Classifications of this Entitlement.
type: object
required:
- classification
properties:
source:
description: The source of the ObjectClassification.
type: string
example: UI
effective:
description: Flag indicating this is an effective Classification.
type: boolean
example: false
classification:
description: Classification of this object.
type: object
properties:
name:
description: The name of the Classification.
type: string
example: ClassificationA
displayName:
description: The displayName of the Classification.
type: string
example: ClassA
origin:
description: The origin of the Classification.
type: string
example: FAM Aggregation
type:
description: The type of the Classification.
type: string
example: Aggregation
meta:
type: object
properties:
created:
description: DateTime when the Entitlement was created.
type: string
format: date-time
example: '2022-04-05T15:52:30.090-05:00'
location:
description: URL to the Entitlement.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Entitlements/c0a8019c7ffa186e817ffb80170a0195'
lastModified:
description: DateTime of Entitlement last modification.
type: string
format: date-time
example: '2022-04-05T15:52:30.119-05:00'
version:
description: Entitlement version.
type: string
example: '"W"1649191950119"'
resourceType:
description: Resource type of the metadata subject.
type: string
example: Entitlement
schemas:
type: array
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Entitlement'
entitleAuth:
description: This is an Extended Attribute from Managed Attribute used to describe the authorization level of an Entitlement.
type: string
example: None
entDate:
description: This is an Extended Attribute from Managed Attribute. The Entitlement DateTime.
type: string
format: date-time
example: '2022-04-14T10:44:54.738-05:00'
active:
description: This is an Extended Attribute from Managed Attribute. Describes if an Entitlement is active.
type: boolean
example: false
rank:
description: This is an Extended Attribute from Managed Attribute.
type: integer
example: 3
rule:
description: This is an Extended Attribute from Managed Attribute. Used to specify a Rule object for the Entitlement.
type: string
example: APLogin-Contractors-Rule
reviewer:
description: This is an Extended Attribute from Managed Attribute. The Identity that reviewed the Entitlement.
type: object
properties:
displayName:
description: Display name of the Entitlement reviewer.
type: string
example: Caroline Lee
value:
description: id of the Entitlement reviewer.
type: string
example: c0b4568a4fe7458c434ee77f2fad267c
$ref:
description: URI reference of the Entitlement reviewer resource.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Users/c0b4568a4fe7458c434ee77f2fad267c'
emails:
description: This is an Extended Attribute from Managed Attribute. Used to specify the Entitlement owner email.
type: string
example: clee@demoexample.com
SailPoint-LaunchedWorkflow-Schema:
description: 'Attributes for schema: urn:ietf:params:scim:schemas:sailpoint:1.0:LaunchedWorkflow'
type: object
properties:
workflowName:
description: Name of the Workflow to launch.
type: string
example: LCM Provisioning
identityRequestId:
type: string
description: Id representing the identity request.
example: 7f000001806719888180675c8f8a016a
workflowCaseId:
description: Id representing the workflow case (a running instance of a workflow).
type: string
example: 7f000001806719888180675c8f8a025d
workflowProcessId:
type: string
description: Id representing the workflow monitoring process log.
example: 7f000001806719888180675c8f8a031g
retries:
type: integer
description: The number of retries performed during the execution of provisioning activities.
example: 0
approvalSet:
type: string
description: XML representation of approvals.
example:
workflowSummary:
type: string
description: XML representation of the workflow summary.
example: '""'
input:
type: object
description: A list of input attributes of the Launched Workflow.
properties:
key:
type: string
description: The attribute key.
example: maxRetries
value:
type: string
description: The attribute value.
example: 2
type:
type: string
description: The attribute type.
example: integer
output:
type: object
description: A list of output attributes of the Launched Workflow.
properties:
key:
type: string
description: The attribute key.
example: retries
value:
type: string
description: The attribute value.
example: '0'
type:
type: string
description: The attribute type.
example: application/int
launchedWorkflowGetResponse:
properties:
partitioned:
description: Flag to indicate this TaskResult is partitioned. (From the TaskResult used to launch the Workflow).
type: boolean
example: true
completed:
type: string
format: date-time
description: The completed DateTime of the TaskResult. (From the TaskResult used to launch the Workflow).
example: '2022-04-14T10:45:26.098-05:00'
type:
description: Type of the TaskResult. (From the TaskResult used to launch the Workflow).
type: string
example: Workflow
launched:
type: string
format: date-time
description: The launched DateTime of the TaskResult. (From the TaskResult used to launch the Workflow).
example: '2022-04-14T10:45:26.114-05:00'
pendingSignOffs:
description: The number of pending signoffs of this TaskResult. (From the TaskResult used to launch the Workflow).
type: integer
example: 2
workflowName:
description: Name of the Workflow to launch.
type: string
example: Update Identity Adam.Kennedy AccessRequest
identityRequestId:
description: Id representing the identity request.
type: string
example: '0000000001'
workflowCaseId:
description: Id representing the workflow case (a running instance of a workflow).
type: string
example: c0a8019c808b1baa81808bde2c2201b3
workflowProcessId:
type: string
description: Id representing the workflow monitoring process log.
example: 7f000001806719888180675c8f8a225g
retries:
description: The number of retries performed during the execution of provisioning activities.
type: integer
example: 1
approvalSet:
description: XML representation of approvals.
type: string
example: 'example: '
workflowSummary:
description: XML representation of the workflow summary.
type: string
example: 'example: ""'
input:
description: A list of input attributes of the Launched Workflow.
type: object
properties:
key:
description: The attribute key.
type: string
example: _workflowRef
value:
description: The attribute value.
type: string
example: UpdateIdentityWorkflow
type:
description: The attribute type.
type: string
example: string
output:
description: A list of output attributes of the Launched Workflow.
type: object
properties:
key:
description: The attribute key.
type: string
example: workflowSummary
value:
description: The attribute value.
type: string
example: '\n \n \n \n\n'
type:
description: The attribute type.
type: string
example: application/xml
targetClass:
description: Target Class of the TaskResult. (From the TaskResult used to launch the Workflow).
type: string
example: Permission
name:
description: Name of the TaskResult. (From the TaskResult used to launch the Workflow).
type: string
example: Update Account Group a2a
messages:
description: List of messages of the TaskResult. (From the TaskResult used to launch the Workflow).
type: array
items:
example:
- Task executed successfully.
attributes:
description: A list of attributes of the TaskResult. (From the TaskResult used to launch the Workflow).
type: array
items:
properties:
key:
description: The attribute key.
type: string
example: Workflow Summary
value:
description: The attribute value.
type: string
example: '\n \n \n \n\n'
id:
description: Unique identifier of the TaskResult. (From the TaskResult used to launch the Workflow).
type: string
example: 7f00000180281df7818028c03252085c
completionStatus:
type: string
description: Completion Status of the TaskResult. (From the TaskResult used to launch the Workflow).
enum:
- Success
- Warning
- Error
- Terminated
- TempError
example: Success
taskDefinition:
type: string
description: Name of the TaskDefinition of the TaskResult. (From the TaskResult used to launch the Workflow).
example: Workflow Launcher
terminated:
description: Flag to indicate this TaskResult is terminated. (From the TaskResult used to launch the Workflow).
type: boolean
example: true
launcher:
description: Launcher of the TaskResult. (From the TaskResult used to launch the Workflow).
type: string
example: spadmin
meta:
type: object
properties:
created:
description: DateTime when the TaskResult was created. (From the TaskResult used to launch the Workflow).
type: string
format: date-time
example: '2022-04-14T10:44:54.834-05:00'
location:
description: URL to the TaskResult. (From the TaskResult used to launch the Workflow).
type: string
example: 'http://localhost:8080/identityiq/scim/v2/TaskResults/7f00000180281df7818028c03252085c'
lastModified:
description: DateTime of TaskResult last modification. (From the TaskResult used to launch the Workflow).
type: string
format: date-time
example: '2022-04-05T15:52:30.119-05:00'
version:
description: TaskResult version. (From the TaskResult used to launch the Workflow).
type: string
example: '"W"1649951094834"'
resourceType:
description: Resource type of the metadata subject. (From the TaskResult used to launch the Workflow).
type: string
example: TaskResult
launchedWorkflowByIdGetBody:
properties:
partitioned:
description: Flag to indicate this TaskResult is partitioned. (From the TaskResult used to launch the Workflow).
type: boolean
example: true
completed:
type: string
format: date-time
description: The completed DateTime of the TaskResult. (From the TaskResult used to launch the Workflow).
example: '2022-04-14T10:45:26.098-05:00'
type:
description: Type of the TaskResult. (From the TaskResult used to launch the Workflow).
type: string
example: Workflow
launched:
type: string
format: date-time
description: The launched DateTime of the TaskResult. (From the TaskResult used to launch the Workflow).
example: '2022-04-14T10:45:26.114-05:00'
pendingSignOffs:
description: The number of pending signoffs of this TaskResult. (From the TaskResult used to launch the Workflow).
type: integer
example: 2
workflowName:
description: Name of the Workflow to launch.
type: string
example: Update Account Group a2a
identityRequestId:
description: Id representing the identity request.
type: string
example: '0000000002'
workflowCaseId:
description: Id representing the workflow case (a running instance of a workflow).
type: string
example: 7f000001806719888180675c8f8a016a
workflowProcessId:
type: string
description: Id representing the workflow monitoring process log.
example: 7f000001806719888180675c8f8a0017b
retries:
description: The number of retries performed during the execution of provisioning activities.
type: integer
example: 1
approvalSet:
description: XML representation of approvals.
type: string
example: 'example: '
workflowSummary:
description: XML representation of the workflow summary.
type: string
example: 'example: ""'
input:
description: A list of input attributes of the Launched Workflow.
type: object
properties:
key:
description: The attribute key.
type: string
example: _caseName
value:
description: The attribute value.
type: string
example: WorkflowCaseRegistry
type:
description: The attribute type.
type: string
example: string
output:
description: A list of output attributes of the Launched Workflow.
type: object
properties:
key:
description: The attribute key.
type: string
example: workflowSummary
value:
description: The attribute value.
type: string
example: '\n \n \n \n\n'
type:
description: The attribute type.
type: string
example: application/xml
targetClass:
description: Target Class of the TaskResult. (From the TaskResult used to launch the Workflow).
type: string
example: Permission
name:
description: Name of the TaskResult. (From the TaskResult used to launch the Workflow).
type: string
example: Update Account Group a2a
messages:
description: List of messages of the TaskResult. (From the TaskResult used to launch the Workflow).
type: array
items:
example:
- Task executed successfully.
attributes:
description: A list of attributes of the TaskResult. (From the TaskResult used to launch the Workflow).
type: array
items:
properties:
key:
description: The attribute key.
type: string
example: Workflow Summary
value:
description: The attribute value.
type: string
example: '\n \n \n \n\n'
id:
description: Unique identifier of the TaskResult. (From the TaskResult used to launch the Workflow).
type: string
example: 7f00000180281df7818028c03252085c
completionStatus:
type: string
description: Completion Status of the TaskResult. (From the TaskResult used to launch the Workflow).
enum:
- Success
- Warning
- Error
- Terminated
- TempError
example: Success
taskDefinition:
type: string
description: Name of the TaskDefinition of the TaskResult. (From the TaskResult used to launch the Workflow).
example: Workflow Launcher
terminated:
description: Flag to indicate this TaskResult is terminated. (From the TaskResult used to launch the Workflow).
type: boolean
example: true
launcher:
description: Launcher of the TaskResult. (From the TaskResult used to launch the Workflow).
type: string
example: spadmin
meta:
type: object
properties:
created:
description: DateTime when the TaskResult was created. (From the TaskResult used to launch the Workflow).
type: string
format: date-time
example: '2022-04-14T10:44:54.834-05:00'
location:
description: URL to the TaskResult. (From the TaskResult used to launch the Workflow).
type: string
example: 'http://localhost:8080/identityiq/scim/v2/TaskResults/7f00000180281df7818028c03252085c'
lastModified:
description: DateTime of TaskResult last modification. (From the TaskResult used to launch the Workflow).
type: string
format: date-time
example: '2022-04-05T15:52:30.119-05:00'
version:
description: TaskResult version. (From the TaskResult used to launch the Workflow).
type: string
example: '"W"1649951094834"'
resourceType:
description: Resource type of the metadata subject. (From the TaskResult used to launch the Workflow).
type: string
example: TaskResult
launchedWorkflowsPostRequest:
properties:
schemas:
type: array
description: Schemas related to Launched Workflows.
items:
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:LaunchedWorkflow'
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:TaskResult'
workflowName:
type: string
description: Name of the Workflow to launch.
example: LCM Manage Passwords
input:
type: array
description: A list of input attributes of the Launched Workflow.
items:
properties:
key:
type: string
description: The attribute key.
example: plan
value:
type: string
description: The attribute value.
example: |
type:
type: string
description: The attribute type.
example: application/xml
launchedWorkflowsPostResponse:
type: object
description: Response example for a POST request to execute a Workflow.
properties:
targetName:
type: string
description: Target name of the TaskResult.
example: Ernest.Wagner
verified:
type: string
format: date-time
description: The verified date of the TaskResult.
example: '2022-05-26T11:17:13.481-05:00'
partitioned:
type: boolean
description: Flag to indicate if the TaskResult is partitioned.
example: false
completed:
type: string
format: date-time
description: The completed date of the TaskResult.
example: '2022-05-26T11:17:13.678-05:00'
type:
type: string
description: Type of the TaskResult.
example: LCM
launched:
type: string
description: The launched date of the TaskResult.
pendingSignOffs:
type: integer
description: Number of pending signoffs of this TaskResult.
example: 0
'urn:ietf:params:scim:schemas:sailpoint:1.0:LaunchedWorkflow':
type: object
description: LaunchedWorkflow properties.
properties:
output:
type: array
items:
properties:
type:
type: string
description: The output attribute type.
example: application/int
value:
type: string
description: The output attribute value.
example: '0'
key:
type: string
description: The output attribute key.
example: workflowSummary
retries:
type: integer
description: The number of retries performed during the execution of provisioning activities.
example: 0
input:
type: array
items:
properties:
key:
type: string
description: The input attribute key.
example: optimisticProvisioning
value:
type: string
description: The input attribute value.
example: 'true'
type:
type: string
description: The input attribute type.
example: boolean
workflowSummary:
type: string
description: XML representation of the workflow summary.
example: |
workflowName:
type: string
description: Name of the workflow to launch.
example: LCM Manage Passwords.
identityRequestId:
type: string
description: Id representing the identity request.
example: '0000000004'
workflowCaseId:
type: string
description: Id representing the workflow case (a running instance of a workflow).
example: c0a8019c810011478181012862b81568
targetClass:
type: string
description: Target class of the Task Result.
example: Identity
meta:
description: Metadata for the LaunchedWorkflow TaskResult.
type: array
items:
properties:
created:
description: Datetime when the TaskResult for the LaunchedWorkflow was created.
type: string
format: date-time
example: '2022-03-31T14:52:40.245-05:00'
location:
description: URL to the TaskResult.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/TaskResults/c0a8019c810011478181012862b51567'
lastModified:
description: Datetime of LaunchedWorkflow TaskResult last modification
type: string
format: date-time
example: '2022-03-31T14:52:40.265-05:00'
version:
description: Version of the LaunchedWorkflow TaskResult.
type: string
example: '"W"1649951092552"'
resourceType:
description: Resource type of the metadata subject
type: string
example: LaunchedWorkflow
schemas:
type: array
description: Schemas related to LaunchedWorkflow.
items:
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:LaunchedWorkflow'
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:TaskResult'
name:
type: string
description: Name of the TaskResult for the Workflow launch.
example: LCM Manage Passwords - 2
messages:
type: array
description: List of messages of the TaskResult.
items:
example:
- Connection error
Attributes:
type: object
description: A list of attributes of the TaskResult.
properties:
key:
type: string
description: The attribute key.
example: retries
value:
type: string
description: The attribute value.
example: '0'
id:
type: string
description: Id of the task result for the Workflow launch.
example: c0a8019c810011478181012862b51567
completionStatus:
type: string
description: Completion Status of the TaskResult.
enum:
- Success
- Warning
- Error
- Terminated
- TempError
example: Success
taskDefinition:
type: string
description: Name of the TaskDefinition of the TaskResult.
example: Workflow Launcher
terminated:
type: boolean
description: Flag to indicate this TaskResult is terminated.
example: false
launcher:
type: string
description: Launcher of the TaskResult.
example: spadmin
objectConfigGetResponse:
properties:
id:
description: Unique identifier of the ObjectConfig.
type: string
example: c0a8019c7fe11678817fe18984351477
name:
description: Name of the ObjectConfig.
type: string
example: Link
objectAttributes:
description: A list of attributes of the ObjectConfig.
type: array
items:
properties:
name:
description: The object attribute name.
type: string
example: inactive
displayName:
description: The display name of the object attribute.
type: string
example: attr_demoInactive
type:
description: The type of the object attribute.
type: string
example: boolean
multi:
description: A Boolean value indicating this is a multi-valued attribute.
type: boolean
example: false
defaultValue:
description: The default value of the object attribute.
type: string
example: 'false'
system:
description: A Boolean value indicating this is a system attribute that does not have a source and is not configurable.
type: boolean
example: true
standard:
description: 'A Boolean value indicating this is a standard attribute (i.e. manager, email, firstname, lastname).'
type: boolean
example: false
extendedNumber:
description: Integer value of the extended attribute column number in the database schema.
type: integer
example: 1
namedColumn:
description: A Boolean value indicating this attribute has a named column in the database schema.
type: boolean
example: false
ruleName:
description: Rule used to derive the value. Usually specified when there are no attributeSources defined.
type: string
example: lastLoginToDateRule
groupFactory:
description: A Boolean value indicating this attribute can be used in a group factory. Identity attributes only.
type: boolean
example: true
editMode:
description: Enumeration indicating whether this attribute allows modification.
type: string
enum:
- READONLY
- PERMANENT
- UNTILFEEDVALUECHANGES
example: READONLY
attributeSources:
description: Sources of values for this atribute. Identity attributes only.
type: array
items:
properties:
name:
description: The name of the attribute on the application.
type: string
example: app1_inactive
key:
description: Derived identifier for this source.
type: string
example: 'Active_Directory:app1_inactive'
instance:
description: Optional instance name for template applications.
type: string
example: test-environment
ruleName:
description: Rule used to derive the value.
type: string
example: attributeSource-aws-S3-rule
attributeTargets:
description: Targets of this attribute that should receive the value upon attribute synchronization. Identity attributes only.
type: array
items:
properties:
name:
description: The name of the attribute on the application.
type: string
example: app2_active
key:
description: Derived identifier for this target.
type: string
example: 'Composite_ERP_Global_Platform:app2_inactive'
instance:
description: Optional instance name for template applications.
type: string
example: continuous-integration-environment1
ruleName:
description: Rule used to derive the value.
type: string
example: attributeTarget-aws-S3-rule
provisionAllAccount:
description: Return whether to provision all accounts if an identity has multiple accounts on the target application. Identity attributes only.
type: boolean
example: false
meta:
description: Metadata for the ObjectConfig
type: array
items:
properties:
created:
description: Datetime when the ObjectConfig was created
type: string
example: '2022-03-31T14:52:40.245-05:00'
location:
description: URL to the ObjectConfig
type: string
example: 'http://localhost:8080/identityiq/scim/v2/ObjectConfig/7f00000180281df7818028be62ef00e9'
lastModified:
description: Datetime of ObjectConfig last modification
type: string
example: '2022-03-31T14:52:40.265-05:00'
version:
description: ObjectConfig version
type: string
example: '"W"1649951092552"'
resourceType:
description: Resource type of the metadata subject
type: string
example: ObjectConfig
objectConfigByIdGetBody:
properties:
id:
description: Unique identifier of the ObjectConfig.
type: string
example: 7f00000180281df7818028be63aa00ef
name:
description: Name of the ObjectConfig.
type: string
example: Bundle
objectAttributes:
description: A list of attributes of the ObjectConfig.
type: array
items:
properties:
name:
description: The object attribute name.
type: string
example: StringAttr
displayName:
description: The display name of the object attribute.
type: string
example: attr_demoString
type:
description: The type of the object attribute.
type: string
example: string
multi:
description: A Boolean value indicating this is a multi-valued attribute.
type: boolean
example: false
defaultValue:
description: The default value of the object attribute.
type: string
example: None
system:
description: A Boolean value indicating this is a system attribute that does not have a source and is not configurable.
type: boolean
example: false
standard:
description: 'A Boolean value indicating this is a standard attribute (i.e. manager, email, firstname, lastname).'
type: boolean
example: false
extendedNumber:
description: Integer value of the extended attribute column number in the database schema.
type: integer
example: 2
namedColumn:
description: A Boolean value indicating this attribute has a named column in the database schema.
type: boolean
example: false
ruleName:
description: Rule used to derive the value. Usually specified when there are no attributeSources defined.
type: string
example: lastLoginToDate
groupFactory:
description: A Boolean value indicating this attribute can be used in a group factory. Identity attributes only.
type: boolean
example: true
editMode:
description: Enumeration indicating whether this attribute allows modification.
type: string
enum:
- READONLY
- PERMANENT
- UNTILFEEDVALUECHANGES
example: READONLY
attributeSources:
description: Sources of values for this atribute. Identity attributes only.
type: array
items:
properties:
name:
description: The name of the attribute on the application.
type: string
example: lastName
key:
description: Derived identifier for this source.
type: string
example: 'testInstancesApplication/inst2:lastName'
instance:
description: Optional instance name for template applications.
type: string
example: inst2
ruleName:
description: Rule used to derive the value.
type: string
example: Identity Attribute Rule - Type
attributeTargets:
description: Targets of this attribute that should receive the value upon attribute synchronization. Identity attributes only.
type: array
items:
properties:
name:
description: The name of the attribute on the application.
type: string
example: app2_active
key:
description: Derived identifier for this target.
type: string
example: 'Composite_ERP_Global_Platform:app2_inactive'
instance:
description: Optional instance name for template applications.
type: string
example: continuous-integration-environment1
ruleName:
description: Rule used to derive the value.
type: string
example: attributeTarget-aws-S3-rule
provisionAllAccount:
description: Return whether to provision all accounts if an identity has multiple accounts on the target application. Identity attributes only.
type: boolean
example: false
meta:
description: Metadata for the ObjectConfig
type: array
items:
properties:
created:
description: Datetime when the ObjectConfig was created
type: string
example: '2022-03-31T14:52:40.245-05:00'
location:
description: URL to the ObjectConfig
type: string
example: 'http://localhost:8080/identityiq/scim/v2/ObjectConfig/7f00000180281df7818028be62ef00e9'
lastModified:
description: Datetime of ObjectConfig last modification
type: string
example: '2022-03-31T14:52:40.265-05:00'
version:
description: ObjectConfig version
type: string
example: '"W"1649951092552"'
resourceType:
description: Resource type of the metadata subject
type: string
example: ObjectConfig
urn-ietf-params-scim-schemas-sailpoint-1.0-ObjectConfig:
description: 'Attributes for schema: urn:ietf:params:scim:schemas:sailpoint:1.0:ObjectConfig'
type: object
properties:
id:
description: Unique identifier of the ObjectConfig.
type: string
example: c0a8019c7fe11678817fe18984351477
name:
description: Name of the ObjectConfig.
type: string
example: Link
displayName:
description: Display name of the ObjectConfig.
type: string
example: Link Object Configuration
objectAttributes:
description: A list of attributes of the ObjectConfig.
type: array
items:
properties:
name:
description: The object attribute name.
type: string
example: lastLogin
displayName:
description: The display name of the object attribute.
type: string
example: attr_demoLastLogin
type:
description: The type of the object attribute.
type: string
example: date
multi:
description: A Boolean value indicating this is a multi-valued attribute.
type: boolean
example: 'false'
defaultValue:
description: The default value of the object attribute.
type: string
example: '2022-03-31T14:52:40.260-05:00'
system:
description: A Boolean value indicating this is a system attribute that does not have a source and is not configurable.
type: boolean
example: 'true'
standard:
description: 'A Boolean value indicating this is a standard attribute (i.e. manager, email, firstname, lastname).'
type: boolean
example: 'false'
extendedNumber:
description: Integer value of the extended attribute column number in the database schema.
type: integer
example: 1
namedColumn:
description: A Boolean value indicating this attribute has a named column in the database schema.
type: boolean
example: false
ruleName:
description: Rule used to derive the value. Usually specified when there are no attributeSources defined.
type: string
example: SimpleUpdateRule
groupFactory:
description: A Boolean value indicating this attribute can be used in a group factory. Identity attributes only.
type: boolean
example: false
editMode:
description: Enumeration indicating whether this attribute allows modification.
type: string
enum:
- READONLY
- PERMANENT
- UNTILFEEDVALUECHANGES
example: READONLY
attributeSources:
description: Sources of values for this atribute. Identity attributes only.
type: array
items:
properties:
instance:
description: Optional instance name for template applications.
type: string
example: localInstance1
name:
description: The name of the attribute on the application.
type: string
example: attribute1
ruleName:
description: Rule used to derive the value.
type: string
example: attribute1SourceRule
key:
description: Derived identifier for this source.
type: string
example: rule1
attributeTargets:
description: Targets of this attribute that should receive the value upon attribute synchronization. Identity attributes only.
type: array
items:
properties:
instance:
description: Optional instance name for template applications.
type: string
example: localInstance1
name:
description: The name of the attribute on the application.
type: string
example: attribute1
ruleName:
description: Rule used to derive the value.
type: string
example: attribute1TargetRule
key:
description: Derived identifier for this target.
type: string
example: rule1
provisionAllAccounts:
description: Return whether to provision all accounts if an identity has multiple accounts on the target application. Identity attributes only.
type: boolean
example: false
meta:
type: object
properties:
created:
description: DateTime when the Alert was created.
type: string
format: date-time
example: '2022-04-14T10:43:27.461-05:00'
lastModified:
description: DateTime of Alert last modification.
type: string
example: '2022-04-14T10:45:09.726-05:00'
location:
description: URL to the Alert.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/ObjectConfig/7f00000180281df7818028be62e500e8'
version:
description: Alert version.
type: string
example: W"1649951109726"
resourceType:
description: Resource type of the metadata subject.
type: string
example: ObjectConfig
policyViolationResponse:
properties:
id:
description: IdentityIQ id of the PolicyViolation.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
policyName:
description: Name of the Policy this PolicyViolation is associated with.
type: string
example: Entitlement Policy with Details
constraintName:
description: Name of the Constraint this PolicyViolation is associated with.
type: string
example: Entitlement Policy with Details
identity:
description: The Identity (User) that caused the PolicyViolation.
type: object
properties:
displayName:
description: Display name of the Identity that caused the PolicyViolation.
type: string
example: Bob Smith
value:
description: The id of the Identity which caused the PolicyViolation.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
$ref:
description: URI reference to the Identity (User).
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444'
owner:
description: The User that owns the Policy.
type: object
properties:
displayName:
description: Display name of the Policy owner.
type: string
example: Bob Smith
value:
description: The id of the Policy owner.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
$ref:
description: URI reference to the Policy owner.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444'
description:
description: Description of the PolicyViolation.
type: string
example: Production and development systems should not be available to one person.
status:
description: 'Status of the PolicyViolation. This can be Open, Mitigated, Remediated, or Delegated.'
type: string
example: Open
meta:
description: Metadata of the resource.
properties:
created:
description: Datetime this Resource was created.
type: string
format: date-time
example: '2022-02-11T01:34:04.074-05:00'
location:
description: The location of the resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0b4568a4fe7458c434ee77d1fbt156b'
lastModified:
description: Datetime the resource was last modified.
type: string
format: date-time
example: '2022-02-11T01:08:45.866-05:00'
version:
description: The version of the resource.
type: string
example: W/"1644561244074"
resourceType:
description: The SCIM resource type.
type: string
example: PolicyViolation
schemas:
description: The schemas involved in the SCIM resource.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:PolicyViolation'
resourceTypeResponse:
type: object
properties:
id:
description: ID of the ResourceType.
type: string
example: User
name:
description: Name of the ResourceType.
type: string
example: User
endpoint:
description: The ResourceType's HTTP addressable endpoint relative to the Base URL.
type: string
example: /Applications
description:
description: Description of the ResourceType.
type: string
example: User Account.
schema:
description: The primary/base schema URI of the ResourceType.
type: string
example: 'urn:ietf:params:scim:schemas:sailpoint:1.0:User'
schemaExtensions:
description: A list of URIs of the ResourceType's schema extensions.
type: array
items:
example:
- schema: 'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User'
required: true
- schema: 'urn:ietf:params:scim:schemas:sailpoint:1.0:User'
required: true
meta:
description: Metadata of the ResourceType.
type: object
properties:
location:
description: The location of the ResourceType.
type: string
example: 'http://localhost:8080/iiq/scim/v2/ResourceTypes/User'
resourceType:
description: The SCIM resource type.
type: string
example: ResourceType
schemas:
description: The schema for the ResourceType resource.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:core:2.0:ResourceType'
roleResponse:
properties:
id:
description: IIQ ID of the Role.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
name:
description: Unique name for the Role. This name MUST be unique across the entire set of Roles.
type: string
example: ADDirect-Production Manager
descriptions:
description: A list of localized descriptions of the Role.
type: array
example:
- locale: en_US
value: 'Directs production operations and processes for a plant, division, or company. Plans and maintains production schedules. Manages facilities and equipment maintenance.'
type:
description: The type of the Role.
type: object
example:
iiq: false
requirements: false
permits: false
displayName: IT
manualAssignment: false
name: it
autoAssignment: false
assignmentSelector: false
displayableName:
description: Displayable name of the Role.
type: string
example: Staging Test Engineer - IT
active:
description: Flag to indicate this Role is enabled or active.
type: boolean
example: true
activationDate:
description: The date the Role will turn from inactive/disabled to active/enabled.
type: string
format: date-time
example: '2022-02-11T01:08:45.866-05:00'
deactivationDate:
description: The date the Role will turn from active/enabled to inactive/disabled.
type: string
format: date-time
example: '2022-02-11T01:08:45.866-05:00'
owner:
description: The owner of the Role.
type: object
properties:
displayName:
description: Display name of the Role owner.
type: string
example: Lori Ferguson
value:
description: ID of the Role owner.
type: string
example: ac1301737f901991817f90d9eb050372
$ref:
description: URI reference of the Role owner resource.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Users/ac1301737f901991817f90d9eb050372'
inheritance:
description: Parent Roles this role inherits from.
type: array
properties:
displayName:
description: Display name of the parent Role.
type: string
example: Finance & Accounting
value:
description: ID of the parent Role.
type: string
example: ac1301737f901991817f90d9f054041c
$ref:
description: URI reference of the parent Role resource.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Roles/ac1301737f901991817f90d9f054041c'
requirements:
description: Roles this role requires. This is normally used with business roles to reference IT roles as a way of indicating which IT roles are required to support a business role.
type: array
properties:
displayName:
description: Display name of the required Role.
type: string
example: Accounting General Access - IT
value:
description: ID of the required Role.
type: string
example: ac1301737f901991817f90d9ed110387
$ref:
description: URI reference of the required Role resource.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Roles/ac1301737f901991817f90d9ed110387'
permits:
description: Roles this role permits. This is normally used with business roles to reference IT roles as a way of indicating which IT roles are allowed to support a business role.
type: array
properties:
displayName:
description: Display name of the permitted Role.
type: string
example: Accounts Payable Access - IT
value:
description: ID of the permitted Role.
type: string
example: ac1301737f901991817f90d9ed170388
$ref:
description: URI reference of the permitted Role resource.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Roles/ac1301737f901991817f90d9ed170388'
classifications:
description: Classifications of this Role.
type: array
example:
- effective: false
source: UI
classification:
displayName: Special2
origin: JDBCDirectDemoData
name: Special2
- effective: false
source: UI
classification:
displayName: Special7
origin: JDBCDirectDemoData
name: Special7
properties:
source:
description: The source of the ObjectClassification.
type: string
effective:
description: Flag indicating this is an effective Classification.
type: boolean
classification:
description: Classification of this Object.
type: object
properties:
name:
description: The name of the Classification.
type: string
displayName:
description: The displayName of the Classification.
type: string
origin:
description: The origin of the Classification.
type: string
type:
description: The type of the Classification. This can be used to group Classifications in/across different origins.
type: string
meta:
description: Metadata of the SCIM resource.
properties:
created:
description: Datetime this Role was created.
type: string
format: date-time
example: '2022-02-11T01:34:04.074-05:00'
location:
description: The location of the SCIM resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Roles/c0b4568a4fe7458c434ee77d1fbt156b'
lastModified:
description: Datetime the Role was last modified.
type: string
format: date-time
example: '2022-02-11T01:08:45.866-05:00'
version:
description: The version of the SCIM resource.
type: string
example: W/\"1644561244074\"
resourceType:
description: The SCIM resource type.
type: string
example: Role
schemas:
description: The schemas involved in the SCIM resource.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:Role'
schemaResponse:
type: object
properties:
id:
description: The id of the Schema. The id is the SCIM URN of the Schema.
type: string
example: 'urn:ietf:params:scim:schemas:sailpoint:1.0:User'
name:
description: Name of the Schema.
type: string
example: User
description:
description: Description of the Schema.
type: string
example: Schema for a SCIM User.
attributes:
description: Attributes used to describe this Schema.
type: array
items:
properties:
uniqueness:
description: 'Determines whether there can be other Schema resources with the same value for this attribute. ''none'' means there is no concern for uniqueness, ''server'' means the uniqueness of this attribute should be guaranteed for this type of resource, and ''global'' means the uniqueness should be guaranteed across all resources.'
type: string
example: none
name:
description: Name of the attribute.
type: string
example: displayName
description:
description: Description of the attribute.
type: string
example: Display name of the User.
mutability:
description: 'Indicates the ability to change this attribute. Possible values are ''readOnly'', ''readWrite'', and ''writeOnly''.'
type: string
example: readOnly
type:
description: 'Defined as ''simple'' or ''complex'', where simple indicates attribute values stored as strings, integers, etc., and complex indicates object-based values.'
type: string
example: string
multiValued:
description: Describes whether this attribute is allowed multiple values.
type: boolean
example: false
caseExact:
description: True if attribute value is case-sensitive; false otherwise.
type: boolean
example: false
returned:
description: 'Dictates whether the attribute should be returned in a SCIM response body. Can be ''always'', ''default'', ''request'', or ''never''.'
type: string
example: default
required:
description: True if this attribute is required for this Schema; false otherwise.
type: boolean
example: false
canonicalValues:
description: List of canonical values that could be used to supplement attribute.
type: array
items:
type: string
example:
- httpbasic
- httpdigest
- oauth
subAttributes:
description: 'Only required if ''complex'' is specified for ''type''. If this attribute is of ''complex'' type, an array of objects can be stored in ''subAttributes'' with attributes relevant to the respective Schema.'
type: array
items:
additionalProperties:
anyOf:
- type: object
meta:
description: Metadata of the Schema.
type: object
properties:
location:
description: The location of the Schema.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Schemas/7f0123417e941b00007f9db3702906cb'
version:
description: The version of the Schema.
type: string
example: W"1647617443639"
resourceType:
description: The SCIM resource type.
type: string
example: Schema
schemas:
description: The schema for the Schema resource.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:core:2.0:Schema'
SailPoint-ServiceProviderConfig-Schema:
description: 'Attributes for schema: urn:ietf:params:scim:schemas:sailpoint:2.0:ServiceProviderConfig.'
type: object
required:
- patch
- etag
- bulk
- filter
- changePassword
- sort
- authenticationSchemes
properties:
documentationUri:
description: An HTTP addressable URL pointing to the service provider's human consumable help documentation.
type: string
example: 'https://community.sailpoint.com/community/identityiq/product-downloads'
patch:
type: object
description: A complex type that specifies PATCH configuration options.
required:
- supported
properties:
supported:
type: boolean
description: Boolean value specifying whether the operation is supported.
example: false
etag:
description: A complex type that specifies ETAG configuration options.
type: object
required:
- supported
properties:
supported:
type: boolean
description: Boolean value specifying whether the operation is supported.
example: true
bulk:
description: A complex type that specifies ETAG configuration options.
type: object
required:
- supported
- maxOperations
- maxPayloadSize
properties:
supported:
type: boolean
description: Boolean value specifying whether the operation is supported.
example: true
maxOperations:
type: integer
description: An integer value specifying the maximum number of operations.
example: 2
maxPayloadSize:
type: integer
description: An integer value specifying the maximum payload size in bytes.
example: 128
filter:
description: A complex type that specifies FILTER options.
type: object
required:
- supported
- maxResults
properties:
supported:
type: boolean
description: Boolean value specifying whether the operation is supported.
example: true
maxResults:
type: integer
description: Integer value specifying the maximum number of resources returned in a response.
example: 10
changePassword:
type: object
description: A complex type that specifies change password options.
required:
- supported
properties:
supported:
type: boolean
description: Boolean value specifying whether the operation is supported.
example: true
sort:
type: object
description: A complex type that specifies sort result options.
required:
- supported
properties:
supported:
type: boolean
description: Boolean value specifying whether the operation is supported.
example: false
authenticationSchemes:
description: A complex type that specifies supported Authentication Scheme properties.
type: object
required:
- name
- description
- type
properties:
name:
type: string
description: 'The common authentication scheme name; e.g., HTTP Basic.'
example: HTTP Basic
description:
type: string
description: A description of the authentication scheme.
example: Authentication Scheme using the Http Basic Standard.
specUri:
type: string
description: An HTTP addressable URL pointing to the Authentication Scheme's specification.
example: 'http://www.ietf.org/rfc/rfc2617.txt'
documentationUri:
type: string
description: An HTTP addressable URL pointing to the Authentication Scheme's usage documentation.
example: 'https://community.sailpoint.com/community/identityiq/product-downloads'
type:
type: string
description: The authentication scheme.
enum:
- oauth
- oauth2
- oauthbearertoken
- httpbasic
- httpdigest
example: oauthbearertoken
meta:
type: object
properties:
location:
type: string
description: URL to ServiceProviderConfig resource.
example: 'http://localhost:8080/identityiq/scim/v2/ServiceProviderConfig'
resourceType:
type: string
description: Resource type of the metadata subject.
example: ServiceProviderConfig
serviceProviderConfigGetResponse:
required:
- patch
- etag
- bulk
- filter
- changePassword
- sort
- authenticationSchemes
properties:
documentationUri:
description: An HTTP addressable URL pointing to the service provider's human consumable help documentation.
type: string
example: 'https://community.sailpoint.com/community/identityiq/product-downloads'
patch:
description: A complex type that specifies PATCH configuration options.
type: object
required:
- supported
properties:
supported:
type: boolean
description: Boolean value specifying whether the operation is supported.
example: false
etag:
description: A complex type that specifies ETAG configuration options.
type: object
required:
- supported
properties:
supported:
description: Boolean value specifying whether the operation is supported.
type: boolean
bulk:
description: A complex type that specifies ETAG configuration options.
type: object
required:
- supported
- maxOperations
- maxPayloadSize
properties:
supported:
description: Boolean value specifying whether the operation is supported.
type: boolean
example: false
maxOperations:
description: An integer value specifying the maximum number of operations.
type: integer
example: 3
maxPayloadSize:
description: An integer value specifying the maximum payload size in bytes.
type: integer
example: 128
filter:
description: A complex type that specifies FILTER options.
type: object
required:
- supported
- maxResults
properties:
supported:
description: Boolean value specifying whether the operation is supported.
type: boolean
example: true
maxResults:
description: Integer value specifying the maximum number of resources returned in a response.
type: integer
example: 10
changePassword:
description: A complex type that specifies change password options.
type: object
required:
- supported
properties:
supported:
description: Boolean value specifying whether the operation is supported.
type: boolean
example: false
sort:
description: A complex type that specifies sort result options.
type: object
required:
- supported
properties:
supported:
description: Boolean value specifying whether the operation is supported.
type: boolean
example: false
authenticationSchemes:
description: A complex type that specifies supported Authentication Scheme properties.
type: object
required:
- name
- description
- type
properties:
name:
description: 'The common authentication scheme name; e.g., HTTP Basic.'
type: string
example: HTTP Basic
description:
description: A description of the authentication scheme.
type: string
example: Authentication Scheme using the Http Basic Standard.
specUri:
description: An HTTP addressable URL pointing to the Authentication Scheme's specification.
type: string
example: 'http://www.ietf.org/rfc/rfc2617.txt'
documentationUri:
description: An HTTP addressable URL pointing to the Authentication Scheme's usage documentation.
type: string
example: 'https://community.sailpoint.com/community/identityiq/product-downloads'
type:
type: string
description: The authentication scheme.
enum:
- oauth
- oauth2
- oauthbearertoken
- httpbasic
- httpdigest
example: oauthbearertoken
meta:
type: object
properties:
location:
type: string
description: URL to ServiceProviderConfig resource.
example: 'http://localhost:8080/identityiq/scim/v2/ServiceProviderConfig'
resourceType:
type: string
description: Resource type of the metadata subject.
example: ServiceProviderConfig
SailPoint-TaskResult-Schema:
description: 'Attributes for schema: urn:ietf:params:scim:schemas:sailpoint:1.0:TaskResult'
type: object
properties:
id:
description: Unique identifier of the TaskResult.
type: string
example: c0a8019c7fe11678817fe18984351477
name:
type: string
description: Name of the TaskResult.
example: Aggregate Correlated Applications
type:
description: Type of the TaskResult.
type: string
example: Report
completionStatus:
type: string
description: Completion Status of the TaskResult.
enum:
- Success
- Warning
- Error
- Terminated
- TempError
example: Success
launcher:
type: string
description: Launcher of the TaskResult.
example: spadmin
host:
type: string
description: Host of the TaskResult.
example: chocobo-local-console
progress:
type: string
description: Progress of the TaskResult.
example: Completed 5 of 12 partitions.
targetClass:
type: string
description: Target Class of the TaskResult.
example: ManagedAttribute
targetName:
type: string
description: Target Name of the Task Result.
example: managedAttributeDemoPopulation
terminated:
type: boolean
description: Flag to indicate this TaskResult is terminated.
example: false
partitioned:
type: boolean
description: Flag to indicate this TaskResult is partitioned.
example: true
launched:
type: string
format: date-time
description: The launched DateTime of the TaskResult.
example: '2022-04-14T12:30:42.760-05:00'
completed:
type: string
format: date-time
description: The completed DateTime of the TaskResult.
example: '2022-04-14T12:31:16.688-05:00'
expiration:
type: string
format: date-time
description: The expiration DateTime of the TaskResult.
example: '2022-04-26T14:32:33.184-05:00'
verified:
type: string
format: date-time
description: The verification DateTime of the TaskResult.
example: '2022-04-26T14:32:40.966-05:00'
percentageComplete:
type: integer
description: The percentage completed of this TaskResult.
example: 30
pendingSignOffs:
type: integer
description: The number of pending signoffs of this TaskResult.
example: 2
taskDefinition:
type: string
description: Name of the TaskDefinition of the TaskResult.
example: Workflow Launcher
taskSchedule:
type: string
description: Name of the TaskSchedule of the TaskResult.
example: Check expired work items daily
Attributes:
type: object
description: A list of attributes of the TaskResult.
properties:
key:
type: string
description: The attribute key.
example: reminders
value:
type: string
description: The attribute value.
example: '0'
messages:
type: array
description: List of messages of the TaskResult.
items:
example:
- Connection error
signoff:
type: string
description: Signoff of the TaskResult.
example: Certification Sign-off
meta:
type: object
properties:
created:
description: DateTime when the TaskResult was created.
type: string
format: date-time
example: '2022-04-14T10:44:54.834-05:00'
location:
description: URL to the TaskResult.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/TaskResults/7f00000180281df7818028c03252162a'
lastModified:
description: DateTime of TaskResult last modification.
type: string
format: date-time
example: '2022-05-05T15:52:30.119-05:00'
version:
description: TaskResult version.
type: string
example: '"W"1649951094834"'
resourceType:
description: Resource type of the metadata subject.
type: string
example: TaskResult
taskResultGetResponse:
properties:
id:
description: Unique identifier of the TaskResult.
type: string
example: 7f00000180281df7818028c03252085c
name:
description: Name of the TaskResult.
type: string
example: Aggregate HR Authoritative
type:
description: Type of the TaskResult.
type: string
example: AccountAggregation
completionStatus:
type: string
description: Completion Status of the TaskResult.
enum:
- Success
- Warning
- Error
- Terminated
- TempError
example: Success
launcher:
description: Launcher of the TaskResult.
type: string
example: spadmin
host:
description: Host of the TaskResult.
type: string
example: centos-server.local
progress:
description: Progress of the TaskResult.
type: string
example: Launched 2 partitions.
targetClass:
description: Target Class of the TaskResult.
type: string
example: Permission
targetName:
description: Target Name of the Task Result.
type: string
example: PAM Credential Container
terminated:
description: Flag to indicate this TaskResult is terminated.
type: boolean
example: true
partitioned:
description: Flag to indicate this TaskResult is partitioned.
type: boolean
example: true
launched:
type: string
format: date-time
description: The launched DateTime of the TaskResult.
example: '2022-04-14T10:45:26.114-05:00'
completed:
type: string
format: date-time
description: The completed DateTime of the TaskResult.
example: '2022-04-14T10:45:26.098-05:00'
expiration:
type: string
format: date-time
description: The expiration DateTime of the TaskResult.
example: '2022-05-03T16:40:34.271-05:00'
verified:
type: string
format: date-time
description: The verification DateTime of the TaskResult.
example: '2022-05-03T16:40:34.271-05:00'
percentageComplete:
type: integer
description: The percentage completed of this TaskResult.
example: 55
pendingSignOffs:
description: The number of pending signoffs of this TaskResult.
type: integer
example: 2
taskDefinition:
type: string
description: Name of the TaskDefinition of the TaskResult.
example: Aggregate HR Authoritative
taskSchedule:
description: Name of the TaskSchedule of the TaskResult.
type: string
example: Perform maintenance
attributes:
description: A list of attributes of the TaskResult.
type: array
items:
properties:
key:
description: The attribute key.
type: string
example: total
value:
description: The attribute value.
type: string
example: '3'
messages:
description: List of messages of the TaskResult.
type: array
items:
example:
- 'Unathorized access to database in server: 192.100.1.25'
meta:
type: object
properties:
created:
description: DateTime when the TaskResult was created.
type: string
format: date-time
example: '2022-04-14T10:44:54.834-05:00'
location:
description: URL to the TaskResult.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/TaskResults/7f00000180281df7818028c03252085c'
lastModified:
description: DateTime of TaskResult last modification.
type: string
format: date-time
example: '2022-04-05T15:52:30.119-05:00'
version:
description: TaskResult version.
type: string
example: '"W"1649951094834"'
resourceType:
description: Resource type of the metadata subject.
type: string
example: TaskResult
schemas:
type: array
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:TaskResult'
taskResultByIdGetBody:
properties:
id:
description: Unique identifier of the TaskResult.
type: string
example: c0a8019c80761c398180856488d2051d
name:
description: Name of the TaskResult.
type: string
example: Aggregate Composite Application
type:
description: Type of the TaskResult.
type: string
example: AccountAggregation
completionStatus:
type: string
description: Completion Status of the TaskResult.
enum:
- Success
- Warning
- Error
- Terminated
- TempError
example: Success
launcher:
description: Launcher of the TaskResult.
type: string
example: james.smith
host:
description: Host of the TaskResult.
type: string
example: mandrake.testdomain.com
progress:
description: Progress of the TaskResult.
type: string
example: 3/5 tasks completed.
targetClass:
description: Target Class of the TaskResult.
type: string
example: Permission
targetName:
description: Target Name of the Task Result.
type: string
example: Adam.Kennedy
terminated:
description: Flag to indicate this TaskResult is terminated.
type: boolean
example: false
partitioned:
description: Flag to indicate this TaskResult is partitioned.
type: boolean
example: true
launched:
type: string
format: date-time
description: The launched DateTime of the TaskResult.
example: '2022-05-02T10:30:00.014-05:00'
completed:
type: string
format: date-time
description: The completed DateTime of the TaskResult.
example: '2022-05-02T10:30:00.035-05:00'
expiration:
type: string
format: date-time
description: The expiration DateTime of the TaskResult.
example: '2022-05-03T16:40:34.271-05:00'
verified:
type: string
format: date-time
description: The verification DateTime of the TaskResult.
example: '2022-05-03T16:40:34.271-05:00'
percentageComplete:
type: integer
description: The percentage completed of this TaskResult.
example: 30
pendingSignOffs:
description: The number of pending signoffs of this TaskResult.
type: integer
example: 0
taskDefinition:
type: string
description: Name of the TaskDefinition of the TaskResult.
example: Workflow Launcher
taskSchedule:
description: Name of the TaskSchedule of the TaskResult.
type: string
example: Perform Identity Request Maintenance
attributes:
description: A list of attributes of the TaskResult.
type: array
items:
properties:
key:
description: The attribute key.
type: string
example: inactiveWorkItemsForwarded
value:
description: The attribute value.
type: string
example: '0'
messages:
description: List of messages of the TaskResult.
type: array
items:
example:
- Partition 2 is pending.
meta:
type: object
properties:
created:
description: DateTime when the TaskResult was created.
type: string
format: date-time
example: '2022-05-02T10:30:00.018-05:00'
location:
description: URL to the TaskResult.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/TaskResults/c0a8019c80761c398180856488d2051d'
lastModified:
description: DateTime of TaskResult last modification.
type: string
format: date-time
example: '2022-05-02T10:30:00.036-05:00'
version:
description: TaskResult version.
type: string
example: W"1651505400036"
resourceType:
description: Resource type of the metadata subject.
type: string
example: TaskResult
schemas:
type: array
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:TaskResult'
userPostRequest:
properties:
userName:
description: Unique identifier for the User. Typically used to directly authenticate to the service provider. Each User MUST include a non-empty userName value. This identifier MUST be unique across the entire set of Users. This attribute cannot be changed.
type: string
example: Mock.User
name:
description: 'The components of the User’s real name. Providers may return just the full name as a single string in the formatted sub-attribute, or they MAY return just the individual component attributes using the other sub-attributes, or they MAY return both. If both variants are returned, they SHOULD be describing the same name, with the formatted name indicating how the component attributes should be combined.'
properties:
formatted:
description: 'The full name, including all middle names, titles, and suffixes as appropriate, formatted for display.'
type: string
example: 'Ms. Barbara J Jensen, III'
familyName:
description: 'The family name of the User, or Last Name in most Western languages'
type: string
example: Jensen
givenName:
description: 'The given name of the User, or First Name in most Western languages'
type: string
example: Barbara
displayName:
description: 'The name of the User, suitable for display to end-users. The name should be the full name of the User being described.'
type: string
example: Barbara Jensen
userType:
description: 'The type of the User, identifying the relationship between the organization and the User.'
type: string
example: employee
active:
description: A Boolean value indicating the User’s administrative status.
type: boolean
example: true
password:
description: The User's case-sensitive cleartext password. This attribute is intended to be used as a means to specify an initial password when creating a new User or to reset an existing User's password. This attribute will never be returned in a response.
type: string
emails:
description: 'Email addresses for the user. The value SHOULD be canonicalized by the Service Provider, e.g., bjensen@example.com instead of bjensen@EXAMPLE.COM. Canonical Type values of work, home, and other.'
type: array
items:
properties:
type:
description: 'Type of email address (work, home, other).'
type: string
example: work
value:
description: Canonicalized email address.
type: string
format: email
example: Barbara.Jensen@example.com
primary:
description: A Boolean value indicating the primary e-mail address. The primary attribute value 'true' MUST appear no more than once.
type: boolean
example: 'true'
'urn:ietf:params:scim:schemas:sailpoint:1.0:User':
properties:
capabilities:
description: Capabilities assigned to this User.
type: array
items:
type: string
example: '["SystemAdministrator"]'
administrator:
description: The Administrator of the RPA or Service Account. This attribute is only applicable if the User type is RPA/Bots or Service.
properties:
displayName:
description: The display name of the Administrator of RPA user or Service account.
type: string
example: Bob Smith
value:
description: The id of the SCIM resource representing the Administrator of RPA user or Service account.
type: string
example: c0a7777a7f74744d817e74fc12362c67O
$ref:
description: The URI of the SCIM resource representing the Administrator of RPA user or Service Account.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7777a7f74744d817e74fc12362c67'
softwareVersion:
description: The software version of the RPA/Bots.
type: string
example: '7.3'
empId:
description: Employee id associated with this User.
type: string
example: 1b2a3c
dn:
description: Distinguished name for this User.
type: string
example: 'cn=Bob Smith,ou=services'
region:
description: The region this User is assigned to.
type: string
example: Americas
regionOwner:
description: The User who owns the region that this resource (User) belongs to.
properties:
displayName:
description: Display name of the region owner.
type: string
example: Joe Smith
value:
description: The id of the region owner.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
$ref:
description: URI reference of the region owner resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0b4568a4fe7458c434ee77d1fbt156b'
location:
description: The location this User is assigned to.
type: string
example: Singapore
locationOwner:
description: The User who owns the location that this resource (User) belongs to.
type: object
properties:
displayName:
description: Display name of the location owner.
type: string
example: Bob Smith
value:
description: The id of the location owner.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
$ref:
description: URI reference to the location owner resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444'
Department:
description: Department this User is assigned to.
type: string
example: Regional Operations
costcenter:
description: Cost centers this User is associated with.
type: array
items:
type: string
example:
- CC01
- DD02
jobtitle:
description: Job title given to this User.
type: string
example: Internal Audit Manager
'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User':
description: Enterprise User Schema. Contains the manager of the User.
properties:
manager:
description: Manager of the user.
properties:
displayName:
description: Display name of the manager.
type: string
example: Bob Smith
value:
description: The id of the manager.
type: string
example: c7a7347a7fe71e69077ee75f5d1f1237
$ref:
description: Reference to the manager resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c7a7347a7fe71e69077ee75f5d1f1237'
required:
- userName
userResponse:
properties:
id:
description: IdentityIQ id of the User.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
userName:
description: Unique identifier for the User. Typically used to directly authenticate to the service provider. Each User MUST include a non-empty userName value. This identifier MUST be unique across the entire set of Users. Cannot be changed.
type: string
example: Mock.User
name:
description: 'The components of the User’s real name. Providers may return just the full name as a single string in the formatted sub-attribute, or they MAY return just the individual component attributes using the other sub-attributes, or they MAY return both. If both variants are returned, they SHOULD be describing the same name, with the formatted name indicating how the component attributes should be combined.'
properties:
formatted:
description: 'The full name, including all middle names, titles, and suffixes as appropriate, formatted for display.'
type: string
example: 'Ms. Barbara J Jensen, III'
familyName:
description: 'The family name of the User, or Last Name in most Western languages'
type: string
example: Jensen
givenName:
description: 'The given name of the User, or First Name in most Western languages'
type: string
example: Barbara
displayName:
description: 'The name of the User, suitable for display to end-users. The name should be the full name of the User being described.'
type: string
example: Barbara Jensen
userType:
description: 'The type of the User, identifying the relationship between the organization and the User.'
type: string
example: employee
active:
description: A Boolean value indicating the User’s administrative status.
type: boolean
example: true
emails:
description: 'Email addresses for the user. The value SHOULD be canonicalized by the Service Provider, e.g., bjensen@example.com instead of bjensen@EXAMPLE.COM. Canonical Type values of work, home, and other.'
type: array
items:
properties:
type:
description: 'Type of email address (work, home, other).'
type: string
example: work
value:
description: Canonicalized email address.
type: string
format: email
example: Barbara.Jensen@example.com
primary:
description: A Boolean value indicating the primary e-mail address. The primary attribute value 'true' MUST appear no more than once.
type: boolean
example: 'true'
'urn:ietf:params:scim:schemas:sailpoint:1.0:User':
description: Additional attributes of the User.
type: object
properties:
accounts:
description: Simple representation of the Account (or Link) ResourceType.
type: array
items:
properties:
displayName:
description: The display name of the Account.
type: string
example: Bob.Smith
value:
description: The id of the SCIM resource representing the Account.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
$ref:
description: The URI of the SCIM resource representing the Account.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Accounts/c0a7778b7ef71e79817ee74e6a1f0444'
entitlements:
description: Entitlements of the User. Returned in response only if requested using the 'attributes' query parameter.
type: array
items:
properties:
value:
description: The value of the Entitlement.
type: string
example: groupmbr
display:
description: The display name of the Entitlement.
type: string
example: HelpDesk
type:
description: 'The type of Entitlement (Entitlement, Permission, etc.).'
type: string
example: Permission
application:
description: The name of the Application this Entitlement applies to.
type: string
example: ADMockApp
accountName:
description: The account this Entitlement was sourced from.
type: string
example: 'CN=Barbara Jensen,OU=Taipei,OU=Asia-Pacific,DC=example,DC=com'
$ref:
description: The URI of the SCIM resource representing the Entitlement.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Entitlements/c0a7777a7f74744d817e74fc12362c67'
roles:
description: Roles of the User. Returned only if requested. Returned in response only if requested using the 'attributes' query parameter.
type: array
items:
properties:
value:
description: The value of the Role.
type: string
example: detectedRoles
display:
description: The display name of the Role.
type: string
example: User - IT
type:
description: 'The type of Role (IT, Business, etc.).'
type: string
example: it
acquired:
description: Indicates how this Role was acquired. Assigned or Detected.
type: string
example: Assigned
application:
description: The name of the Application where this Role came from.
type: string
example: Active_Directory
accountName:
description: The name of the Account this Role was sourced from.
type: string
example: 'CN=Barbara Jensen,OU=Taipei,OU=Asia-Pacific,DC=example,DC=com'
$ref:
description: The URI of the SCIM resource representing the Role.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Roles/c0a7777a7f74744d817e74fc12362c67'
capabilities:
description: Capabilities assigned to this User.
type: array
items:
type: string
example: '["SystemAdministrator"]'
riskScore:
description: Composite Risk Score of this User.
type: integer
example: 125
isManager:
description: A Boolean value that determines if this User is a manager.
type: boolean
example: false
administrator:
description: The Administrator of the RPA or Service Account. This attribute is only applicable if the User type is RPA/Bots or Service.
properties:
displayName:
description: The display name of the Administrator of RPA user or Service account.
type: string
example: Bob Smith
value:
description: The id of the SCIM resource representing the Administrator of RPA user or Service account.
type: string
example: c0a7777a7f74744d817e74fc12362c67O
$ref:
description: The URI of the SCIM resource representing the Administrator of RPA user or Service Account.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7777a7f74744d817e74fc12362c67'
softwareVersion:
description: The software version of the RPA/Bots.
type: string
example: '7.3'
empId:
description: Employee id associated with this User.
type: string
example: 1b2a3c
dn:
description: Distinguished name for this User.
type: string
example: 'cn=Bob Smith,ou=services'
region:
description: The region this User is assigned to.
type: string
example: Americas
regionOwner:
description: The User who owns the region that this resource (User) belongs to.
properties:
displayName:
description: Display name of the region owner.
type: string
example: Joe Smith
value:
description: The id of the region owner.
type: string
example: c0b4568a4fe7458c434ee77d1fbt156b
$ref:
description: URI reference of the region owner resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0b4568a4fe7458c434ee77d1fbt156b'
location:
description: The location this User is assigned to.
type: string
example: Singapore
locationOwner:
description: The User who owns the location that this resource (User) belongs to.
type: object
properties:
displayName:
description: Display name of the location owner.
type: string
example: Bob Smith
value:
description: The id of the location owner.
type: string
example: c0a7778b7ef71e79817ee74e6a1f0444
$ref:
description: URI reference to the location owner resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444'
Department:
description: Department this User is assigned to.
type: string
example: Regional Operations
costcenter:
description: Cost centers this User is associated with.
type: array
items:
type: string
example:
- CC01
- DD02
jobtitle:
description: Job title given to this User.
type: string
example: Internal Audit Manager
lastRefresh:
description: Datetime representation of the last refresh for this User.
type: string
format: date-time
'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User':
description: Enterprise User Schema. Contains the manager of the User.
properties:
manager:
description: Manager of the User.
properties:
displayName:
description: Display name of the User's manager.
type: string
example: Bob Smith
value:
description: The id of the SCIM resource representing the User’s manager.
type: string
example: c7a7347a7fe71e69077ee75f5d1f1237
$ref:
description: The URI of the SCIM resource representing the User’s manager.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c7a7347a7fe71e69077ee75f5d1f1237'
meta:
description: Metadata of the resource.
properties:
created:
description: Datetime this resource was created.
type: string
format: date-time
example: '2022-02-11T01:34:04.074-05:00'
location:
description: The location of the resource.
type: string
example: 'http://localhost:8080/iiq/scim/v2/Users/c0b4568a4fe7458c434ee77d1fbt156b'
lastModified:
description: Datetime the resource was last modified.
type: string
format: date-time
example: '2022-02-11T01:08:45.866-05:00'
version:
description: The version of the resource.
type: string
example: W"1644561244074"
resourceType:
description: The SCIM resource type.
type: string
example: User
schemas:
description: The schemas involved in the SCIM resource.
type: array
items:
type: string
example:
- 'urn:ietf:params:scim:schemas:sailpoint:1.0:User'
- 'urn:ietf:params:scim:schemas:core:2.0:User'
- 'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User'
SailPoint-Workflow-Schema:
description: 'Attributes for schema: urn:ietf:params:scim:schemas:sailpoint:1.0:Workflow'
type: object
required:
- name
properties:
id:
description: Unique identifier of the Workflow.
type: string
example: c0a8019c7fe11678817fe18984351477
name:
type: string
description: Name of the Workflow.
example: Aggregate Correlated Applications
description:
type: string
description: Description of the Workflow.
example: Subprocess to approve and provision immediately. This is used after splitting an ApprovalSet into individual items to run in parallel.
type:
type: string
description: Type of the Workflow.
enum:
- Batch Provisioning
- Scheduled Assignment
- Scheduled Role Activation
- Managed Attribute
- Identity Correlation
- Identity Event
- Identity Lifecycle
- Identity Update
- Identity Refresh
- LCM Identity
- LCM Provisioning
- LCM Registration
- Policy Violation
- Role Modeler
- Subprocess
- Password Intercept
- Alert
- Attribute Sync
example: LCM Identity
handler:
type: string
description: Handler of the Workflow.
example: sailpoint.api.StandardWorkflowHandler
meta:
type: object
properties:
created:
description: DateTime when the Workflow was created.
type: string
format: date-time
example: '2022-04-14T10:44:54.834-05:00'
location:
description: URL to the Workflow.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Workflows/7f00000180281df7818028c03252162a'
lastModified:
description: DateTime of Workflow last modification.
type: string
format: date-time
example: '2022-05-05T15:52:30.119-05:00'
version:
description: Workflow version.
type: string
example: '"W"1649951094834"'
resourceType:
description: Resource type of the metadata subject.
type: string
example: Workflow
workflowGetResponse:
required:
- name
properties:
id:
description: Unique identifier of the Workflow.
type: string
example: 7f00000180281df7818028bf977502f3
name:
description: Name of the Workflow.
type: string
example: Identity Request Approve Identity Changes
description:
description: Description of the Workflow.
type: string
example: |2
The subprocess that drives the Create and Update Identity workflows.
This is different then the Identity Request Approve subprocess because this
approval process produces a form with the approval so that
approvers can update values while approving.
This subprocess builds the form necessary for the editable approvals
and then assimilates that data entered back to the plan, which
can be returned from the subprocess.
type:
description: Type of the Workflow.
type: string
enum:
- Batch Provisioning
- Scheduled Assignment
- Scheduled Role Activation
- Managed Attribute
- Identity Correlation
- Identity Event
- Identity Lifecycle
- Identity Update
- Identity Refresh
- LCM Identity
- LCM Provisioning
- LCM Registration
- Policy Violation
- Role Modeler
- Subprocess
- Password Intercept
- Alert
- Attribute Sync
example: Subprocess
handler:
description: Handler of the Workflow.
type: string
example: sailpoint.api.StandardWorkflowHandler
meta:
type: object
properties:
created:
description: DateTime when the Workflow was created.
type: string
example: '2022-04-14T10:44:46.453-05:00'
location:
description: URL to the Workflow.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Workflows/7f00000180281df7818028bf977502f3'
lastModified:
description: DateTime of Workflow last modification.
type: string
example: '2022-05-05T15:52:30.119-05:00'
version:
description: Workflow version.
type: string
example: W"1649951086453"
resourceType:
description: Resource type of the metadata subject.
type: string
example: Workflow
workflowByIdGetBody:
required:
- name
properties:
id:
description: Unique identifier of the Workflow.
type: string
example: 7f00000180281df7818028be6a9c01a3
name:
description: Name of the Workflow.
type: string
example: Aggregate Correlated Applications
description:
description: Description of the Workflow.
type: string
example: Library for Steps.
type:
type: string
description: Type of the Workflow.
enum:
- Batch Provisioning
- Scheduled Assignment
- Scheduled Role Activation
- Managed Attribute
- Identity Correlation
- Identity Event
- Identity Lifecycle
- Identity Update
- Identity Refresh
- LCM Identity
- LCM Provisioning
- LCM Registration
- Policy Violation
- Role Modeler
- Subprocess
- Password Intercept
- Alert
- Attribute Sync
example: Step Library
handler:
description: Handler of the Workflow.
type: string
example: sailpoint.api.StandardWorkflowHandler
meta:
type: object
properties:
created:
description: DateTime when the Workflow was created.
type: string
format: date-time
example: '2022-04-14T10:43:29.436-05:00'
location:
description: URL to the Workflow.
type: string
example: 'http://localhost:8080/identityiq/scim/v2/Workflows/7f00000180281df7818028be6a9c01a3'
lastModified:
description: DateTime of Workflow last modification.
type: string
format: date-time
example: '2022-05-05T15:52:30.119-05:00'
version:
description: Workflow version.
type: string
example: '"W"1649951094834"'
resourceType:
description: Resource type of the metadata subject.
type: string
example: Workflow